10a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* $NetBSD: gssapi.c,v 1.4 2006/09/09 16:22:09 manu Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* $KAME: gssapi.c,v 1.19 2001/04/03 15:51:55 thorpej Exp $ */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright 2000 Wasabi Systems, Inc. 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 80a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * This software was written by Frank van der Linden of Wasabi Systems 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * for Zembu Labs, Inc. http://www.zembu.com/ 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. The name of Wasabi Systems, Inc. may not be used to endorse 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * or promote products derived from this software without specific prior 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * written permission. 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * POSSIBILITY OF SUCH DAMAGE. 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "config.h" 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#ifdef HAVE_GSSAPI 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/queue.h> 430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/socket.h> 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <netdb.h> 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <unistd.h> 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <errno.h> 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "var.h" 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "misc.h" 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vmbuf.h" 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "plog.h" 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "sockmisc.h" 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "schedule.h" 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "debug.h" 580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "localconf.h" 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "remoteconf.h" 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp.h" 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "oakley.h" 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "handler.h" 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "ipsec_doi.h" 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "crypto_openssl.h" 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "pfkey.h" 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_ident.h" 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_inf.h" 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vendorid.h" 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "gcmalloc.h" 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "gssapi.h" 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic void 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_error(OM_uint32 status_code, const char *where, 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang const char *fmt, ...) 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang OM_uint32 message_context, maj_stat, min_stat; 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_desc status_string; 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang va_list ap; 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang va_start(ap, fmt); 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plogv(LLV_ERROR, where, NULL, fmt, ap); 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang va_end(ap); 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang message_context = 0; 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang do { 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_display_status(&min_stat, status_code, 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang GSS_C_MECH_CODE, GSS_C_NO_OID, &message_context, 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &status_string); 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "UNABLE TO GET GSSAPI ERROR CODE\n"); 960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang else { 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, where, NULL, 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "%s\n", (char *)status_string.value); 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_release_buffer(&min_stat, &status_string); 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } while (message_context != 0); 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * vmbufs and gss_buffer_descs are really just the same on NetBSD, but 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * this is to be portable. 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_vm2gssbuf(vchar_t *vmbuf, gss_buffer_t gsstoken) 1100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gsstoken->value = racoon_malloc(vmbuf->l); 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gsstoken->value == NULL) 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(gsstoken->value, vmbuf->v, vmbuf->l); 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gsstoken->length = vmbuf->l; 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 1190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_gss2vmbuf(gss_buffer_t gsstoken, vchar_t **vmbuf) 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang *vmbuf = vmalloc(gsstoken->length); 1260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (*vmbuf == NULL) 1270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 1280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy((*vmbuf)->v, gsstoken->value, gsstoken->length); 1290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (*vmbuf)->l = gsstoken->length; 1300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 1320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_get_default_gss_id(void) 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char name[NI_MAXHOST]; 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *gssid; 1390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gethostname(name, sizeof(name)) != 0) { 1410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "gethostname failed: %s\n", 1420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang strerror(errno)); 1430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return (NULL); 1440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang name[sizeof(name) - 1] = '\0'; 1460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssid = racoon_malloc(sizeof(*gssid)); 1480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssid->l = asprintf(&gssid->v, "%s/%s", GSSAPI_DEF_NAME, name); 1490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return (gssid); 1510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 1540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_get_default_name(struct ph1handle *iph1, int remote, gss_name_t *service) 1550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char name[NI_MAXHOST]; 1570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct sockaddr *sa; 1580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char* buf = NULL; 1590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_desc name_token; 1600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang OM_uint32 min_stat, maj_stat; 1610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang sa = remote ? iph1->remote : iph1->local; 1630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (getnameinfo(sa, sysdep_sa_len(sa), name, NI_MAXHOST, NULL, 0, 0) != 0) 1650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 1660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang name_token.length = asprintf(&buf, "%s@%s", GSSAPI_DEF_NAME, name); 1680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang name_token.value = buf; 1690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_import_name(&min_stat, &name_token, 1710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang GSS_C_NT_HOSTBASED_SERVICE, service); 1720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 1730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "import name\n"); 1740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, &name_token); 1750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 1760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release name_token"); 1770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 1780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, &name_token); 1800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 1810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release name_token"); 1820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 1840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 1850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangstatic int 1870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_init(struct ph1handle *iph1) 1880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 1890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 1900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_desc id_token, cred_token; 1910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_t cred = &cred_token; 1920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_name_t princ, canon_princ; 1930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang OM_uint32 maj_stat, min_stat; 1940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state)); 1960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gps == NULL) { 1970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n"); 1980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 1990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gss_context = GSS_C_NO_CONTEXT; 2010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gss_cred = GSS_C_NO_CREDENTIAL; 2020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_set_state(iph1, gps); 2040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->rmconf->proposal->gssid != NULL) { 2060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang id_token.length = iph1->rmconf->proposal->gssid->l; 2070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang id_token.value = iph1->rmconf->proposal->gssid->v; 2080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_import_name(&min_stat, &id_token, GSS_C_NO_OID, 2090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &princ); 2100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 2110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "import name\n"); 2120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_free_state(iph1); 2130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else 2160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_get_default_name(iph1, 0, &princ); 2170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_canonicalize_name(&min_stat, princ, GSS_C_NO_OID, 2190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &canon_princ); 2200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 2210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "canonicalize name\n"); 2220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &princ); 2230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 2240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release princ\n"); 2250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_free_state(iph1); 2260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &princ); 2290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 2300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release princ\n"); 2310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_export_name(&min_stat, canon_princ, cred); 2330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 2340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "export name\n"); 2350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &canon_princ); 2360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 2370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, 2380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "release canon_princ\n"); 2390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_free_state(iph1); 2400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 2440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 2450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * XXXJRT Did this debug message ever work? This is a GSS name 2460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * blob at this point. 2470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 2480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "will try to acquire '%.*s' creds\n", 2490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang cred->length, cred->value); 2500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 2510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, cred); 2530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 2540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release cred buffer\n"); 2550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_acquire_cred(&min_stat, canon_princ, GSS_C_INDEFINITE, 2570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang GSS_C_NO_OID_SET, GSS_C_BOTH, &gps->gss_cred, NULL, NULL); 2580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 2590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "acquire cred\n"); 2600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &canon_princ); 2610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 2620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, 2630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "release canon_princ\n"); 2640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_free_state(iph1); 2650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 2670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &canon_princ); 2680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 2690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release canon_princ\n"); 2700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 2720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 2730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 2750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_get_itoken(struct ph1handle *iph1, int *lenp) 2760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 2770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 2780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_desc empty, name_token; 2790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_t itoken, rtoken, dummy; 2800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang OM_uint32 maj_stat, min_stat; 2810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_name_t partner; 2820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_get_state(iph1) == NULL && gssapi_init(iph1) < 0) 2840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 2850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 2870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang empty.length = 0; 2890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang empty.value = NULL; 2900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang dummy = ∅ 2910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 2920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->approval != NULL && iph1->approval->gssid != NULL) { 2930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 2940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "using provided service '%.*s'\n", 2950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (int)iph1->approval->gssid->l, iph1->approval->gssid->v); 2960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang name_token.length = iph1->approval->gssid->l; 2970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang name_token.value = iph1->approval->gssid->v; 2980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_import_name(&min_stat, &name_token, 2990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang GSS_C_NO_OID, &partner); 3000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 3010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "import of %.*s\n", 3020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang name_token.length, name_token.value); 3030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } else 3060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_get_default_name(iph1, 1, &partner) < 0) 3070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rtoken = gps->gsscnt_p == 0 ? dummy : &gps->gss_p[gps->gsscnt_p - 1]; 3100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang itoken = &gps->gss[gps->gsscnt]; 3110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gss_status = gss_init_sec_context(&min_stat, gps->gss_cred, 3130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &gps->gss_context, partner, GSS_C_NO_OID, 3140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG | 3150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG, 3160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 0, GSS_C_NO_CHANNEL_BINDINGS, rtoken, NULL, 3170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang itoken, NULL, NULL); 3180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(gps->gss_status)) { 3200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "init_sec_context\n"); 3210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &partner); 3220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 3230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release name\n"); 3240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &partner); 3270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 3280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release name\n"); 3290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "gss_init_sec_context status %x\n", 3310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gss_status); 3320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (lenp) 3340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang *lenp = itoken->length; 3350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (itoken->length != 0) 3370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gsscnt++; 3380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 3400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 3430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Call gss_accept_context, with token just read from the wire. 3440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 3450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 3460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_get_rtoken(struct ph1handle *iph1, int *lenp) 3470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 3480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 3490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_desc name_token; 3500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_t itoken, rtoken; 3510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang OM_uint32 min_stat, maj_stat; 3520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_name_t client_name; 3530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_get_state(iph1) == NULL && gssapi_init(iph1) < 0) 3550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 3580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang rtoken = &gps->gss_p[gps->gsscnt_p - 1]; 3600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang itoken = &gps->gss[gps->gsscnt]; 3610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gss_status = gss_accept_sec_context(&min_stat, &gps->gss_context, 3630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gss_cred, rtoken, GSS_C_NO_CHANNEL_BINDINGS, &client_name, 3640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, itoken, NULL, NULL, NULL); 3650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(gps->gss_status)) { 3670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "accept_sec_context\n"); 3680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_display_name(&min_stat, client_name, &name_token, NULL); 3720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 3730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "gss_display_name\n"); 3740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &client_name); 3750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 3760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, 3770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "release client_name\n"); 3780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 3790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 3800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &client_name); 3810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 3820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release client_name\n"); 3830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 3850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gss_accept_sec_context: other side is %s\n", 3860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang (char *)name_token.value); 3870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, &name_token); 3880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 3890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release name buffer\n"); 3900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (itoken->length != 0) 3920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gsscnt++; 3930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (lenp) 3950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang *lenp = itoken->length; 3960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 3970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 3980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 3990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 4010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_save_received_token(struct ph1handle *iph1, vchar_t *token) 4020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 4040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_t gsstoken; 4050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int ret; 4060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_get_state(iph1) == NULL && gssapi_init(iph1) < 0) 4080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 4090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 4110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gsstoken = &gps->gss_p[gps->gsscnt_p]; 4130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ret = gssapi_vm2gssbuf(token, gsstoken); 4150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ret < 0) 4160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return ret; 4170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gsscnt_p++; 4180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 4200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 4230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_get_token_to_send(struct ph1handle *iph1, vchar_t **token) 4240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 4260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_t gsstoken; 4270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int ret; 4280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 4300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gps == NULL) { 4310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 4320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gssapi not yet initialized?\n"); 4330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 4340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gsstoken = &gps->gss[gps->gsscnt - 1]; 4360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang ret = gssapi_gss2vmbuf(gsstoken, token); 4370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (ret < 0) 4380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return ret; 4390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 4410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 4440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_get_itokens(struct ph1handle *iph1, vchar_t **tokens) 4450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 4470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int len, i; 4480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *toks; 4490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *p; 4500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 4520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gps == NULL) { 4530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 4540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gssapi not yet initialized?\n"); 4550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 4560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = len = 0; i < gps->gsscnt; i++) 4590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len += gps->gss[i].length; 4600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang toks = vmalloc(len); 4620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (toks == 0) 4630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 4640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p = (char *)toks->v; 4650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < gps->gsscnt; i++) { 4660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(p, gps->gss[i].value, gps->gss[i].length); 4670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += gps->gss[i].length; 4680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang *tokens = toks; 4710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, 4730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "%d itokens of length %zu\n", gps->gsscnt, (*tokens)->l); 4740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 4760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 4770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 4790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_get_rtokens(struct ph1handle *iph1, vchar_t **tokens) 4800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 4810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 4820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int len, i; 4830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *toks; 4840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *p; 4850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 4870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gps == NULL) { 4880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 4890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gssapi not yet initialized?\n"); 4900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 4910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_more_tokens(iph1)) { 4940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 4950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gssapi roundtrips not complete\n"); 4960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 4970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 4980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 4990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = len = 0; i < gps->gsscnt_p; i++) 5000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang len += gps->gss_p[i].length; 5010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang toks = vmalloc(len); 5030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (toks == 0) 5040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return -1; 5050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p = (char *)toks->v; 5060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang for (i = 0; i < gps->gsscnt_p; i++) { 5070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(p, gps->gss_p[i].value, gps->gss_p[i].length); 5080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang p += gps->gss_p[i].length; 5090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang *tokens = toks; 5120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return 0; 5140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 5170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_wraphash(struct ph1handle *iph1) 5180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 5200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang OM_uint32 maj_stat, min_stat; 5210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_desc hash_in_buf, hash_out_buf; 5220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_t hash_in = &hash_in_buf, hash_out = &hash_out_buf; 5230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *outbuf; 5240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 5260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gps == NULL) { 5270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gssapi not yet initialized?\n"); 5290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_more_tokens(iph1)) { 5330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gssapi roundtrips not complete\n"); 5350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_vm2gssbuf(iph1->hash, hash_in) < 0) { 5390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "vm2gssbuf failed\n"); 5400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_wrap(&min_stat, gps->gss_context, 1, GSS_C_QOP_DEFAULT, 5440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang hash_in, NULL, hash_out); 5450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 5460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "wrapping hash value\n"); 5470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, hash_in); 5480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 5490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, 5500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "release hash_in buffer\n"); 5510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "wrapped HASH, ilen %zu olen %zu\n", 5550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang hash_in->length, hash_out->length); 5560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, hash_in); 5580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 5590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release hash_in buffer\n"); 5600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_gss2vmbuf(hash_out, &outbuf) < 0) { 5620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "gss2vmbuf failed\n"); 5630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, hash_out); 5640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 5650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, 5660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "release hash_out buffer\n"); 5670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, hash_out); 5700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 5710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release hash_out buffer\n"); 5720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return outbuf; 5740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 5750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 5770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_unwraphash(struct ph1handle *iph1) 5780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 5790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 5800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang OM_uint32 maj_stat, min_stat; 5810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_desc hashbuf, hash_outbuf; 5820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_t hash_in = &hashbuf, hash_out = &hash_outbuf; 5830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *outbuf; 5840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 5860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gps == NULL) { 5870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 5880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "gssapi not yet initialized?\n"); 5890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 5900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 5910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang hashbuf.length = ntohs(iph1->pl_hash->h.len) - sizeof(*iph1->pl_hash); 5940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang hashbuf.value = (char *)(iph1->pl_hash + 1); 5950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "unwrapping HASH of len %zu\n", 5970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang hashbuf.length); 5980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 5990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_unwrap(&min_stat, gps->gss_context, hash_in, hash_out, 6000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang NULL, NULL); 6010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 6020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "unwrapping hash value\n"); 6030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 6040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_gss2vmbuf(hash_out, &outbuf) < 0) { 6070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "gss2vmbuf failed\n"); 6080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, hash_out); 6090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 6100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, 6110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "release hash_out buffer\n"); 6120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 6130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, hash_out); 6150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 6160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release hash_out buffer\n"); 6170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return outbuf; 6190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 6220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_set_id_sent(struct ph1handle *iph1) 6230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 6250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 6270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gss_flags |= GSSFLAG_ID_SENT; 6290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 6320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_id_sent(struct ph1handle *iph1) 6330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 6350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 6370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return (gps->gss_flags & GSSFLAG_ID_SENT) != 0; 6390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 6420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_set_id_rcvd(struct ph1handle *iph1) 6430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 6450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 6470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps->gss_flags |= GSSFLAG_ID_RCVD; 6490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint 6520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_id_rcvd(struct ph1handle *iph1) 6530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 6550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 6570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6580a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return (gps->gss_flags & GSSFLAG_ID_RCVD) != 0; 6590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvoid 6620a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_free_state(struct ph1handle *iph1) 6630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct gssapi_ph1_state *gps; 6650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang OM_uint32 maj_stat, min_stat; 6660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gps = gssapi_get_state(iph1); 6680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gps == NULL) 6700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return; 6710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_set_state(iph1, NULL); 6730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gps->gss_cred != GSS_C_NO_CREDENTIAL) { 6750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_cred(&min_stat, &gps->gss_cred); 6760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 6770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, 6780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "releasing credentials\n"); 6790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 6800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang racoon_free(gps); 6810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 6820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangvchar_t * 6840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wanggssapi_get_id(struct ph1handle *iph1) 6850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 6860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_desc id_buffer; 6870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_buffer_t id = &id_buffer; 6880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gss_name_t defname, canon_name; 6890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang OM_uint32 min_stat, maj_stat; 6900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *vmbuf; 6910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (iph1->rmconf->proposal->gssid != NULL) 6930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return (vdup(iph1->rmconf->proposal->gssid)); 6940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_get_default_name(iph1, 0, &defname) < 0) 6960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 6970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 6980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_canonicalize_name(&min_stat, defname, GSS_C_NO_OID, 6990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang &canon_name); 7000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 7010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "canonicalize name\n"); 7020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &defname); 7030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 7040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, 7050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "release default name\n"); 7060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 7070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &defname); 7090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 7100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release default name\n"); 7110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_export_name(&min_stat, canon_name, id); 7130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) { 7140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "export name\n"); 7150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &canon_name); 7160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 7170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, 7180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "release canonical name\n"); 7190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 7200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_name(&min_stat, &canon_name); 7220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 7230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release canonical name\n"); 7240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#if 0 7260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* 7270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * XXXJRT Did this debug message ever work? This is a GSS name 7280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * blob at this point. 7290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 7300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "will try to acquire '%.*s' creds\n", 7310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang id->length, id->value); 7320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 7330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (gssapi_gss2vmbuf(id, &vmbuf) < 0) { 7350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, "gss2vmbuf failed\n"); 7360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, id); 7370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 7380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release id buffer\n"); 7390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 7400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 7410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang maj_stat = gss_release_buffer(&min_stat, id); 7420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (GSS_ERROR(maj_stat)) 7430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang gssapi_error(min_stat, LOCATION, "release id buffer\n"); 7440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 7450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return vmbuf; 7460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 7470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#else 7480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangint __gssapi_dUmMy; 7490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#endif 750