Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/mech-gssapi.c @ 4862:bddfbc560857 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain gssapi.h. Based on patch by Chris Wakelin
author Timo Sirainen <tss@iki.fi>
date Sun, 03 Dec 2006 16:12:22 +0200
parents 2c1cc5bbc260
children 228eacfb2647
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /*
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2 * GSSAPI Module
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 *
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4 * Copyright (c) 2005 Jelmer Vernooij <jelmer@samba.org>
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 *
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6 * Related standards:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 * - draft-ietf-sasl-gssapi-03
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8 * - RFC2222
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 *
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 * Some parts inspired by an older patch from Colin Walters
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
11 *
4382
f8d37e26a2b3 Relicensed dovecot-auth to MIT.
Timo Sirainen <tss@iki.fi>
parents: 4004
diff changeset
12 * This software is released under the MIT license.
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 #include "common.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 #include "mech.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17 #include "passdb.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18 #include "str.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
19 #include "str-sanitize.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
20 #include "buffer.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
21 #include "hex-binary.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
22 #include "safe-memset.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
23 #include "hostpid.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
24
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25 #ifdef HAVE_GSSAPI
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
26
4862
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
27 #ifdef HAVE_GSSAPI_GSSAPI_H
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
28 # include <gssapi/gssapi.h>
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
29 #elif defined (HAVE_GSSAPI_H)
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
30 # include <gssapi.h>
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
31 #endif
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
32
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
33 /* Non-zero flags defined in RFC 2222 */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
34 enum sasl_gssapi_qop {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35 SASL_GSSAPI_QOP_UNSPECIFIED = 0x00,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
36 SASL_GSSAPI_QOP_AUTH_ONLY = 0x01,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
37 SASL_GSSAPI_QOP_AUTH_INT = 0x02,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38 SASL_GSSAPI_QOP_AUTH_CONF = 0x04
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39 };
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
40
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
41 struct gssapi_auth_request {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42 struct auth_request auth_request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
43 gss_ctx_id_t gss_ctx;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44 gss_cred_id_t service_cred;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
45
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46 enum {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
47 GSS_STATE_SEC_CONTEXT,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
48 GSS_STATE_WRAP,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
49 GSS_STATE_UNWRAP
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
50 } sasl_gssapi_state;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
51
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
52 gss_name_t authn_name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
53 gss_name_t authz_name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
54
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55 pool_t pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
56 };
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
57
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
58 static void auth_request_log_gss_error(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
59 OM_uint32 status_value, int status_type,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
60 const char *description)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
61 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
62 OM_uint32 message_context = 0;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
63 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
64 gss_buffer_desc status_string;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
65
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
66 do {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
67 major_status = gss_display_status(&minor_status, status_value,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
68 status_type, GSS_C_NO_OID,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
69 &message_context,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
70 &status_string);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
71
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
72 auth_request_log_error(request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
73 "While %s: %s", description,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
74 str_sanitize(status_string.value, (size_t)-1));
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
75
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
76 major_status = gss_release_buffer(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
77 &status_string);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
78 } while (message_context != 0);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
79 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
80
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
81 static struct auth_request *mech_gssapi_auth_new(void)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
82 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
83 struct gssapi_auth_request *request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
84 pool_t pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
85
3695
4f8598b0ca62 Use a bit larger initial pool sizes
Timo Sirainen <tss@iki.fi>
parents: 3683
diff changeset
86 pool = pool_alloconly_create("gssapi_auth_request", 1024);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
87 request = p_new(pool, struct gssapi_auth_request, 1);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
88 request->pool = pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
89
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
90 request->gss_ctx = GSS_C_NO_CONTEXT;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
91
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
92 request->auth_request.pool = pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
93 return &request->auth_request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
95
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
96 static OM_uint32 obtain_service_credentials(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
97 gss_cred_id_t *ret)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
99 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
100 string_t *principal_name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
101 gss_buffer_desc inbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
102 gss_name_t gss_principal;
4628
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
103 const char *service_name;
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
104
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
105 if (strcasecmp(request->service, "POP3") == 0) {
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
106 /* The standard POP3 service name with GSSAPI is called
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
107 just "pop". */
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
108 service_name = "pop";
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
109 } else {
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
110 service_name = t_str_lcase(request->service);
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
111 }
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
112
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113 principal_name = t_str_new(128);
4628
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
114 str_append(principal_name, service_name);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115 str_append_c(principal_name, '@');
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116 str_append(principal_name, my_hostname);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
117
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
118 auth_request_log_info(request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
119 "Obtaining credentials for %s", str_c(principal_name));
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
120
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121 inbuf.length = str_len(principal_name);
4451
1a35d53c18fc Array API redesigned to work using unions. It now provides type safety
Timo Sirainen <tss@iki.fi>
parents: 4382
diff changeset
122 inbuf.value = str_c_modifiable(principal_name);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
123
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
124 major_status = gss_import_name(&minor_status, &inbuf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
125 GSS_C_NT_HOSTBASED_SERVICE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
126 &gss_principal);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3766
diff changeset
128 str_free(&principal_name);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
129
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
130 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
131 auth_request_log_gss_error(request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
132 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
133 "importing principal name");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
134 return major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
135 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
136
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
137 major_status = gss_acquire_cred(&minor_status, gss_principal, 0,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
138 GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
139 ret, NULL, NULL);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
140
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
141 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
142 auth_request_log_gss_error(request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
143 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
144 "acquiring service credentials");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
145 auth_request_log_gss_error(request, minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
146 GSS_C_MECH_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
147 "acquiring service credentials");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
148 return major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
149 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
150
4004
10d1c3301b87 Crashfix. Patch by Mark Davies
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
151 gss_release_name(&minor_status, &gss_principal);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
152
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
153 return major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
154 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
155
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
156 static gss_name_t
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
157 import_name(struct auth_request *request, void *str, size_t len)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
158 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
160 gss_buffer_desc name_buf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
161 gss_name_t name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
162
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
163 name_buf.value = str;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
164 name_buf.length = len;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
165 major_status = gss_import_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
166 &name_buf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
167 GSS_C_NO_OID,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
168 &name);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
169 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
170 auth_request_log_gss_error(request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
171 GSS_C_GSS_CODE, "gss_import_name");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
172 return GSS_C_NO_NAME;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
173 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
174
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
175 return name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
176 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
177
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
178 static void gssapi_sec_context(struct gssapi_auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
179 gss_buffer_desc inbuf)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
180 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
181 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
182 gss_buffer_desc outbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
183
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
184 major_status = gss_accept_sec_context (
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
185 &minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
186 &request->gss_ctx,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
187 request->service_cred,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
188 &inbuf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
189 GSS_C_NO_CHANNEL_BINDINGS,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
190 &request->authn_name,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
191 NULL, /* mech_type */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
192 &outbuf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
193 NULL, /* ret_flags */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
194 NULL, /* time_rec */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
195 NULL /* delegated_cred_handle */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
196 );
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
197
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
198 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
199 auth_request_log_gss_error(&request->auth_request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
200 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
201 "processing incoming data");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
202 auth_request_log_gss_error(&request->auth_request, minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
203 GSS_C_MECH_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
204 "processing incoming data");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
205
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
206 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
207 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
208 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
209
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
210 if (major_status == GSS_S_COMPLETE) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
211 request->sasl_gssapi_state = GSS_STATE_WRAP;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
212 auth_request_log_info(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
213 "security context state completed.");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
214 } else {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
215 auth_request_log_info(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
216 "Processed incoming packet correctly, "
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
217 "waiting for another.");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
218 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
219
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
220 request->auth_request.callback(&request->auth_request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
221 AUTH_CLIENT_RESULT_CONTINUE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
222 outbuf.value, outbuf.length);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
223
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
224 major_status = gss_release_buffer(&minor_status, &outbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
225 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
227 static void gssapi_wrap(struct gssapi_auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
228 gss_buffer_desc inbuf)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
230 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
231 gss_buffer_desc outbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
232 unsigned char ret[4];
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
233
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
234 /* The clients return data should be empty here */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
235
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
236 /* Only authentication, no integrity or confidentiality
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
237 protection (yet?) */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
238 ret[0] = (SASL_GSSAPI_QOP_UNSPECIFIED |
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
239 SASL_GSSAPI_QOP_AUTH_ONLY);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
240 ret[1] = 0xFF;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
241 ret[2] = 0xFF;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
242 ret[3] = 0xFF;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
243
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
244 inbuf.length = 4;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
245 inbuf.value = ret;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
246
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
247 major_status = gss_wrap(&minor_status, request->gss_ctx, 0,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
248 GSS_C_QOP_DEFAULT, &inbuf, NULL, &outbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
249
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
250 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
251 auth_request_log_gss_error(&request->auth_request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
252 GSS_C_GSS_CODE, "sending security layer negotiation");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
253 auth_request_log_gss_error(&request->auth_request, minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254 GSS_C_MECH_CODE, "sending security layer negotiation");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
255 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
256 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
257 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
258
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
259 auth_request_log_info(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
260 "Negotiated security layer");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
261
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
262 request->auth_request.callback(&request->auth_request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
263 AUTH_CLIENT_RESULT_CONTINUE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
264 outbuf.value, outbuf.length);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
265
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266 major_status = gss_release_buffer(&minor_status, &outbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
267
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268 request->sasl_gssapi_state = GSS_STATE_UNWRAP;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
269 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 static void gssapi_unwrap(struct gssapi_auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272 gss_buffer_desc inbuf)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
273 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
274 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
275 gss_buffer_desc outbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
276 int equal_authn_authz = 0;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
277
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
278 major_status = gss_unwrap(&minor_status, request->gss_ctx,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
279 &inbuf, &outbuf, NULL, NULL);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
280
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
281 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
282 auth_request_log_gss_error(&request->auth_request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
283 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
284 "final negotiation: gss_unwrap");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
285 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
286 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
287 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
288
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
289 if (outbuf.length <= 4) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
290 auth_request_log_error(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
291 "Invalid response length");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
292 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
293 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
294 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
295
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
296 request->authz_name = import_name(&request->auth_request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297 (unsigned char *)outbuf.value + 4,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
298 outbuf.length - 4);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
299 if ((request->authn_name == GSS_C_NO_NAME) ||
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
300 (request->authz_name == GSS_C_NO_NAME)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
301 /* XXX (pod): is this check necessary? */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
302 auth_request_log_error(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
303 "one of authn_name or authz_name not determined");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
304 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
305 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
306 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
307 major_status = gss_compare_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
308 request->authn_name,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
309 request->authz_name,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
310 &equal_authn_authz);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
311 if (equal_authn_authz == 0) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
312 auth_request_log_error(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
313 "authn_name and authz_name differ: not supported");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
314 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
315 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
316 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
317
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
318 request->auth_request.user =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
319 p_strndup(request->auth_request.pool,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
320 (unsigned char *)outbuf.value + 4,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
321 outbuf.length - 4);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
322
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
323 auth_request_success(&request->auth_request, NULL, 0);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
324 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
325
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
326 static void
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
327 mech_gssapi_auth_continue(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
328 const unsigned char *data, size_t data_size)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
329 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
330 struct gssapi_auth_request *gssapi_request =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
331 (struct gssapi_auth_request *)request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
332 gss_buffer_desc inbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
333
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
334 inbuf.value = (void *)data;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
335 inbuf.length = data_size;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
336
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
337 switch (gssapi_request->sasl_gssapi_state) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
338 case GSS_STATE_SEC_CONTEXT:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
339 gssapi_sec_context(gssapi_request, inbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
340 break;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
341 case GSS_STATE_WRAP:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
342 gssapi_wrap(gssapi_request, inbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
343 break;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
344 case GSS_STATE_UNWRAP:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
345 gssapi_unwrap(gssapi_request, inbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
346 break;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
347 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
348 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
349
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
350 static void
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
351 mech_gssapi_auth_initial(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
352 const unsigned char *data, size_t data_size)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
353 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
354 OM_uint32 major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
355 struct gssapi_auth_request *gssapi_request =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
356 (struct gssapi_auth_request *)request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
357
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
358 major_status =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
359 obtain_service_credentials(request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
360 &gssapi_request->service_cred);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
361
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
362 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
363 auth_request_internal_failure(request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
364 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
365 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
366 gssapi_request->authn_name = GSS_C_NO_NAME;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
367 gssapi_request->authz_name = GSS_C_NO_NAME;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
368
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
369 gssapi_request->sasl_gssapi_state = GSS_STATE_SEC_CONTEXT;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
370
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
371 if (data_size == 0) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
372 /* The client should go first */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
373 request->callback(request, AUTH_CLIENT_RESULT_CONTINUE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
374 NULL, 0);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
375 } else {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
376 mech_gssapi_auth_continue(request, data, data_size);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
377 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
378 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
379
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
380
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
381 static void
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
382 mech_gssapi_auth_free(struct auth_request *request)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
383 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
384 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
385 struct gssapi_auth_request *gssapi_request =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
386 (struct gssapi_auth_request *)request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
387
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
388 major_status = gss_delete_sec_context(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
389 &gssapi_request->gss_ctx,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
390 GSS_C_NO_BUFFER);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
391
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
392 major_status = gss_release_cred(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
393 &gssapi_request->service_cred);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
394 major_status = gss_release_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
395 &gssapi_request->authn_name);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
396 major_status = gss_release_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
397 &gssapi_request->authz_name);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
398
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
399 pool_unref(request->pool);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
400 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
401
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
402 const struct mech_module mech_gssapi = {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
403 "GSSAPI",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
404
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
405 MEMBER(flags) 0,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
406
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
407 MEMBER(passdb_need_plain) FALSE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
408 MEMBER(passdb_need_credentials) FALSE,
4782
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4628
diff changeset
409 MEMBER(passdb_need_set_credentials) FALSE,
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
410
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
411 mech_gssapi_auth_new,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
412 mech_gssapi_auth_initial,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
413 mech_gssapi_auth_continue,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
414 mech_gssapi_auth_free
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
415 };
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
416
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
417 #endif