Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/mech-gssapi.c @ 5859:dfdedb187b26 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
author Timo Sirainen <tss@iki.fi>
date Mon, 02 Jul 2007 21:19:25 +0300
parents c5401a8f4679
children 159929f53161
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /*
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2 * GSSAPI Module
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 *
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4 * Copyright (c) 2005 Jelmer Vernooij <jelmer@samba.org>
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 *
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6 * Related standards:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 * - draft-ietf-sasl-gssapi-03
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8 * - RFC2222
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 *
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 * Some parts inspired by an older patch from Colin Walters
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
11 *
4382
f8d37e26a2b3 Relicensed dovecot-auth to MIT.
Timo Sirainen <tss@iki.fi>
parents: 4004
diff changeset
12 * This software is released under the MIT license.
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 #include "common.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 #include "mech.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17 #include "passdb.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18 #include "str.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
19 #include "str-sanitize.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
20 #include "buffer.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
21 #include "hex-binary.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
22 #include "safe-memset.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
23
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
24 #ifdef HAVE_GSSAPI
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25
4862
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
26 #ifdef HAVE_GSSAPI_GSSAPI_H
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
27 # include <gssapi/gssapi.h>
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
28 #elif defined (HAVE_GSSAPI_H)
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
29 # include <gssapi.h>
bddfbc560857 Some systems have gssapi elsewhere than gssapi/gssapi.h. So check also plain
Timo Sirainen <tss@iki.fi>
parents: 4782
diff changeset
30 #endif
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
31
5859
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
32 #ifdef HAVE_GSSAPI_GSSAPI_EXT_H
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
33 # include <gssapi/gssapi_ext.h>
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
34 #endif
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
35
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
36 /* Non-zero flags defined in RFC 2222 */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
37 enum sasl_gssapi_qop {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38 SASL_GSSAPI_QOP_UNSPECIFIED = 0x00,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39 SASL_GSSAPI_QOP_AUTH_ONLY = 0x01,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
40 SASL_GSSAPI_QOP_AUTH_INT = 0x02,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
41 SASL_GSSAPI_QOP_AUTH_CONF = 0x04
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42 };
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
43
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44 struct gssapi_auth_request {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
45 struct auth_request auth_request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46 gss_ctx_id_t gss_ctx;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
47 gss_cred_id_t service_cred;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
48
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
49 enum {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
50 GSS_STATE_SEC_CONTEXT,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
51 GSS_STATE_WRAP,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
52 GSS_STATE_UNWRAP
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
53 } sasl_gssapi_state;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
54
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55 gss_name_t authn_name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
56 gss_name_t authz_name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
57
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
58 pool_t pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
59 };
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
60
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
61 static void auth_request_log_gss_error(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
62 OM_uint32 status_value, int status_type,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
63 const char *description)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
64 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
65 OM_uint32 message_context = 0;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
66 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
67 gss_buffer_desc status_string;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
68
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
69 do {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
70 major_status = gss_display_status(&minor_status, status_value,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
71 status_type, GSS_C_NO_OID,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
72 &message_context,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
73 &status_string);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
74
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
75 auth_request_log_error(request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
76 "While %s: %s", description,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
77 str_sanitize(status_string.value, (size_t)-1));
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
78
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
79 major_status = gss_release_buffer(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
80 &status_string);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
81 } while (message_context != 0);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
82 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
83
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
84 static struct auth_request *mech_gssapi_auth_new(void)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
85 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
86 struct gssapi_auth_request *request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
87 pool_t pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
88
3695
4f8598b0ca62 Use a bit larger initial pool sizes
Timo Sirainen <tss@iki.fi>
parents: 3683
diff changeset
89 pool = pool_alloconly_create("gssapi_auth_request", 1024);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
90 request = p_new(pool, struct gssapi_auth_request, 1);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
91 request->pool = pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
92
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
93 request->gss_ctx = GSS_C_NO_CONTEXT;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
95 request->auth_request.pool = pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
96 return &request->auth_request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
97 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
99 static OM_uint32 obtain_service_credentials(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
100 gss_cred_id_t *ret)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
101 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
102 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
103 string_t *principal_name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
104 gss_buffer_desc inbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
105 gss_name_t gss_principal;
4628
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
106 const char *service_name;
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
107
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
108 if (strcasecmp(request->service, "POP3") == 0) {
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
109 /* The standard POP3 service name with GSSAPI is called
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
110 just "pop". */
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
111 service_name = "pop";
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
112 } else {
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
113 service_name = t_str_lcase(request->service);
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
114 }
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116 principal_name = t_str_new(128);
4628
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
117 str_append(principal_name, service_name);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
118 str_append_c(principal_name, '@');
5439
c5401a8f4679 Added auth_gssapi_hostname setting.
Timo Sirainen <tss@iki.fi>
parents: 5259
diff changeset
119 str_append(principal_name, request->auth->gssapi_hostname);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
120
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121 auth_request_log_info(request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
122 "Obtaining credentials for %s", str_c(principal_name));
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
123
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
124 inbuf.length = str_len(principal_name);
4451
1a35d53c18fc Array API redesigned to work using unions. It now provides type safety
Timo Sirainen <tss@iki.fi>
parents: 4382
diff changeset
125 inbuf.value = str_c_modifiable(principal_name);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
126
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127 major_status = gss_import_name(&minor_status, &inbuf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
128 GSS_C_NT_HOSTBASED_SERVICE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
129 &gss_principal);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
130
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3766
diff changeset
131 str_free(&principal_name);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
132
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
133 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
134 auth_request_log_gss_error(request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
135 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
136 "importing principal name");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
137 return major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
138 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
139
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
140 major_status = gss_acquire_cred(&minor_status, gss_principal, 0,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
141 GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
142 ret, NULL, NULL);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
143
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
144 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
145 auth_request_log_gss_error(request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
146 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
147 "acquiring service credentials");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
148 auth_request_log_gss_error(request, minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
149 GSS_C_MECH_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
150 "acquiring service credentials");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
151 return major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
152 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
153
4004
10d1c3301b87 Crashfix. Patch by Mark Davies
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
154 gss_release_name(&minor_status, &gss_principal);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
155
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
156 return major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
157 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
158
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159 static gss_name_t
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
160 import_name(struct auth_request *request, void *str, size_t len)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
161 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
162 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
163 gss_buffer_desc name_buf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
164 gss_name_t name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
165
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
166 name_buf.value = str;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
167 name_buf.length = len;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
168 major_status = gss_import_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
169 &name_buf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
170 GSS_C_NO_OID,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
171 &name);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
172 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
173 auth_request_log_gss_error(request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
174 GSS_C_GSS_CODE, "gss_import_name");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
175 return GSS_C_NO_NAME;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
176 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
177
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
178 return name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
179 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
180
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
181 static void gssapi_sec_context(struct gssapi_auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
182 gss_buffer_desc inbuf)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
183 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
184 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
185 gss_buffer_desc outbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
186
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
187 major_status = gss_accept_sec_context (
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
188 &minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
189 &request->gss_ctx,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
190 request->service_cred,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
191 &inbuf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
192 GSS_C_NO_CHANNEL_BINDINGS,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
193 &request->authn_name,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
194 NULL, /* mech_type */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
195 &outbuf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
196 NULL, /* ret_flags */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
197 NULL, /* time_rec */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
198 NULL /* delegated_cred_handle */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
199 );
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
200
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
201 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
202 auth_request_log_gss_error(&request->auth_request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
203 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
204 "processing incoming data");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
205 auth_request_log_gss_error(&request->auth_request, minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
206 GSS_C_MECH_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
207 "processing incoming data");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
208
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
209 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
210 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
211 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
212
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
213 if (major_status == GSS_S_COMPLETE) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
214 request->sasl_gssapi_state = GSS_STATE_WRAP;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
215 auth_request_log_info(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
216 "security context state completed.");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
217 } else {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
218 auth_request_log_info(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
219 "Processed incoming packet correctly, "
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
220 "waiting for another.");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
221 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
222
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
223 request->auth_request.callback(&request->auth_request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
224 AUTH_CLIENT_RESULT_CONTINUE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
225 outbuf.value, outbuf.length);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
227 major_status = gss_release_buffer(&minor_status, &outbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
228 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
230 static void gssapi_wrap(struct gssapi_auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
231 gss_buffer_desc inbuf)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
232 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
233 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
234 gss_buffer_desc outbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
235 unsigned char ret[4];
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
236
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
237 /* The clients return data should be empty here */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
238
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
239 /* Only authentication, no integrity or confidentiality
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
240 protection (yet?) */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
241 ret[0] = (SASL_GSSAPI_QOP_UNSPECIFIED |
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
242 SASL_GSSAPI_QOP_AUTH_ONLY);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
243 ret[1] = 0xFF;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
244 ret[2] = 0xFF;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
245 ret[3] = 0xFF;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
246
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
247 inbuf.length = 4;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
248 inbuf.value = ret;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
249
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
250 major_status = gss_wrap(&minor_status, request->gss_ctx, 0,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
251 GSS_C_QOP_DEFAULT, &inbuf, NULL, &outbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
252
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
253 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254 auth_request_log_gss_error(&request->auth_request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
255 GSS_C_GSS_CODE, "sending security layer negotiation");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
256 auth_request_log_gss_error(&request->auth_request, minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
257 GSS_C_MECH_CODE, "sending security layer negotiation");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
258 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
259 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
260 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
261
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
262 auth_request_log_info(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
263 "Negotiated security layer");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
264
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
265 request->auth_request.callback(&request->auth_request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266 AUTH_CLIENT_RESULT_CONTINUE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
267 outbuf.value, outbuf.length);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
269 major_status = gss_release_buffer(&minor_status, &outbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 request->sasl_gssapi_state = GSS_STATE_UNWRAP;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
273
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
274 static void gssapi_unwrap(struct gssapi_auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
275 gss_buffer_desc inbuf)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
276 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
277 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
278 gss_buffer_desc outbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
279 int equal_authn_authz = 0;
5859
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
280 const char *name;
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
281
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
282 major_status = gss_unwrap(&minor_status, request->gss_ctx,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
283 &inbuf, &outbuf, NULL, NULL);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
284
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
285 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
286 auth_request_log_gss_error(&request->auth_request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
287 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
288 "final negotiation: gss_unwrap");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
289 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
290 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
291 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
292
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
293 if (outbuf.length <= 4) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
294 auth_request_log_error(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
295 "Invalid response length");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
296 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
298 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
299
5859
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
300 #ifdef HAVE___GSS_USEROK
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
301 /* Solaris __gss_userok() correctly handles cross-realm
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
302 authentication. */
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
303 request->auth_request.user =
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
304 p_strndup(request->auth_request.pool,
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
305 (unsigned char *)outbuf.value + 4,
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
306 outbuf.length - 4);
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
307
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
308 major_status = __gss_userok(&minor_status, request->authn_name,
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
309 request->auth_request.user,
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
310 &equal_authn_authz);
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
311 if (GSS_ERROR(major_status)) {
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
312 auth_request_log_gss_error(&request->auth_request, major_status,
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
313 GSS_C_GSS_CODE,
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
314 "__gss_userok failed");
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
315 auth_request_fail(&request->auth_request);
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
316 return;
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
317 }
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
318
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
319 if (equal_authn_authz == 0) {
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
320 auth_request_log_error(&request->auth_request, "gssapi",
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
321 "credentials not valid");
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
322
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
323 auth_request_fail(&request->auth_request);
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
324 return;
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
325 }
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
326 #else
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
327 request->authz_name = import_name(&request->auth_request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
328 (unsigned char *)outbuf.value + 4,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
329 outbuf.length - 4);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
330 if ((request->authn_name == GSS_C_NO_NAME) ||
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
331 (request->authz_name == GSS_C_NO_NAME)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
332 /* XXX (pod): is this check necessary? */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
333 auth_request_log_error(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
334 "one of authn_name or authz_name not determined");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
335 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
336 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
337 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
338 major_status = gss_compare_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
339 request->authn_name,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
340 request->authz_name,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
341 &equal_authn_authz);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
342 if (equal_authn_authz == 0) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
343 auth_request_log_error(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
344 "authn_name and authz_name differ: not supported");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
345 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
346 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
347 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
348
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
349 request->auth_request.user =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
350 p_strndup(request->auth_request.pool,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
351 (unsigned char *)outbuf.value + 4,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
352 outbuf.length - 4);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
353
5859
dfdedb187b26 If __gss_userok() exists, use it to verify username. Patch by Peter Eriksson.
Timo Sirainen <tss@iki.fi>
parents: 5439
diff changeset
354 #endif
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
355 auth_request_success(&request->auth_request, NULL, 0);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
356 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
357
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
358 static void
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
359 mech_gssapi_auth_continue(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
360 const unsigned char *data, size_t data_size)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
361 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
362 struct gssapi_auth_request *gssapi_request =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
363 (struct gssapi_auth_request *)request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
364 gss_buffer_desc inbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
365
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
366 inbuf.value = (void *)data;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
367 inbuf.length = data_size;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
368
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
369 switch (gssapi_request->sasl_gssapi_state) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
370 case GSS_STATE_SEC_CONTEXT:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
371 gssapi_sec_context(gssapi_request, inbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
372 break;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
373 case GSS_STATE_WRAP:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
374 gssapi_wrap(gssapi_request, inbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
375 break;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
376 case GSS_STATE_UNWRAP:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
377 gssapi_unwrap(gssapi_request, inbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
378 break;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
379 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
380 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
381
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
382 static void
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
383 mech_gssapi_auth_initial(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
384 const unsigned char *data, size_t data_size)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
385 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
386 OM_uint32 major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
387 struct gssapi_auth_request *gssapi_request =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
388 (struct gssapi_auth_request *)request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
389
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
390 major_status =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
391 obtain_service_credentials(request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
392 &gssapi_request->service_cred);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
393
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
394 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
395 auth_request_internal_failure(request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
396 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
397 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
398 gssapi_request->authn_name = GSS_C_NO_NAME;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
399 gssapi_request->authz_name = GSS_C_NO_NAME;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
400
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
401 gssapi_request->sasl_gssapi_state = GSS_STATE_SEC_CONTEXT;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
402
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
403 if (data_size == 0) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
404 /* The client should go first */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
405 request->callback(request, AUTH_CLIENT_RESULT_CONTINUE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
406 NULL, 0);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
407 } else {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
408 mech_gssapi_auth_continue(request, data, data_size);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
409 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
410 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
411
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
412
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
413 static void
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
414 mech_gssapi_auth_free(struct auth_request *request)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
415 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
416 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
417 struct gssapi_auth_request *gssapi_request =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
418 (struct gssapi_auth_request *)request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
419
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
420 major_status = gss_delete_sec_context(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
421 &gssapi_request->gss_ctx,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
422 GSS_C_NO_BUFFER);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
423
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
424 major_status = gss_release_cred(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
425 &gssapi_request->service_cred);
5259
228eacfb2647 Added more debug logging.
Timo Sirainen <tss@iki.fi>
parents: 4862
diff changeset
426 if (gssapi_request->authn_name != GSS_C_NO_NAME) {
228eacfb2647 Added more debug logging.
Timo Sirainen <tss@iki.fi>
parents: 4862
diff changeset
427 major_status = gss_release_name(&minor_status,
228eacfb2647 Added more debug logging.
Timo Sirainen <tss@iki.fi>
parents: 4862
diff changeset
428 &gssapi_request->authn_name);
228eacfb2647 Added more debug logging.
Timo Sirainen <tss@iki.fi>
parents: 4862
diff changeset
429 }
228eacfb2647 Added more debug logging.
Timo Sirainen <tss@iki.fi>
parents: 4862
diff changeset
430 if (gssapi_request->authz_name != GSS_C_NO_NAME) {
228eacfb2647 Added more debug logging.
Timo Sirainen <tss@iki.fi>
parents: 4862
diff changeset
431 major_status = gss_release_name(&minor_status,
228eacfb2647 Added more debug logging.
Timo Sirainen <tss@iki.fi>
parents: 4862
diff changeset
432 &gssapi_request->authz_name);
228eacfb2647 Added more debug logging.
Timo Sirainen <tss@iki.fi>
parents: 4862
diff changeset
433 }
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
434 pool_unref(request->pool);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
435 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
436
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
437 const struct mech_module mech_gssapi = {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
438 "GSSAPI",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
439
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
440 MEMBER(flags) 0,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
441
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
442 MEMBER(passdb_need_plain) FALSE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
443 MEMBER(passdb_need_credentials) FALSE,
4782
2c1cc5bbc260 Added auth_request_set_credentials() to modify credentials in passdb and
Timo Sirainen <tss@iki.fi>
parents: 4628
diff changeset
444 MEMBER(passdb_need_set_credentials) FALSE,
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
445
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
446 mech_gssapi_auth_new,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
447 mech_gssapi_auth_initial,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
448 mech_gssapi_auth_continue,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
449 mech_gssapi_auth_free
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
450 };
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
451
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
452 #endif