Mercurial > dovecot > original-hg > dovecot-1.2

annotate src/auth/mech-gssapi.c @ 4628:fc5ae043fdcc HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
POP3 service name is "pop" with GSSAPI.
author Timo Sirainen <tss@iki.fi>
date Fri, 22 Sep 2006 17:55:53 +0300
parents 1a35d53c18fc
children 2c1cc5bbc260
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
1 /*
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
2 * GSSAPI Module
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
3 *
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
4 * Copyright (c) 2005 Jelmer Vernooij <jelmer@samba.org>
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
5 *
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
6 * Related standards:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
7 * - draft-ietf-sasl-gssapi-03
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
8 * - RFC2222
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
9 *
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
10 * Some parts inspired by an older patch from Colin Walters
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
11 *
4382
f8d37e26a2b3 Relicensed dovecot-auth to MIT.
Timo Sirainen <tss@iki.fi>
parents: 4004
diff changeset
12 * This software is released under the MIT license.
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
13 */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
14
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
15 #include "common.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
16 #include "mech.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
17 #include "passdb.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
18 #include "str.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
19 #include "str-sanitize.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
20 #include "buffer.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
21 #include "hex-binary.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
22 #include "safe-memset.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
23 #include "hostpid.h"
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
24
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
25 #ifdef HAVE_GSSAPI
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
26
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
27 #include <gssapi/gssapi.h>
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
28
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
29 /* Non-zero flags defined in RFC 2222 */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
30 enum sasl_gssapi_qop {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
31 SASL_GSSAPI_QOP_UNSPECIFIED = 0x00,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
32 SASL_GSSAPI_QOP_AUTH_ONLY = 0x01,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
33 SASL_GSSAPI_QOP_AUTH_INT = 0x02,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
34 SASL_GSSAPI_QOP_AUTH_CONF = 0x04
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
35 };
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
36
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
37 struct gssapi_auth_request {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
38 struct auth_request auth_request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
39 gss_ctx_id_t gss_ctx;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
40 gss_cred_id_t service_cred;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
41
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
42 enum {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
43 GSS_STATE_SEC_CONTEXT,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
44 GSS_STATE_WRAP,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
45 GSS_STATE_UNWRAP
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
46 } sasl_gssapi_state;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
47
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
48 gss_name_t authn_name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
49 gss_name_t authz_name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
50
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
51 pool_t pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
52 };
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
53
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
54 static void auth_request_log_gss_error(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
55 OM_uint32 status_value, int status_type,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
56 const char *description)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
57 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
58 OM_uint32 message_context = 0;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
59 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
60 gss_buffer_desc status_string;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
61
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
62 do {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
63 major_status = gss_display_status(&minor_status, status_value,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
64 status_type, GSS_C_NO_OID,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
65 &message_context,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
66 &status_string);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
67
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
68 auth_request_log_error(request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
69 "While %s: %s", description,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
70 str_sanitize(status_string.value, (size_t)-1));
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
71
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
72 major_status = gss_release_buffer(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
73 &status_string);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
74 } while (message_context != 0);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
75 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
76
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
77 static struct auth_request *mech_gssapi_auth_new(void)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
78 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
79 struct gssapi_auth_request *request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
80 pool_t pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
81
3695
4f8598b0ca62 Use a bit larger initial pool sizes
Timo Sirainen <tss@iki.fi>
parents: 3683
diff changeset
82 pool = pool_alloconly_create("gssapi_auth_request", 1024);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
83 request = p_new(pool, struct gssapi_auth_request, 1);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
84 request->pool = pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
85
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
86 request->gss_ctx = GSS_C_NO_CONTEXT;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
87
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
88 request->auth_request.pool = pool;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
89 return &request->auth_request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
90 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
91
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
92 static OM_uint32 obtain_service_credentials(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
93 gss_cred_id_t *ret)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
94 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
95 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
96 string_t *principal_name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
97 gss_buffer_desc inbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
98 gss_name_t gss_principal;
4628
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
99 const char *service_name;
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
100
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
101 if (strcasecmp(request->service, "POP3") == 0) {
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
102 /* The standard POP3 service name with GSSAPI is called
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
103 just "pop". */
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
104 service_name = "pop";
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
105 } else {
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
106 service_name = t_str_lcase(request->service);
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
107 }
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
108
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
109 principal_name = t_str_new(128);
4628
fc5ae043fdcc POP3 service name is "pop" with GSSAPI.
Timo Sirainen <tss@iki.fi>
parents: 4451
diff changeset
110 str_append(principal_name, service_name);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
111 str_append_c(principal_name, '@');
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
112 str_append(principal_name, my_hostname);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
113
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
114 auth_request_log_info(request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
115 "Obtaining credentials for %s", str_c(principal_name));
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
116
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
117 inbuf.length = str_len(principal_name);
4451
1a35d53c18fc Array API redesigned to work using unions. It now provides type safety
Timo Sirainen <tss@iki.fi>
parents: 4382
diff changeset
118 inbuf.value = str_c_modifiable(principal_name);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
119
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
120 major_status = gss_import_name(&minor_status, &inbuf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
121 GSS_C_NT_HOSTBASED_SERVICE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
122 &gss_principal);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
123
3879
928229f8b3e6 deinit, unref, destroy, close, free, etc. functions now take a pointer to
Timo Sirainen <tss@iki.fi>
parents: 3766
diff changeset
124 str_free(&principal_name);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
125
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
126 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
127 auth_request_log_gss_error(request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
128 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
129 "importing principal name");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
130 return major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
131 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
132
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
133 major_status = gss_acquire_cred(&minor_status, gss_principal, 0,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
134 GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
135 ret, NULL, NULL);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
136
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
137 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
138 auth_request_log_gss_error(request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
139 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
140 "acquiring service credentials");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
141 auth_request_log_gss_error(request, minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
142 GSS_C_MECH_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
143 "acquiring service credentials");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
144 return major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
145 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
146
4004
10d1c3301b87 Crashfix. Patch by Mark Davies
Timo Sirainen <tss@iki.fi>
parents: 3879
diff changeset
147 gss_release_name(&minor_status, &gss_principal);
3683
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
148
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
149 return major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
150 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
151
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
152 static gss_name_t
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
153 import_name(struct auth_request *request, void *str, size_t len)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
154 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
155 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
156 gss_buffer_desc name_buf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
157 gss_name_t name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
158
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
159 name_buf.value = str;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
160 name_buf.length = len;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
161 major_status = gss_import_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
162 &name_buf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
163 GSS_C_NO_OID,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
164 &name);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
165 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
166 auth_request_log_gss_error(request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
167 GSS_C_GSS_CODE, "gss_import_name");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
168 return GSS_C_NO_NAME;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
169 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
170
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
171 return name;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
172 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
173
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
174 static void gssapi_sec_context(struct gssapi_auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
175 gss_buffer_desc inbuf)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
176 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
177 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
178 gss_buffer_desc outbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
179
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
180 major_status = gss_accept_sec_context (
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
181 &minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
182 &request->gss_ctx,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
183 request->service_cred,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
184 &inbuf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
185 GSS_C_NO_CHANNEL_BINDINGS,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
186 &request->authn_name,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
187 NULL, /* mech_type */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
188 &outbuf,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
189 NULL, /* ret_flags */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
190 NULL, /* time_rec */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
191 NULL /* delegated_cred_handle */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
192 );
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
193
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
194 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
195 auth_request_log_gss_error(&request->auth_request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
196 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
197 "processing incoming data");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
198 auth_request_log_gss_error(&request->auth_request, minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
199 GSS_C_MECH_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
200 "processing incoming data");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
201
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
202 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
203 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
204 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
205
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
206 if (major_status == GSS_S_COMPLETE) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
207 request->sasl_gssapi_state = GSS_STATE_WRAP;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
208 auth_request_log_info(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
209 "security context state completed.");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
210 } else {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
211 auth_request_log_info(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
212 "Processed incoming packet correctly, "
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
213 "waiting for another.");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
214 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
215
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
216 request->auth_request.callback(&request->auth_request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
217 AUTH_CLIENT_RESULT_CONTINUE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
218 outbuf.value, outbuf.length);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
219
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
220 major_status = gss_release_buffer(&minor_status, &outbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
221 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
222
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
223 static void gssapi_wrap(struct gssapi_auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
224 gss_buffer_desc inbuf)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
225 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
226 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
227 gss_buffer_desc outbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
228 unsigned char ret[4];
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
229
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
230 /* The clients return data should be empty here */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
231
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
232 /* Only authentication, no integrity or confidentiality
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
233 protection (yet?) */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
234 ret[0] = (SASL_GSSAPI_QOP_UNSPECIFIED |
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
235 SASL_GSSAPI_QOP_AUTH_ONLY);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
236 ret[1] = 0xFF;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
237 ret[2] = 0xFF;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
238 ret[3] = 0xFF;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
239
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
240 inbuf.length = 4;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
241 inbuf.value = ret;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
242
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
243 major_status = gss_wrap(&minor_status, request->gss_ctx, 0,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
244 GSS_C_QOP_DEFAULT, &inbuf, NULL, &outbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
245
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
246 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
247 auth_request_log_gss_error(&request->auth_request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
248 GSS_C_GSS_CODE, "sending security layer negotiation");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
249 auth_request_log_gss_error(&request->auth_request, minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
250 GSS_C_MECH_CODE, "sending security layer negotiation");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
251 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
252 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
253 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
254
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
255 auth_request_log_info(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
256 "Negotiated security layer");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
257
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
258 request->auth_request.callback(&request->auth_request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
259 AUTH_CLIENT_RESULT_CONTINUE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
260 outbuf.value, outbuf.length);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
261
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
262 major_status = gss_release_buffer(&minor_status, &outbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
263
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
264 request->sasl_gssapi_state = GSS_STATE_UNWRAP;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
265 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
266
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
267 static void gssapi_unwrap(struct gssapi_auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
268 gss_buffer_desc inbuf)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
269 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
270 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
271 gss_buffer_desc outbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
272 int equal_authn_authz = 0;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
273
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
274 major_status = gss_unwrap(&minor_status, request->gss_ctx,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
275 &inbuf, &outbuf, NULL, NULL);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
276
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
277 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
278 auth_request_log_gss_error(&request->auth_request, major_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
279 GSS_C_GSS_CODE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
280 "final negotiation: gss_unwrap");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
281 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
282 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
283 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
284
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
285 if (outbuf.length <= 4) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
286 auth_request_log_error(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
287 "Invalid response length");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
288 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
289 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
290 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
291
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
292 request->authz_name = import_name(&request->auth_request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
293 (unsigned char *)outbuf.value + 4,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
294 outbuf.length - 4);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
295 if ((request->authn_name == GSS_C_NO_NAME) ||
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
296 (request->authz_name == GSS_C_NO_NAME)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
297 /* XXX (pod): is this check necessary? */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
298 auth_request_log_error(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
299 "one of authn_name or authz_name not determined");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
300 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
301 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
302 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
303 major_status = gss_compare_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
304 request->authn_name,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
305 request->authz_name,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
306 &equal_authn_authz);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
307 if (equal_authn_authz == 0) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
308 auth_request_log_error(&request->auth_request, "gssapi",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
309 "authn_name and authz_name differ: not supported");
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
310 auth_request_fail(&request->auth_request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
311 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
312 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
313
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
314 request->auth_request.user =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
315 p_strndup(request->auth_request.pool,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
316 (unsigned char *)outbuf.value + 4,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
317 outbuf.length - 4);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
318
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
319 auth_request_success(&request->auth_request, NULL, 0);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
320 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
321
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
322 static void
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
323 mech_gssapi_auth_continue(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
324 const unsigned char *data, size_t data_size)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
325 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
326 struct gssapi_auth_request *gssapi_request =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
327 (struct gssapi_auth_request *)request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
328 gss_buffer_desc inbuf;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
329
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
330 inbuf.value = (void *)data;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
331 inbuf.length = data_size;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
332
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
333 switch (gssapi_request->sasl_gssapi_state) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
334 case GSS_STATE_SEC_CONTEXT:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
335 gssapi_sec_context(gssapi_request, inbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
336 break;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
337 case GSS_STATE_WRAP:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
338 gssapi_wrap(gssapi_request, inbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
339 break;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
340 case GSS_STATE_UNWRAP:
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
341 gssapi_unwrap(gssapi_request, inbuf);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
342 break;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
343 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
344 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
345
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
346 static void
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
347 mech_gssapi_auth_initial(struct auth_request *request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
348 const unsigned char *data, size_t data_size)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
349 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
350 OM_uint32 major_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
351 struct gssapi_auth_request *gssapi_request =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
352 (struct gssapi_auth_request *)request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
353
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
354 major_status =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
355 obtain_service_credentials(request,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
356 &gssapi_request->service_cred);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
357
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
358 if (GSS_ERROR(major_status)) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
359 auth_request_internal_failure(request);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
360 return;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
361 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
362 gssapi_request->authn_name = GSS_C_NO_NAME;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
363 gssapi_request->authz_name = GSS_C_NO_NAME;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
364
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
365 gssapi_request->sasl_gssapi_state = GSS_STATE_SEC_CONTEXT;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
366
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
367 if (data_size == 0) {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
368 /* The client should go first */
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
369 request->callback(request, AUTH_CLIENT_RESULT_CONTINUE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
370 NULL, 0);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
371 } else {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
372 mech_gssapi_auth_continue(request, data, data_size);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
373 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
374 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
375
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
376
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
377 static void
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
378 mech_gssapi_auth_free(struct auth_request *request)
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
379 {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
380 OM_uint32 major_status, minor_status;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
381 struct gssapi_auth_request *gssapi_request =
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
382 (struct gssapi_auth_request *)request;
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
383
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
384 major_status = gss_delete_sec_context(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
385 &gssapi_request->gss_ctx,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
386 GSS_C_NO_BUFFER);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
387
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
388 major_status = gss_release_cred(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
389 &gssapi_request->service_cred);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
390 major_status = gss_release_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
391 &gssapi_request->authn_name);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
392 major_status = gss_release_name(&minor_status,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
393 &gssapi_request->authz_name);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
394
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
395 pool_unref(request->pool);
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
396 }
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
397
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
398 const struct mech_module mech_gssapi = {
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
399 "GSSAPI",
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
400
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
401 MEMBER(flags) 0,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
402
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
403 MEMBER(passdb_need_plain) FALSE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
404 MEMBER(passdb_need_credentials) FALSE,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
405
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
406 mech_gssapi_auth_new,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
407 mech_gssapi_auth_initial,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
408 mech_gssapi_auth_continue,
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
409 mech_gssapi_auth_free
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
410 };
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
411
28cca6317829 Added GSSAPI support. Patch by Jelmer Vernooij and some fixes by
Timo Sirainen <tss@iki.fi>
parents:
diff changeset
412 #endif