Print this page
first pass
Split |
Close |
Expand all |
Collapse all |
--- old/usr/src/lib/gss_mechs/mech_dummy/mech/dmech.c
+++ new/usr/src/lib/gss_mechs/mech_dummy/mech/dmech.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 #pragma ident "%Z%%M% %I% %E% SMI"
22 22
↓ open down ↓ |
22 lines elided |
↑ open up ↑ |
23 23 /*
24 24 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
25 25 * Use is subject to license terms.
26 26 *
27 27 * A module that implements a dummy security mechanism.
28 28 * It's mainly used to test GSS-API application. Multiple tokens
29 29 * exchanged during security context establishment can be
30 30 * specified through dummy_mech.conf located in /etc.
31 31 *
32 32 */
33 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
34 33 #ifndef lint
35 34 #define dummy_gss_accept_sec_context \
36 35 dummy_867227349
37 36 #define dummy_gss_acquire_cred \
38 37 dummy_352458907
39 38 #define dummy_gss_add_cred \
40 39 dummy_911432290
41 40 #define dummy_gss_compare_name \
42 41 dummy_396663848
43 42 #define dummy_gss_context_time \
44 43 dummy_955669998
45 44 #define dummy_gss_delete_sec_context \
46 45 dummy_440868788
47 46 #define dummy_gss_display_name \
48 47 dummy_999874939
49 48 #define dummy_gss_display_status \
50 49 dummy_485073729
51 50 #define dummy_gss_export_sec_context \
52 51 dummy_1044079879
53 52 #define dummy_gss_import_name \
54 53 dummy_529311438
55 54 #define dummy_gss_import_sec_context \
56 55 dummy_14542996
57 56 #define dummy_gss_indicate_mechs \
58 57 dummy_573516378
59 58 #define dummy_gss_init_sec_context \
60 59 dummy_58780705
61 60 #define dummy_gss_inquire_context \
62 61 dummy_617721319
63 62 #define dummy_gss_inquire_cred \
64 63 dummy_102985645
65 64 #define dummy_gss_inquire_cred_by_mech \
66 65 dummy_661926260
67 66 #define dummy_gss_inquire_names_for_mech \
68 67 dummy_147190586
69 68 #define dummy_gss_internal_release_oid \
70 69 dummy_706163968
71 70 #define dummy_gss_process_context_token \
72 71 dummy_191395526
73 72 #define dummy_gss_release_cred \
74 73 dummy_750368909
75 74 #define dummy_gss_release_name \
76 75 dummy_235600467
77 76 #define dummy_gss_seal \
78 77 dummy_794573849
79 78 #define dummy_gss_sign \
↓ open down ↓ |
36 lines elided |
↑ open up ↑ |
80 79 dummy_279838176
81 80 #define dummy_gss_unseal \
82 81 dummy_838778790
83 82 #define dummy_gss_verify \
84 83 dummy_324010348
85 84 #define dummy_gss_wrap_size_limit \
86 85 dummy_882983731
87 86 #define dummy_pname_to_uid \
88 87 dummy_345475423
89 88 #endif
90 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
91 89
92 90 #include <stdio.h>
93 91 #include <stdlib.h>
94 92 #include <gssapiP_dummy.h>
95 93 #include <mechglueP.h>
96 94 #include <gssapi_err_generic.h>
97 95
98 96 #define dummy_context_name_len 19
99 97 /* private routines for dummy_mechanism */
100 98 static dummy_token_t make_dummy_token(char *name);
101 99 static void free_dummy_token(dummy_token_t *token);
102 100 static gss_buffer_desc make_dummy_token_buffer(char *name);
103 101 static gss_buffer_desc make_dummy_token_msg(void *data, int datalen);
104 102 static int der_length_size(int length);
105 103 static void der_write_length(unsigned char ** buf, int length);
106 104 static int der_read_length(unsigned char **buf, int *bufsize);
107 105 static int g_token_size(gss_OID mech, unsigned int body_size);
108 106 static void g_make_token_header(gss_OID mech, int body_size,
109 107 unsigned char **buf, int tok_type);
110 108 static int g_verify_token_header(gss_OID mech, int *body_size,
111 109 unsigned char **buf_in, int tok_type,
112 110 int toksize);
113 111
114 112
115 113 /* private global variables */
116 114 static char dummy_srcname[] = "dummy source";
117 115 static OM_uint32 dummy_flags;
118 116 static int token_nums;
119 117
120 118 /*
121 119 * The Mech OID:
↓ open down ↓ |
21 lines elided |
↑ open up ↑ |
122 120 * { iso(1) org(3) internet(6) dod(1) private(4) enterprises(1) sun(42)
123 121 * products(2) gssapi(26) mechtypes(1) dummy(2) }
124 122 */
125 123 static struct gss_config dummy_mechanism =
126 124 {{10, "\053\006\001\004\001\052\002\032\001\002"},
127 125 NULL,
128 126 dummy_gss_acquire_cred,
129 127 dummy_gss_release_cred,
130 128 dummy_gss_init_sec_context,
131 129 dummy_gss_accept_sec_context,
132 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
133 130 dummy_gss_unseal,
134 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
135 131 dummy_gss_process_context_token,
136 132 dummy_gss_delete_sec_context,
137 133 dummy_gss_context_time,
138 134 dummy_gss_display_status,
139 135 dummy_gss_indicate_mechs,
140 136 dummy_gss_compare_name,
141 137 dummy_gss_display_name,
142 138 dummy_gss_import_name,
143 139 dummy_gss_release_name,
144 140 dummy_gss_inquire_cred,
145 141 dummy_gss_add_cred,
146 -/* EXPORT DELETE START */ /* CRYPT DELETE START */
147 142 dummy_gss_seal,
148 -/* EXPORT DELETE END */ /* CRYPT DELETE END */
149 143 dummy_gss_export_sec_context,
150 144 dummy_gss_import_sec_context,
151 145 dummy_gss_inquire_cred_by_mech,
152 146 dummy_gss_inquire_names_for_mech,
153 147 dummy_gss_inquire_context,
154 148 dummy_gss_internal_release_oid,
155 149 dummy_gss_wrap_size_limit,
156 150 dummy_pname_to_uid,
157 151 NULL, /* __gss_userok */
158 152 NULL, /* _export name */
159 -/* EXPORT DELETE START */
160 -/* CRYPT DELETE START */
161 -#if 0
162 -/* CRYPT DELETE END */
163 - dummy_gss_seal,
164 - dummy_gss_unseal,
165 -/* CRYPT DELETE START */
166 -#endif
167 -/* CRYPT DELETE END */
168 -/* EXPORT DELETE END */
169 153 dummy_gss_sign,
170 154 dummy_gss_verify,
171 155 NULL, /* _store_cred */
172 156 };
173 157
174 158 gss_mechanism
175 159 gss_mech_initialize(oid)
176 160 const gss_OID oid;
177 161 {
178 162 FILE *fp;
179 163
180 164 dprintf("Entering gss_mech_initialize\n");
181 165
182 166 if (oid == NULL ||
183 167 !g_OID_equal(oid, &dummy_mechanism.mech_type)) {
184 168 fprintf(stderr, "invalid dummy mechanism oid.\n");
185 169 return (NULL);
186 170 }
187 171
188 172 fp = fopen("/etc/dummy_mech_token.conf", "rF");
189 173 if (fp == NULL) {
190 174 fprintf(stderr, "dummy_mech.conf is not found.\n");
191 175 fprintf(stderr, "Setting number tokens exchanged to 1\n");
192 176 token_nums = 1;
193 177 } else {
194 178 fscanf(fp, "%d", &token_nums);
195 179 fclose(fp);
196 180 dprintf("dummy_mech.conf is found.\n");
197 181 dprintf1("Setting number tokens exchanged to %d\n", token_nums);
198 182 }
199 183
200 184 if (token_nums == 1)
201 185 dummy_flags = GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG;
202 186 else
203 187 dummy_flags = GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG
204 188 | GSS_C_MUTUAL_FLAG;
205 189
206 190 dprintf("Leaving gss_mech_initialize\n");
207 191 return (&dummy_mechanism);
208 192 }
209 193
210 194 /*ARGSUSED*/
211 195 OM_uint32
212 196 dummy_gss_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs,
213 197 cred_usage, output_cred_handle,
214 198 actual_mechs, time_rec)
215 199 void *ctx;
216 200 OM_uint32 *minor_status;
217 201 gss_name_t desired_name;
218 202 OM_uint32 time_req;
219 203 gss_OID_set desired_mechs;
220 204 gss_cred_usage_t cred_usage;
221 205 gss_cred_id_t *output_cred_handle;
222 206 gss_OID_set *actual_mechs;
223 207 OM_uint32 *time_rec;
224 208 {
225 209 dprintf("Entering dummy_gss_acquire_cred\n");
226 210
227 211 if (actual_mechs)
228 212 *actual_mechs = NULL;
229 213 if (time_rec)
230 214 *time_rec = 0;
231 215
232 216 *output_cred_handle = (gss_cred_id_t)
233 217 make_dummy_token("dummy_gss_acquire_cred");
234 218 if (time_rec) /* user may pass a null pointer */
235 219 *time_rec = GSS_C_INDEFINITE;
236 220 if (actual_mechs) {
237 221 if (gss_copy_oid_set(minor_status, gss_mech_set_dummy,
238 222 actual_mechs) == GSS_S_FAILURE) {
239 223 return (GSS_S_FAILURE);
240 224 }
241 225 }
242 226
243 227 dprintf("Leaving dummy_gss_acquire_cred\n");
244 228 return (GSS_S_COMPLETE);
245 229 }
246 230
247 231 /*ARGSUSED*/
248 232 OM_uint32
249 233 dummy_gss_release_cred(ctx, minor_status, cred_handle)
250 234 void *ctx;
251 235 OM_uint32 *minor_status;
252 236 gss_cred_id_t *cred_handle;
253 237 {
254 238 dprintf("Entering dummy_gss_release_cred\n");
255 239
256 240 free_dummy_token((dummy_token_t *)(cred_handle));
257 241 *cred_handle = NULL;
258 242
259 243 dprintf("Leaving dummy_gss_release_cred\n");
260 244 return (GSS_S_COMPLETE);
261 245 }
262 246
263 247 /*ARGSUSED*/
264 248 OM_uint32
265 249 dummy_gss_init_sec_context(ct, minor_status, claimant_cred_handle,
266 250 context_handle, target_name, mech_type,
267 251 req_flags, time_req, input_chan_bindings,
268 252 input_token, actual_mech_type, output_token,
269 253 ret_flags, time_rec)
270 254 void *ct;
271 255 OM_uint32 *minor_status;
272 256 gss_cred_id_t claimant_cred_handle;
273 257 gss_ctx_id_t *context_handle;
274 258 gss_name_t target_name;
275 259 gss_OID mech_type;
276 260 OM_uint32 req_flags;
277 261 OM_uint32 time_req;
278 262 gss_channel_bindings_t input_chan_bindings;
279 263 gss_buffer_t input_token;
280 264 gss_OID *actual_mech_type;
281 265 gss_buffer_t output_token;
282 266 OM_uint32 *ret_flags;
283 267 OM_uint32 *time_rec;
284 268 {
285 269 dummy_gss_ctx_id_t ctx;
286 270 char token_string[64];
287 271 OM_uint32 ret;
288 272 OM_uint32 aret;
289 273 int send_token = 0;
290 274
291 275 dprintf("Entering init_sec_context\n");
292 276
293 277 output_token->length = 0;
294 278 output_token->value = NULL;
295 279 if (actual_mech_type)
296 280 *actual_mech_type = NULL;
297 281
298 282 if (*context_handle == GSS_C_NO_CONTEXT) {
299 283
300 284 if (input_token != NULL && input_token->value != NULL)
301 285 return (GSS_S_FAILURE);
302 286
303 287 ctx = (dummy_gss_ctx_id_t)malloc(sizeof (dummy_gss_ctx_id_rec));
304 288 ctx->established = 0;
305 289 ctx->last_stat = 0xffffffff;
306 290 *context_handle = (gss_ctx_id_t)ctx;
307 291 /*
308 292 * Initiator interpretation of config file. If 2 or more
309 293 * the client returns CONTINUE_NNED on the first call.
310 294 */
311 295 if (token_nums >= 2) {
312 296 ret = GSS_S_CONTINUE_NEEDED;
313 297 } else {
314 298 ret = GSS_S_COMPLETE;
315 299 }
316 300 send_token = 1;
317 301 } else {
318 302 unsigned char *ptr;
319 303 int bodysize;
320 304 int err;
321 305
322 306 if (input_token == NULL || input_token->value == NULL) {
323 307 ctx->last_stat = GSS_S_FAILURE;
324 308 return (GSS_S_FAILURE);
325 309 }
326 310
327 311 ctx = (dummy_gss_ctx_id_t)(*context_handle);
328 312
329 313
330 314 ptr = (unsigned char *) input_token->value;
331 315 if (err = g_verify_token_header((gss_OID)gss_mech_dummy,
332 316 &bodysize, &ptr, 0, input_token->length)) {
333 317
334 318 *minor_status = err;
335 319 ctx->last_stat = GSS_S_DEFECTIVE_TOKEN;
336 320 return (GSS_S_DEFECTIVE_TOKEN);
337 321 }
338 322
339 323 if (sscanf((char *)ptr, "%d", &aret) < 1) {
340 324 *minor_status = 1;
341 325 ctx->last_stat = GSS_S_DEFECTIVE_TOKEN;
342 326 return (GSS_S_DEFECTIVE_TOKEN);
343 327 }
344 328
345 329 if (aret == GSS_S_CONTINUE_NEEDED) {
346 330 if (ctx->last_stat == GSS_S_COMPLETE) {
347 331 /*
348 332 * RFC 2078, page 36, under GSS_S_COMPLETE
349 333 * says that acceptor (target) has sufficient
350 334 * information to perform per-message
351 335 * processing. So if initiator previously
352 336 * returned GSS_S_COMPLETE, and acceptor
353 337 * says he needs more, then we have
354 338 * a problem.
355 339 */
356 340 ctx->last_stat = GSS_S_FAILURE;
357 341 return (GSS_S_FAILURE);
358 342 }
359 343 ret = GSS_S_CONTINUE_NEEDED;
360 344 send_token = 1;
361 345 } else {
362 346 ret = GSS_S_COMPLETE;
363 347 send_token = 0;
364 348 }
365 349 }
366 350 if (ret_flags) /* user may pass a null pointer */
367 351 *ret_flags = dummy_flags;
368 352 if (time_rec) /* user may pass a null pointer */
369 353 *time_rec = GSS_C_INDEFINITE;
370 354 if (actual_mech_type)
371 355 *actual_mech_type = (gss_OID) gss_mech_dummy;
372 356
373 357 if (send_token == 1) {
374 358 sprintf(token_string, "%d", ret);
375 359
376 360 *output_token = make_dummy_token_msg(
377 361 token_string, strlen(token_string) + 1);
378 362 } else {
379 363 *output_token = make_dummy_token_msg(NULL, 0);
380 364 }
381 365
382 366 if (ret == GSS_S_COMPLETE)
383 367 ctx->established = 1;
384 368
385 369 ctx->last_stat = ret;
386 370 return (ret);
387 371 }
388 372
389 373 /*ARGSUSED*/
390 374 OM_uint32
391 375 dummy_gss_accept_sec_context(ct, minor_status, context_handle,
392 376 verifier_cred_handle, input_token,
393 377 input_chan_bindings, src_name, mech_type,
394 378 output_token, ret_flags, time_rec,
395 379 delegated_cred_handle)
396 380 void *ct;
397 381 OM_uint32 *minor_status;
398 382 gss_ctx_id_t *context_handle;
399 383 gss_cred_id_t verifier_cred_handle;
400 384 gss_buffer_t input_token;
401 385 gss_channel_bindings_t input_chan_bindings;
402 386 gss_name_t *src_name;
403 387 gss_OID *mech_type;
404 388 gss_buffer_t output_token;
405 389 OM_uint32 *ret_flags;
406 390 OM_uint32 *time_rec;
407 391 gss_cred_id_t *delegated_cred_handle;
408 392 {
409 393 dummy_gss_ctx_id_t ctx;
410 394 char token_string[64];
411 395 gss_buffer_desc name;
412 396 OM_uint32 status;
413 397 gss_name_t temp;
414 398 unsigned char *ptr;
415 399 int bodysize;
416 400 int err;
417 401 OM_uint32 iret;
418 402 int return_token = 0;
419 403
420 404 dprintf("Entering accept_sec_context\n");
421 405
422 406 if (src_name)
423 407 *src_name = (gss_name_t)NULL;
424 408 output_token->length = 0;
425 409 output_token->value = NULL;
426 410 if (mech_type)
427 411 *mech_type = GSS_C_NULL_OID;
428 412 /* return a bogus cred handle */
429 413 if (delegated_cred_handle)
430 414 *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
431 415
432 416 /* Check for defective input token. */
433 417 ptr = (unsigned char *) input_token->value;
434 418 if (err = g_verify_token_header((gss_OID)gss_mech_dummy, &bodysize,
435 419 &ptr, 0,
436 420 input_token->length)) {
437 421 *minor_status = err;
438 422 return (GSS_S_DEFECTIVE_TOKEN);
439 423 }
440 424
441 425 if (sscanf((char *)ptr, "%d", &iret) < 1) {
442 426 *minor_status = 1;
443 427 return (GSS_S_DEFECTIVE_TOKEN);
444 428 }
445 429
446 430 if (*context_handle == GSS_C_NO_CONTEXT) {
447 431 ctx = (dummy_gss_ctx_id_t)malloc(sizeof (dummy_gss_ctx_id_rec));
448 432 ctx->token_number = token_nums;
449 433 ctx->established = 0;
450 434 *context_handle = (gss_ctx_id_t)ctx;
451 435 } else {
452 436 ctx = (dummy_gss_ctx_id_t)(*context_handle);
453 437 }
454 438
455 439 if (ret_flags) /* user may pass a null pointer */
456 440 *ret_flags = dummy_flags;
457 441 if (time_rec) /* user may pass a null pointer */
458 442 *time_rec = GSS_C_INDEFINITE;
459 443 if (mech_type)
460 444 *mech_type = (gss_OID)gss_mech_dummy;
461 445
462 446 /*
463 447 * RFC 2078, page 36, under GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED
464 448 * tells us whether to return a token or not.
465 449 */
466 450
467 451 if (iret == GSS_S_CONTINUE_NEEDED)
468 452 return_token = 1;
469 453 else
470 454 return_token = 0;
471 455
472 456
473 457 if (ctx->token_number > 1) {
474 458 /*
475 459 * RFC 2078, page 36, under GSS_S_COMPLETE, says that if
476 460 * initiator is done, the target (us) has what it needs, so
477 461 * it must return GSS_S_COMPLETE;
478 462 */
479 463 if (iret == GSS_S_CONTINUE_NEEDED)
480 464 status = GSS_S_CONTINUE_NEEDED;
481 465 else
482 466 status = GSS_S_COMPLETE;
483 467
484 468 } else
485 469 status = GSS_S_COMPLETE;
486 470
487 471 /* source name is ready at GSS_S_COMPLELE */
488 472 if ((status == GSS_S_COMPLETE) && src_name) {
489 473 name.length = strlen(dummy_srcname);
490 474 name.value = dummy_srcname;
491 475 status = dummy_gss_import_name(ct, minor_status, &name,
492 476 (gss_OID)GSS_C_NT_USER_NAME, &temp);
493 477 if (status != GSS_S_COMPLETE) {
494 478 free(*context_handle);
495 479 *context_handle = GSS_C_NO_CONTEXT;
496 480 return (status);
497 481 }
498 482 *src_name = temp;
499 483 }
500 484
501 485 if (status == GSS_S_COMPLETE) {
502 486 ctx->established = 1;
503 487 }
504 488
505 489 if (return_token == 1) {
506 490 sprintf(token_string, "%d", status);
507 491
508 492 *output_token = make_dummy_token_msg(
509 493 token_string, strlen(token_string) + 1);
510 494 } else {
511 495 *output_token = make_dummy_token_msg(NULL, 0);
512 496 }
513 497
514 498 if (ctx->token_number > 0)
515 499 ctx->token_number--;
516 500
517 501 return (status);
518 502 }
519 503
520 504
521 505 /*ARGSUSED*/
522 506 OM_uint32
523 507 dummy_gss_process_context_token(ct, minor_status, context_handle, token_buffer)
524 508 void *ct;
525 509 OM_uint32 *minor_status;
526 510 gss_ctx_id_t context_handle;
527 511 gss_buffer_t token_buffer;
528 512 {
529 513 dprintf("In process_sec_context\n");
530 514 return (GSS_S_COMPLETE);
531 515 }
532 516
533 517 /*ARGSUSED*/
534 518 OM_uint32
535 519 dummy_gss_delete_sec_context(ct, minor_status, context_handle, output_token)
536 520 void *ct;
537 521 OM_uint32 *minor_status;
538 522 gss_ctx_id_t *context_handle;
539 523 gss_buffer_t output_token;
540 524 {
541 525 dummy_gss_ctx_id_t ctx;
542 526
543 527 dprintf("Entering delete_sec_context\n");
544 528
545 529 /* Make the length to 0, so the output token is not sent to peer */
546 530 if (output_token) {
547 531 output_token->length = 0;
548 532 output_token->value = NULL;
549 533 }
550 534
551 535 if (*context_handle == GSS_C_NO_CONTEXT) {
552 536 *minor_status = 0;
553 537 return (GSS_S_COMPLETE);
554 538 }
555 539
556 540 ctx = (dummy_gss_ctx_id_t)*context_handle;
557 541 free(ctx);
558 542 *context_handle = GSS_C_NO_CONTEXT;
559 543
560 544 dprintf("Leaving delete_sec_context\n");
561 545 return (GSS_S_COMPLETE);
562 546 }
563 547
564 548
565 549 /*ARGSUSED*/
566 550 OM_uint32
567 551 dummy_gss_context_time(ct, minor_status, context_handle, time_rec)
568 552 void *ct;
569 553 OM_uint32 *minor_status;
570 554 gss_ctx_id_t context_handle;
571 555 OM_uint32 *time_rec;
572 556 {
573 557 dprintf("In context_time\n");
574 558 if (time_rec) /* user may pass a null pointer */
575 559 return (GSS_S_FAILURE);
576 560 else
577 561 *time_rec = GSS_C_INDEFINITE;
578 562 return (GSS_S_COMPLETE);
579 563 }
580 564
581 565 /*ARGSUSED*/
582 566 OM_uint32
583 567 dummy_gss_sign(ctx, minor_status, context_handle,
584 568 qop_req, message_buffer, message_token)
585 569 void *ctx;
586 570 OM_uint32 *minor_status;
587 571 gss_ctx_id_t context_handle;
588 572 int qop_req;
589 573 gss_buffer_t message_buffer;
590 574 gss_buffer_t message_token;
591 575 {
592 576 char token_string[] = "dummy_gss_sign";
593 577 dummy_gss_ctx_id_t context;
594 578
595 579 dprintf("Entering gss_sign\n");
596 580
597 581 context = (dummy_gss_ctx_id_t)(context_handle);
598 582 if (context_handle == GSS_C_NO_CONTEXT)
599 583 return (GSS_S_NO_CONTEXT);
600 584 if (!context->established)
601 585 return (GSS_S_NO_CONTEXT);
602 586
603 587 *message_token = make_dummy_token_msg(
604 588 token_string, strlen(token_string));
605 589
606 590 dprintf("Leaving gss_sign\n");
607 591 return (GSS_S_COMPLETE);
608 592 }
609 593
610 594 /*ARGSUSED*/
611 595 OM_uint32
612 596 dummy_gss_verify(ctx, minor_status, context_handle,
613 597 message_buffer, token_buffer, qop_state)
614 598 void *ctx;
615 599 OM_uint32 *minor_status;
616 600 gss_ctx_id_t context_handle;
617 601 gss_buffer_t message_buffer;
618 602 gss_buffer_t token_buffer;
619 603 int *qop_state;
620 604 {
621 605 unsigned char *ptr;
622 606 int bodysize;
623 607 int err;
624 608 dummy_gss_ctx_id_t context;
625 609
626 610 dprintf("Entering gss_verify\n");
627 611
628 612 context = (dummy_gss_ctx_id_t)(context_handle);
629 613 if (context_handle == GSS_C_NO_CONTEXT)
630 614 return (GSS_S_NO_CONTEXT);
631 615 if (!context->established)
632 616 return (GSS_S_NO_CONTEXT);
633 617
634 618 /* Check for defective input token. */
635 619 ptr = (unsigned char *) token_buffer->value;
636 620 if (err = g_verify_token_header((gss_OID)gss_mech_dummy, &bodysize,
637 621 &ptr, 0,
638 622 token_buffer->length)) {
639 623 *minor_status = err;
640 624 return (GSS_S_DEFECTIVE_TOKEN);
641 625 }
642 626
643 627 if (qop_state)
644 628 *qop_state = GSS_C_QOP_DEFAULT;
645 629
646 630 dprintf("Leaving gss_verify\n");
647 631 return (GSS_S_COMPLETE);
648 632 }
649 633
650 634 /*ARGSUSED*/
651 635 OM_uint32
652 636 dummy_gss_seal(ctx, minor_status, context_handle, conf_req_flag,
653 637 qop_req, input_message_buffer, conf_state,
654 638 output_message_buffer)
655 639 void *ctx;
656 640 OM_uint32 *minor_status;
657 641 gss_ctx_id_t context_handle;
658 642 int conf_req_flag;
659 643 int qop_req;
660 644 gss_buffer_t input_message_buffer;
661 645 int *conf_state;
662 646 gss_buffer_t output_message_buffer;
663 647 {
664 648 gss_buffer_desc output;
665 649 dummy_gss_ctx_id_t context;
666 650
667 651 dprintf("Entering gss_seal\n");
668 652
669 653 context = (dummy_gss_ctx_id_t)(context_handle);
670 654 if (context_handle == GSS_C_NO_CONTEXT)
671 655 return (GSS_S_NO_CONTEXT);
672 656 if (!context->established)
673 657 return (GSS_S_NO_CONTEXT);
674 658
675 659 /* Copy the input message to output message */
676 660 output = make_dummy_token_msg(
677 661 input_message_buffer->value, input_message_buffer->length);
678 662
679 663 if (conf_state)
680 664 *conf_state = 1;
681 665
682 666 *output_message_buffer = output;
683 667
684 668 dprintf("Leaving gss_seal\n");
685 669 return (GSS_S_COMPLETE);
686 670 }
687 671
688 672
689 673
690 674
691 675 /*ARGSUSED*/
692 676 OM_uint32
693 677 dummy_gss_unseal(ctx, minor_status, context_handle,
694 678 input_message_buffer, output_message_buffer,
695 679 conf_state, qop_state)
696 680 void *ctx;
697 681 OM_uint32 *minor_status;
698 682 gss_ctx_id_t context_handle;
699 683 gss_buffer_t input_message_buffer;
700 684 gss_buffer_t output_message_buffer;
701 685 int *conf_state;
702 686 int *qop_state;
703 687 {
704 688 gss_buffer_desc output;
705 689 unsigned char *ptr;
706 690 int bodysize;
707 691 int err;
708 692 dummy_gss_ctx_id_t context;
709 693
710 694 dprintf("Entering gss_unseal\n");
711 695
712 696 context = (dummy_gss_ctx_id_t)(context_handle);
713 697 if (context_handle == GSS_C_NO_CONTEXT)
714 698 return (GSS_S_NO_CONTEXT);
715 699 if (!context->established)
716 700 return (GSS_S_NO_CONTEXT);
717 701
718 702 ptr = (unsigned char *) input_message_buffer->value;
719 703 if (err = g_verify_token_header((gss_OID)gss_mech_dummy, &bodysize,
720 704 &ptr, 0,
721 705 input_message_buffer->length)) {
722 706 *minor_status = err;
723 707 return (GSS_S_DEFECTIVE_TOKEN);
724 708 }
725 709 output.length = bodysize;
726 710 output.value = (void *)malloc(output.length);
727 711 memcpy(output.value, ptr, output.length);
728 712
729 713 *output_message_buffer = output;
730 714 if (qop_state)
731 715 *qop_state = GSS_C_QOP_DEFAULT;
732 716 if (conf_state)
733 717 *conf_state = 1;
734 718
735 719 dprintf("Leaving gss_unseal\n");
736 720 return (GSS_S_COMPLETE);
737 721 }
738 722
739 723 /*ARGSUSED*/
740 724 OM_uint32
741 725 dummy_gss_display_status(ctx, minor_status, status_value, status_type,
742 726 mech_type, message_context, status_string)
743 727 void *ctx;
744 728 OM_uint32 *minor_status;
745 729 OM_uint32 status_value;
746 730 int status_type;
747 731 gss_OID mech_type;
748 732 OM_uint32 *message_context;
749 733 gss_buffer_t status_string;
750 734 {
751 735 dprintf("Entering display_status\n");
752 736
753 737 *message_context = 0;
754 738 *status_string = make_dummy_token_buffer("dummy_gss_display_status");
755 739
756 740 dprintf("Leaving display_status\n");
757 741 return (GSS_S_COMPLETE);
758 742 }
759 743
760 744 /*ARGSUSED*/
761 745 OM_uint32
762 746 dummy_gss_indicate_mechs(ctx, minor_status, mech_set)
763 747 void *ctx;
764 748 OM_uint32 *minor_status;
765 749 gss_OID_set *mech_set;
766 750 {
767 751 dprintf("Entering indicate_mechs\n");
768 752
769 753 *minor_status = 0;
770 754 if (mech_set) {
771 755 if (gss_copy_oid_set(minor_status, gss_mech_set_dummy,
772 756 mech_set) == GSS_S_FAILURE) {
773 757 return (GSS_S_FAILURE);
774 758 }
775 759 }
776 760
777 761 dprintf("Leaving indicate_mechs\n");
778 762 return (GSS_S_COMPLETE);
779 763 }
780 764
781 765 /*ARGSUSED*/
782 766 OM_uint32
783 767 dummy_gss_compare_name(ctx, minor_status, name1, name2, name_equal)
784 768 void *ctx;
785 769 OM_uint32 *minor_status;
786 770 gss_name_t name1;
787 771 gss_name_t name2;
788 772 int *name_equal;
789 773 {
790 774 dummy_name_t name_1 = (dummy_name_t)name1;
791 775 dummy_name_t name_2 = (dummy_name_t)name2;
792 776
793 777 dprintf("Entering compare_name\n");
794 778
795 779 if (g_OID_equal(name_1->type, name_2->type) &&
796 780 (name_1->buffer->length == name_2->buffer->length) &&
797 781 !memcmp(name_1->buffer->value, name_2->buffer->value,
798 782 name_1->buffer->length))
799 783 *name_equal = 1;
800 784 else
801 785 *name_equal = 0;
802 786
803 787 dprintf("Leaving compare_name\n");
804 788 return (GSS_S_COMPLETE);
805 789 }
806 790
807 791 /*ARGSUSED*/
808 792 OM_uint32
809 793 dummy_gss_display_name(ctx, minor_status, input_name, output_name_buffer,
810 794 output_name_type)
811 795 void *ctx;
812 796 OM_uint32 *minor_status;
813 797 gss_name_t input_name;
814 798 gss_buffer_t output_name_buffer;
815 799 gss_OID *output_name_type;
816 800 {
817 801 OM_uint32 status = GSS_S_COMPLETE;
818 802 dummy_name_t name = (dummy_name_t)input_name;
819 803
820 804 dprintf("Entering display_name\n");
821 805
822 806 if (g_OID_equal(name->type, GSS_C_NT_USER_NAME) ||
823 807 g_OID_equal(name->type, GSS_C_NT_MACHINE_UID_NAME) ||
824 808 g_OID_equal(name->type, GSS_C_NT_STRING_UID_NAME) ||
825 809 g_OID_equal(name->type, GSS_C_NT_HOSTBASED_SERVICE)) {
826 810 /*
827 811 * output_name_buffer = (gss_buffer_t)
828 812 * malloc(sizeof (gss_buffer_desc));
829 813 */
830 814 if (output_name_buffer == NULL)
831 815 return (GSS_S_FAILURE);
832 816
833 817 output_name_buffer->length = name->buffer->length;
834 818 output_name_buffer->value = (void *)
835 819 malloc(name->buffer->length);
836 820 if (output_name_buffer->value == NULL)
837 821 return (GSS_S_FAILURE);
838 822
839 823 memcpy(output_name_buffer->value, name->buffer->value,
840 824 name->buffer->length);
841 825 if (output_name_type)
842 826 *output_name_type = name->type;
843 827
844 828 dprintf("Leaving display_name\n");
845 829 return (status);
846 830 }
847 831
848 832 dprintf("Leaving display_name\n");
849 833 return (GSS_S_BAD_NAMETYPE);
850 834 }
851 835
852 836 /*ARGSUSED*/
853 837 OM_uint32
854 838 dummy_gss_import_name(ctx, minor_status, input_name_buffer,
855 839 input_name_type, output_name)
856 840 void *ctx;
857 841 OM_uint32 *minor_status;
858 842 gss_buffer_t input_name_buffer;
859 843 gss_OID input_name_type;
860 844 gss_name_t *output_name;
861 845 {
862 846 OM_uint32 status;
863 847
864 848 dprintf("Entering import_name\n");
865 849
866 850 *output_name = NULL;
867 851 *minor_status = 0;
868 852
869 853 if (input_name_type == GSS_C_NULL_OID)
870 854 return (GSS_S_BAD_NAMETYPE);
871 855
872 856 if (g_OID_equal(input_name_type, GSS_C_NT_USER_NAME) ||
873 857 g_OID_equal(input_name_type, GSS_C_NT_MACHINE_UID_NAME) ||
874 858 g_OID_equal(input_name_type, GSS_C_NT_STRING_UID_NAME) ||
875 859 g_OID_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE)) {
876 860 dummy_name_t name = (dummy_name_t)
877 861 malloc(sizeof (dummy_name_desc));
878 862 name->buffer = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
879 863 name->buffer->length = input_name_buffer->length;
880 864 name->buffer->value = (void *)malloc(input_name_buffer->length);
881 865 if (name->buffer->value == NULL)
882 866 return (GSS_S_FAILURE);
883 867
884 868 memcpy(name->buffer->value, input_name_buffer->value,
885 869 input_name_buffer->length);
886 870
887 871 status = generic_gss_copy_oid(minor_status,
888 872 input_name_type, &(name->type));
889 873 *output_name = (gss_name_t)name;
890 874 dprintf("Leaving import_name\n");
891 875 return (status);
892 876 }
893 877 dprintf("Leaving import_name\n");
894 878 return (GSS_S_BAD_NAMETYPE);
895 879 }
896 880
897 881 /*ARGSUSED*/
898 882 OM_uint32
899 883 dummy_gss_release_name(ctx, minor_status, input_name)
900 884 void *ctx;
901 885 OM_uint32 *minor_status;
902 886 gss_name_t *input_name;
903 887 {
904 888 dummy_name_t name = (dummy_name_t)*input_name;
905 889
906 890 dprintf("Entering release_name\n");
907 891 free(name->buffer->value);
908 892 generic_gss_release_oid(minor_status, &(name->type));
909 893 free(name->buffer);
910 894 free(name);
911 895 dprintf("Leaving release_name\n");
912 896 return (GSS_S_COMPLETE);
913 897 }
914 898
915 899 /*ARGSUSED*/
916 900 OM_uint32
917 901 dummy_gss_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret,
918 902 cred_usage, mechanisms)
919 903 void *ctx;
920 904 OM_uint32 *minor_status;
921 905 gss_cred_id_t cred_handle;
922 906 gss_name_t *name;
923 907 OM_uint32 *lifetime_ret;
924 908 gss_cred_usage_t *cred_usage;
925 909 gss_OID_set *mechanisms;
926 910 {
927 911 dprintf("Entering inquire_cred\n");
928 912 if (name)
929 913 *name = (gss_name_t)make_dummy_token
930 914 ("dummy gss credential");
931 915 if (lifetime_ret)
932 916 *lifetime_ret = GSS_C_INDEFINITE;
933 917 if (cred_usage)
934 918 *cred_usage = GSS_C_BOTH;
935 919 if (mechanisms) {
936 920 if (gss_copy_oid_set(minor_status, gss_mech_set_dummy,
937 921 mechanisms) == GSS_S_FAILURE)
938 922 return (GSS_S_FAILURE);
939 923 }
940 924
941 925 dprintf("Leaving inquire_cred\n");
942 926 return (GSS_S_COMPLETE);
943 927 }
944 928
945 929 /*ARGSUSED*/
946 930 OM_uint32
947 931 dummy_gss_add_cred(ctx, minor_status, input_cred_handle,
948 932 desired_name, desired_mech, cred_usage,
949 933 initiator_time_req, acceptor_time_req,
950 934 output_cred_handle, actual_mechs,
951 935 initiator_time_rec, acceptor_time_rec)
952 936 void *ctx;
953 937 OM_uint32 *minor_status;
954 938 gss_cred_id_t input_cred_handle;
955 939 gss_name_t desired_name;
956 940 gss_OID desired_mech;
957 941 gss_cred_usage_t cred_usage;
958 942 OM_uint32 initiator_time_req;
959 943 OM_uint32 acceptor_time_req;
960 944 gss_cred_id_t *output_cred_handle;
961 945 gss_OID_set *actual_mechs;
962 946 OM_uint32 *initiator_time_rec;
963 947 OM_uint32 *acceptor_time_rec;
964 948 {
965 949 dprintf("Entering add_cred\n");
966 950
967 951 if ((desired_mech != GSS_C_NULL_OID) &&
968 952 (g_OID_equal(desired_mech, gss_mech_dummy)))
969 953 return (GSS_S_BAD_MECH);
970 954 *minor_status = 0;
971 955
972 956 dprintf("Leaving add_cred\n");
973 957
974 958 /* This routine likes in kerberos V5 is never be used / called by */
975 959 /* the GSS_API. It simply returns GSS_S_DUPLICATE_ELEMENT to indicate */
976 960 /* this error */
977 961
978 962 return (GSS_S_DUPLICATE_ELEMENT);
979 963 }
980 964
981 965 /* Should I add the token structure to deal with import/export */
982 966 /* of sec_context. For now, I just create dummy interprocess token, and when */
983 967 /* the peer accept it, it calls the import_sec_context.The import_sec_context */
984 968 /* creates new sec_context with status established. (rather than get it */
985 969 /* from interprocess token. it can be done because the sec context in dummy */
986 970 /* mechanism is very simple (contains only status if it's established). */
987 971 /*ARGSUSED*/
988 972 OM_uint32
989 973 dummy_gss_export_sec_context(ct, minor_status, context_handle,
990 974 interprocess_token)
991 975 void *ct;
992 976 OM_uint32 *minor_status;
993 977 gss_ctx_id_t *context_handle;
994 978 gss_buffer_t interprocess_token;
995 979 {
996 980 char str[] = "dummy_gss_export_sec_context";
997 981
998 982 dprintf("Entering export_sec_context\n");
999 983
1000 984 *interprocess_token = make_dummy_token_msg(str, strlen(str));
1001 985 free(*context_handle);
1002 986 *context_handle = GSS_C_NO_CONTEXT;
1003 987
1004 988 dprintf("Leaving export_sec_context\n");
1005 989 return (GSS_S_COMPLETE);
1006 990 }
1007 991
1008 992 /*ARGSUSED*/
1009 993 OM_uint32
1010 994 dummy_gss_import_sec_context(ct, minor_status, interprocess_token,
1011 995 context_handle)
1012 996 void *ct;
1013 997 OM_uint32 *minor_status;
1014 998 gss_buffer_t interprocess_token;
1015 999 gss_ctx_id_t *context_handle;
1016 1000 {
1017 1001 /* Assume that we got ctx from the interprocess token. */
1018 1002 dummy_gss_ctx_id_t ctx;
1019 1003
1020 1004 dprintf("Entering import_sec_context\n");
1021 1005
1022 1006 ctx = (dummy_gss_ctx_id_t)malloc(sizeof (dummy_gss_ctx_id_rec));
1023 1007 ctx->token_number = 0;
1024 1008 ctx->established = 1;
1025 1009
1026 1010 *context_handle = (gss_ctx_id_t)ctx;
1027 1011
1028 1012 dprintf("Leaving import_sec_context\n");
1029 1013 return (GSS_S_COMPLETE);
1030 1014 }
1031 1015
1032 1016 /*ARGSUSED*/
1033 1017 OM_uint32
1034 1018 dummy_gss_inquire_cred_by_mech(ctx, minor_status, cred_handle,
1035 1019 mech_type, name, initiator_lifetime,
1036 1020 acceptor_lifetime, cred_usage)
1037 1021 void *ctx;
1038 1022 OM_uint32 *minor_status;
1039 1023 gss_cred_id_t cred_handle;
1040 1024 gss_OID mech_type;
1041 1025 gss_name_t *name;
1042 1026 OM_uint32 *initiator_lifetime;
1043 1027 OM_uint32 *acceptor_lifetime;
1044 1028 gss_cred_usage_t *cred_usage;
1045 1029 {
1046 1030 dprintf("Entering inquire_cred_by_mech\n");
1047 1031 if (name)
1048 1032 *name = (gss_name_t)make_dummy_token("dummy credential name");
1049 1033 if (initiator_lifetime)
1050 1034 *initiator_lifetime = GSS_C_INDEFINITE;
1051 1035 if (acceptor_lifetime)
1052 1036 *acceptor_lifetime = GSS_C_INDEFINITE;
1053 1037 if (cred_usage)
1054 1038 *cred_usage = GSS_C_BOTH;
1055 1039
1056 1040 dprintf("Leaving inquire_cred_by_mech\n");
1057 1041 return (GSS_S_COMPLETE);
1058 1042 }
1059 1043
1060 1044 /*ARGSUSED*/
1061 1045 OM_uint32
1062 1046 dummy_gss_inquire_names_for_mech(ctx, minor_status, mechanism, name_types)
1063 1047 void *ctx;
1064 1048 OM_uint32 *minor_status;
1065 1049 gss_OID mechanism;
1066 1050 gss_OID_set *name_types;
1067 1051 {
1068 1052 OM_uint32 major, minor;
1069 1053
1070 1054 dprintf("Entering inquire_names_for_mech\n");
1071 1055 /*
1072 1056 * We only know how to handle our own mechanism.
1073 1057 */
1074 1058 if ((mechanism != GSS_C_NULL_OID) &&
1075 1059 !g_OID_equal(gss_mech_dummy, mechanism)) {
1076 1060 *minor_status = 0;
1077 1061 return (GSS_S_FAILURE);
1078 1062 }
1079 1063
1080 1064 major = gss_create_empty_oid_set(minor_status, name_types);
1081 1065 if (major == GSS_S_COMPLETE) {
1082 1066 /* Now add our members. */
1083 1067 if (((major = gss_add_oid_set_member(minor_status,
1084 1068 (gss_OID) GSS_C_NT_USER_NAME, name_types))
1085 1069 == GSS_S_COMPLETE) &&
1086 1070 ((major = gss_add_oid_set_member(minor_status,
1087 1071 (gss_OID) GSS_C_NT_MACHINE_UID_NAME, name_types))
1088 1072 == GSS_S_COMPLETE) &&
1089 1073 ((major = gss_add_oid_set_member(minor_status,
1090 1074 (gss_OID) GSS_C_NT_STRING_UID_NAME, name_types))
1091 1075 == GSS_S_COMPLETE)) {
1092 1076 major = gss_add_oid_set_member(minor_status,
1093 1077 (gss_OID) GSS_C_NT_HOSTBASED_SERVICE, name_types);
1094 1078 }
1095 1079
1096 1080 if (major != GSS_S_COMPLETE)
1097 1081 (void) gss_release_oid_set(&minor, name_types);
1098 1082 }
1099 1083
1100 1084 dprintf("Leaving inquire_names_for_mech\n");
1101 1085 return (major);
1102 1086 }
1103 1087
1104 1088 /*ARGSUSED*/
1105 1089 OM_uint32
1106 1090 dummy_gss_inquire_context(ct, minor_status, context_handle, initiator_name,
1107 1091 acceptor_name, lifetime_rec, mech_type, ret_flags,
1108 1092 locally_initiated, open)
1109 1093 void *ct;
1110 1094 OM_uint32 *minor_status;
1111 1095 gss_ctx_id_t context_handle;
1112 1096 gss_name_t *initiator_name;
1113 1097 gss_name_t *acceptor_name;
1114 1098 OM_uint32 *lifetime_rec;
1115 1099 gss_OID *mech_type;
1116 1100 OM_uint32 *ret_flags;
1117 1101 int *locally_initiated;
1118 1102 int *open;
1119 1103 {
1120 1104 dummy_gss_ctx_id_t ctx;
1121 1105 dummy_name_t name1, name2;
1122 1106 OM_uint32 status;
1123 1107
1124 1108 dprintf("Entering inquire_context\n");
1125 1109
1126 1110 ctx = (dummy_gss_ctx_id_t)(context_handle);
1127 1111 name1 = (dummy_name_t)
1128 1112 malloc(sizeof (dummy_name_desc));
1129 1113 name1->buffer = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
1130 1114 name1->buffer->length = dummy_context_name_len;
1131 1115 name1->buffer->value = make_dummy_token("dummy context name");
1132 1116 status = generic_gss_copy_oid(minor_status,
1133 1117 (gss_OID) GSS_C_NT_USER_NAME, &(name1->type));
1134 1118 if (status != GSS_S_COMPLETE)
1135 1119 return (status);
1136 1120 if (initiator_name)
1137 1121 *initiator_name = (gss_name_t)name1;
1138 1122
1139 1123 name2 = (dummy_name_t)
1140 1124 malloc(sizeof (dummy_name_desc));
1141 1125 name2->buffer = (gss_buffer_t)malloc(sizeof (gss_buffer_desc));
1142 1126 name2->buffer->length = dummy_context_name_len;
1143 1127 name2->buffer->value = make_dummy_token("dummy context name");
1144 1128 status = generic_gss_copy_oid(minor_status,
1145 1129 (gss_OID) GSS_C_NT_USER_NAME, &(name2->type));
1146 1130 if (status != GSS_S_COMPLETE)
1147 1131 return (status);
1148 1132 if (acceptor_name)
1149 1133 *acceptor_name = (gss_name_t)name2;
1150 1134
1151 1135 if (lifetime_rec) /* user may pass a null pointer */
1152 1136 *lifetime_rec = GSS_C_INDEFINITE;
1153 1137 if (mech_type)
1154 1138 *mech_type = (gss_OID)gss_mech_dummy;
1155 1139 if (ret_flags)
1156 1140 *ret_flags = dummy_flags;
1157 1141 if (open)
1158 1142 *open = ctx->established;
1159 1143
1160 1144 dprintf("Leaving inquire_context\n");
1161 1145 return (GSS_S_COMPLETE);
1162 1146 }
1163 1147
1164 1148 /*ARGSUSED*/
1165 1149 OM_uint32
1166 1150 dummy_gss_internal_release_oid(ct, minor_status, oid)
1167 1151 void *ct;
1168 1152 OM_uint32 *minor_status;
1169 1153 gss_OID *oid;
1170 1154 {
1171 1155 dprintf("Entering internal_release_oid\n");
1172 1156
1173 1157 /* Similar to krb5_gss_internal_release_oid */
1174 1158
1175 1159 if (*oid != gss_mech_dummy)
1176 1160 return (GSS_S_CONTINUE_NEEDED); /* We don't know this oid */
1177 1161
1178 1162 *minor_status = 0;
1179 1163 *oid = GSS_C_NO_OID;
1180 1164
1181 1165 dprintf("Leaving internal_release_oid\n");
1182 1166 return (GSS_S_COMPLETE);
1183 1167 }
1184 1168
1185 1169 /*ARGSUSED*/
1186 1170 OM_uint32
1187 1171 dummy_gss_wrap_size_limit(ct, minor_status, context_handle, conf_req_flag,
1188 1172 qop_req, req_output_size, max_input_size)
1189 1173 void *ct;
1190 1174 OM_uint32 *minor_status;
1191 1175 gss_ctx_id_t context_handle;
1192 1176 int conf_req_flag;
1193 1177 gss_qop_t qop_req;
1194 1178 OM_uint32 req_output_size;
1195 1179 OM_uint32 *max_input_size;
1196 1180 {
1197 1181 dprintf("Entering wrap_size_limit\n");
1198 1182 *max_input_size = req_output_size;
1199 1183 dprintf("Leaving wrap_size_limit\n");
1200 1184 return (GSS_S_COMPLETE);
1201 1185 }
1202 1186
1203 1187 /* ARGSUSED */
1204 1188 OM_uint32
1205 1189 dummy_pname_to_uid(ct, minor_status, name, uidOut)
1206 1190 void *ct;
1207 1191 OM_uint32 *minor_status;
1208 1192 const gss_name_t name;
1209 1193 uid_t *uidOut;
1210 1194 {
1211 1195 dprintf("Entering pname_to_uid\n");
1212 1196 *minor_status = 0;
1213 1197 *uidOut = 60001;
1214 1198 dprintf("Leaving pname_to_uid\n");
1215 1199 return (GSS_S_COMPLETE);
1216 1200 }
1217 1201
1218 1202 static dummy_token_t
1219 1203 make_dummy_token(char *name)
1220 1204 {
1221 1205 dummy_token_t token;
1222 1206
1223 1207 token = (dummy_token_t)malloc(strlen(name)+1);
1224 1208 strcpy(token, name);
1225 1209 return (token);
1226 1210 }
1227 1211
1228 1212 static void
1229 1213 free_dummy_token(dummy_token_t *token)
1230 1214 {
1231 1215 free(*token);
1232 1216 *token = NULL;
1233 1217 }
1234 1218
1235 1219 static gss_buffer_desc
1236 1220 make_dummy_token_buffer(char *name)
1237 1221 {
1238 1222 gss_buffer_desc buffer;
1239 1223
1240 1224 if (name == NULL) {
1241 1225 buffer.length = 0;
1242 1226 buffer.value = NULL;
1243 1227 } else {
1244 1228 buffer.length = strlen(name)+1;
1245 1229 buffer.value = make_dummy_token(name);
1246 1230 }
1247 1231 return (buffer);
1248 1232 }
1249 1233
1250 1234 static gss_buffer_desc
1251 1235 make_dummy_token_msg(void *data, int dataLen)
1252 1236 {
1253 1237 gss_buffer_desc buffer;
1254 1238 int tlen;
1255 1239 unsigned char *t;
1256 1240 unsigned char *ptr;
1257 1241
1258 1242 if (data == NULL) {
1259 1243 buffer.length = 0;
1260 1244 buffer.value = NULL;
1261 1245 return (buffer);
1262 1246 }
1263 1247
1264 1248 tlen = g_token_size((gss_OID)gss_mech_dummy, dataLen);
1265 1249 t = (unsigned char *) malloc(tlen);
1266 1250 ptr = t;
1267 1251
1268 1252 g_make_token_header((gss_OID)gss_mech_dummy, dataLen, &ptr, 0);
1269 1253 memcpy(ptr, data, dataLen);
1270 1254
1271 1255 buffer.length = tlen;
1272 1256 buffer.value = (void *) t;
1273 1257 return (buffer);
1274 1258 }
1275 1259
1276 1260 static int
1277 1261 der_length_size(length)
1278 1262 int length;
1279 1263 {
1280 1264 if (length < (1<<7))
1281 1265 return (1);
1282 1266 else if (length < (1<<8))
1283 1267 return (2);
1284 1268 else if (length < (1<<16))
1285 1269 return (3);
1286 1270 else if (length < (1<<24))
1287 1271 return (4);
1288 1272 else
1289 1273 return (5);
1290 1274 }
1291 1275
1292 1276 static void
1293 1277 der_write_length(buf, length)
1294 1278 unsigned char **buf;
1295 1279 int length;
1296 1280 {
1297 1281 if (length < (1<<7)) {
1298 1282 *(*buf)++ = (unsigned char) length;
1299 1283 } else {
1300 1284 *(*buf)++ = (unsigned char) (der_length_size(length)+127);
1301 1285 if (length >= (1<<24))
1302 1286 *(*buf)++ = (unsigned char) (length>>24);
1303 1287 if (length >= (1<<16))
1304 1288 *(*buf)++ = (unsigned char) ((length>>16)&0xff);
1305 1289 if (length >= (1<<8))
1306 1290 *(*buf)++ = (unsigned char) ((length>>8)&0xff);
1307 1291 *(*buf)++ = (unsigned char) (length&0xff);
1308 1292 }
1309 1293 }
1310 1294
1311 1295 static int
1312 1296 der_read_length(buf, bufsize)
1313 1297 unsigned char **buf;
1314 1298 int *bufsize;
1315 1299 {
1316 1300 unsigned char sf;
1317 1301 int ret;
1318 1302
1319 1303 if (*bufsize < 1)
1320 1304 return (-1);
1321 1305
1322 1306 sf = *(*buf)++;
1323 1307 (*bufsize)--;
1324 1308 if (sf & 0x80) {
1325 1309 if ((sf &= 0x7f) > ((*bufsize)-1))
1326 1310 return (-1);
1327 1311
1328 1312 if (sf > DUMMY_SIZE_OF_INT)
1329 1313 return (-1);
1330 1314 ret = 0;
1331 1315 for (; sf; sf--) {
1332 1316 ret = (ret<<8) + (*(*buf)++);
1333 1317 (*bufsize)--;
1334 1318 }
1335 1319 } else {
1336 1320 ret = sf;
1337 1321 }
1338 1322
1339 1323 return (ret);
1340 1324 }
1341 1325
1342 1326 static int
1343 1327 g_token_size(mech, body_size)
1344 1328 gss_OID mech;
1345 1329 unsigned int body_size;
1346 1330 {
1347 1331 /* set body_size to sequence contents size */
1348 1332 body_size += 4 + (int)mech->length; /* NEED overflow check */
1349 1333 return (1 + der_length_size(body_size) + body_size);
1350 1334 }
1351 1335
1352 1336 static void
1353 1337 g_make_token_header(mech, body_size, buf, tok_type)
1354 1338 gss_OID mech;
1355 1339 int body_size;
1356 1340 unsigned char **buf;
1357 1341 int tok_type;
1358 1342 {
1359 1343 *(*buf)++ = 0x60;
1360 1344 der_write_length(buf, 4 + mech->length + body_size);
1361 1345 *(*buf)++ = 0x06;
1362 1346 *(*buf)++ = (unsigned char) mech->length;
1363 1347 TWRITE_STR(*buf, mech->elements, ((int)mech->length));
1364 1348 *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
1365 1349 *(*buf)++ = (unsigned char) (tok_type&0xff);
1366 1350 }
1367 1351
1368 1352 static int
1369 1353 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize)
1370 1354 gss_OID mech;
1371 1355 int *body_size;
1372 1356 unsigned char **buf_in;
1373 1357 int tok_type;
1374 1358 int toksize;
1375 1359 {
1376 1360 unsigned char *buf = *buf_in;
1377 1361 int seqsize;
1378 1362 gss_OID_desc toid;
1379 1363 int ret = 0;
1380 1364
1381 1365 if ((toksize -= 1) < 0)
1382 1366 return (G_BAD_TOK_HEADER);
1383 1367 if (*buf++ != 0x60)
1384 1368 return (G_BAD_TOK_HEADER);
1385 1369
1386 1370 if ((seqsize = der_read_length(&buf, &toksize)) < 0)
1387 1371 return (G_BAD_TOK_HEADER);
1388 1372
1389 1373 if (seqsize != toksize)
1390 1374 return (G_BAD_TOK_HEADER);
1391 1375
1392 1376 if ((toksize -= 1) < 0)
1393 1377 return (G_BAD_TOK_HEADER);
1394 1378 if (*buf++ != 0x06)
1395 1379 return (G_BAD_TOK_HEADER);
1396 1380
1397 1381 if ((toksize -= 1) < 0)
1398 1382 return (G_BAD_TOK_HEADER);
1399 1383 toid.length = *buf++;
1400 1384
1401 1385 if ((toksize -= toid.length) < 0)
1402 1386 return (G_BAD_TOK_HEADER);
1403 1387 toid.elements = buf;
1404 1388 buf += toid.length;
1405 1389
1406 1390 if (!g_OID_equal(&toid, mech))
1407 1391 ret = G_WRONG_MECH;
1408 1392
1409 1393 /*
1410 1394 * G_WRONG_MECH is not returned immediately because it's more important
1411 1395 * to return G_BAD_TOK_HEADER if the token header is in fact bad
1412 1396 */
1413 1397
1414 1398 if ((toksize -= 2) < 0)
1415 1399 return (G_BAD_TOK_HEADER);
1416 1400
1417 1401 if ((*buf++ != ((tok_type>>8)&0xff)) ||
1418 1402 (*buf++ != (tok_type&0xff)))
1419 1403 return (G_BAD_TOK_HEADER);
1420 1404
1421 1405 if (!ret) {
1422 1406 *buf_in = buf;
1423 1407 *body_size = toksize;
1424 1408 }
1425 1409
1426 1410 return (ret);
1427 1411 }
↓ open down ↓ |
1249 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX