svn commit: lorikeet r286 - in trunk/heimdal/lib/gssapi: .
abartlet at samba.org
abartlet at samba.org
Sat May 14 07:51:21 GMT 2005
Author: abartlet
Date: 2005-05-14 07:51:20 +0000 (Sat, 14 May 2005)
New Revision: 286
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=286
Log:
Merge from tmp branch - a function to get exactly the subkeys we need
for CIFS, when GSSAPI uses krb5.
Perhaps this should be a generic GSSAPI function, with callbacks for
the probably-will-never-exist NTLMSSP GSSAPI backend too...
Andrew Bartlett
Modified:
trunk/heimdal/lib/gssapi/gssapi.h
trunk/heimdal/lib/gssapi/wrap.c
Changeset:
Modified: trunk/heimdal/lib/gssapi/gssapi.h
===================================================================
--- trunk/heimdal/lib/gssapi/gssapi.h 2005-05-14 07:14:11 UTC (rev 285)
+++ trunk/heimdal/lib/gssapi/gssapi.h 2005-05-14 07:51:20 UTC (rev 286)
@@ -784,6 +784,11 @@
gss_ctx_id_t /*context_handle*/,
int /*ad_type*/,
gss_buffer_t /*ad_data*/);
+OM_uint32
+gsskrb5_get_initiator_subkey
+ (OM_uint32 * /*minor_status*/,
+ const gss_ctx_id_t context_handle,
+ gss_buffer_t /* subkey */);
#define GSS_C_KRB5_COMPAT_DES3_MIC 1
Modified: trunk/heimdal/lib/gssapi/wrap.c
===================================================================
--- trunk/heimdal/lib/gssapi/wrap.c 2005-05-14 07:14:11 UTC (rev 285)
+++ trunk/heimdal/lib/gssapi/wrap.c 2005-05-14 07:51:20 UTC (rev 286)
@@ -36,6 +36,47 @@
RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $");
OM_uint32
+gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t key)
+{
+ krb5_error_code ret;
+ krb5_keyblock *skey = NULL;
+
+ HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+ if (context_handle->more_flags & LOCAL) {
+ ret = krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
+ context_handle->auth_context,
+ &skey);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
+ }
+
+ } else {
+ ret = krb5_auth_con_getremotesubkey(gssapi_krb5_context,
+ context_handle->auth_context,
+ &skey);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
+ }
+
+ }
+ HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+ key->length = skey->keyvalue.length;
+ key->value = malloc (key->length);
+ if (!key->value) {
+ krb5_free_keyblock(gssapi_krb5_context, skey);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy(key->value, skey->keyvalue.data, key->length);
+ krb5_free_keyblock(gssapi_krb5_context, skey);
+ return 0;
+}
+
+OM_uint32
gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
krb5_keyblock **key)
{
More information about the samba-cvs
mailing list