svn commit: lorikeet r286 - in trunk/heimdal/lib/gssapi: .

abartlet at samba.org abartlet at samba.org
Sat May 14 07:51:21 GMT 2005


Author: abartlet
Date: 2005-05-14 07:51:20 +0000 (Sat, 14 May 2005)
New Revision: 286

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=286

Log:
Merge from tmp branch - a function to get exactly the subkeys we need
for CIFS, when GSSAPI uses krb5.

Perhaps this should be a generic GSSAPI function, with callbacks for
the probably-will-never-exist NTLMSSP GSSAPI backend too...

Andrew Bartlett

Modified:
   trunk/heimdal/lib/gssapi/gssapi.h
   trunk/heimdal/lib/gssapi/wrap.c


Changeset:
Modified: trunk/heimdal/lib/gssapi/gssapi.h
===================================================================
--- trunk/heimdal/lib/gssapi/gssapi.h	2005-05-14 07:14:11 UTC (rev 285)
+++ trunk/heimdal/lib/gssapi/gssapi.h	2005-05-14 07:51:20 UTC (rev 286)
@@ -784,6 +784,11 @@
 	 gss_ctx_id_t /*context_handle*/,
 	 int /*ad_type*/,
 	 gss_buffer_t /*ad_data*/);
+OM_uint32
+gsskrb5_get_initiator_subkey
+        (OM_uint32 * /*minor_status*/,
+	 const gss_ctx_id_t context_handle,
+	 gss_buffer_t /* subkey */);
 
 #define GSS_C_KRB5_COMPAT_DES3_MIC 1
 

Modified: trunk/heimdal/lib/gssapi/wrap.c
===================================================================
--- trunk/heimdal/lib/gssapi/wrap.c	2005-05-14 07:14:11 UTC (rev 285)
+++ trunk/heimdal/lib/gssapi/wrap.c	2005-05-14 07:51:20 UTC (rev 286)
@@ -36,6 +36,47 @@
 RCSID("$Id: wrap.c,v 1.31 2005/01/05 02:52:12 lukeh Exp $");
 
 OM_uint32
+gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
+			     gss_ctx_id_t context_handle,
+			     gss_buffer_t key)
+{
+    krb5_error_code ret;
+    krb5_keyblock *skey = NULL;
+
+    HEIMDAL_MUTEX_lock(&context_handle->ctx_id_mutex);
+    if (context_handle->more_flags & LOCAL) {
+	ret = krb5_auth_con_getlocalsubkey(gssapi_krb5_context,
+					   context_handle->auth_context, 
+					   &skey);
+	if (ret) {
+		*minor_status = ret;
+		return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
+	}
+	
+    } else {
+	ret = krb5_auth_con_getremotesubkey(gssapi_krb5_context,
+					    context_handle->auth_context, 
+					    &skey);
+	if (ret) {
+		*minor_status = ret;
+		return GSS_KRB5_S_KG_NO_SUBKEY; /* XXX */
+	}
+    
+    }
+    HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex);
+    key->length = skey->keyvalue.length;
+    key->value  = malloc (key->length);
+    if (!key->value) {
+	    krb5_free_keyblock(gssapi_krb5_context, skey);
+	    *minor_status = ENOMEM;
+	    return GSS_S_FAILURE;
+    }
+    memcpy(key->value, skey->keyvalue.data, key->length);
+    krb5_free_keyblock(gssapi_krb5_context, skey);
+    return 0;
+}
+
+OM_uint32
 gss_krb5_get_subkey(const gss_ctx_id_t context_handle,
 		    krb5_keyblock **key)
 {



More information about the samba-cvs mailing list