svn commit: lorikeet r648 - in trunk/heimdal/lib/gssapi: . gssapi
mech
abartlet at samba.org
abartlet at samba.org
Sat Nov 4 06:43:12 GMT 2006
Author: abartlet
Date: 2006-11-04 06:43:11 +0000 (Sat, 04 Nov 2006)
New Revision: 648
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=648
Log:
Add functions to access subkeys.
Andrew Bartlett
Modified:
trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
trunk/heimdal/lib/gssapi/mech/gss_krb5.c
trunk/heimdal/lib/gssapi/test_context.c
Changeset:
Modified: trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
===================================================================
--- trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h 2006-11-03 23:58:56 UTC (rev 647)
+++ trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h 2006-11-04 06:43:11 UTC (rev 648)
@@ -137,7 +137,15 @@
OM_uint32
gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
- struct EncryptionKey *out);
+ struct EncryptionKey **out);
+OM_uint32
+gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ struct EncryptionKey **out);
+OM_uint32
+gsskrb5_get_subkey(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ struct EncryptionKey **out);
/*
* Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
Modified: trunk/heimdal/lib/gssapi/mech/gss_krb5.c
===================================================================
--- trunk/heimdal/lib/gssapi/mech/gss_krb5.c 2006-11-03 23:58:56 UTC (rev 647)
+++ trunk/heimdal/lib/gssapi/mech/gss_krb5.c 2006-11-04 06:43:11 UTC (rev 648)
@@ -27,6 +27,7 @@
*/
#include "mech_locl.h"
+#include "krb5/gsskrb5_locl.h"
RCSID("$Id: gss_krb5.c,v 1.13 2006/10/20 22:05:02 lha Exp $");
#include <krb5.h>
@@ -581,10 +582,11 @@
return GSS_S_COMPLETE;
}
-OM_uint32
-gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- krb5_keyblock *keyblock)
+static OM_uint32
+gsskrb5_extract_key(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ const gss_OID oid,
+ krb5_keyblock **keyblock)
{
krb5_error_code ret;
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
@@ -596,10 +598,14 @@
return GSS_S_FAILURE;
}
+ ret = _gsskrb5_init();
+ if(ret)
+ return GSS_S_FAILURE;
+
major_status =
gss_inquire_sec_context_by_oid (minor_status,
context_handle,
- GSS_KRB5_GET_SERVICE_KEYBLOCK_X,
+ oid,
&data_set);
if (major_status)
return major_status;
@@ -617,13 +623,22 @@
goto out;
}
- ret = krb5_ret_keyblock(sp, keyblock);
+ *keyblock = calloc(1, sizeof(**keyblock));
+ if (keyblock == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ ret = krb5_ret_keyblock(sp, *keyblock);
+
out:
- gss_release_buffer_set(minor_status, &data_set);
+ gss_release_buffer_set(minor_status, &data_set);
if (sp)
krb5_storage_free(sp);
if (ret) {
+ if (keyblock) {
+ krb5_free_keyblock(_gsskrb5_context, *keyblock);
+ }
*minor_status = ret;
return GSS_S_FAILURE;
@@ -632,3 +647,35 @@
return GSS_S_COMPLETE;
}
+OM_uint32
+gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ krb5_keyblock **keyblock)
+{
+ return gsskrb5_extract_key(minor_status,
+ context_handle,
+ GSS_KRB5_GET_SERVICE_KEYBLOCK_X,
+ keyblock);
+}
+
+OM_uint32
+gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ krb5_keyblock **keyblock)
+{
+ return gsskrb5_extract_key(minor_status,
+ context_handle,
+ GSS_KRB5_GET_INITIATOR_SUBKEY_X,
+ keyblock);
+}
+
+OM_uint32
+gsskrb5_get_subkey(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ krb5_keyblock **keyblock)
+{
+ return gsskrb5_extract_key(minor_status,
+ context_handle,
+ GSS_KRB5_GET_ACCEPTOR_SUBKEY_X,
+ keyblock);
+}
Modified: trunk/heimdal/lib/gssapi/test_context.c
===================================================================
--- trunk/heimdal/lib/gssapi/test_context.c 2006-11-03 23:58:56 UTC (rev 647)
+++ trunk/heimdal/lib/gssapi/test_context.c 2006-11-04 06:43:11 UTC (rev 648)
@@ -232,7 +232,7 @@
if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) {
time_t time;
gss_buffer_desc authz_data;
- krb5_keyblock keyblock;
+ krb5_keyblock *keyblock;
/* client */
maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
&cctx,
@@ -275,8 +275,26 @@
errx(1, "gss_krb5_export_service_keyblock failed: %s",
gssapi_err(maj_stat, min_stat, mechoid));
- krb5_free_keyblock_contents(_gsskrb5_context, &keyblock);
+ krb5_free_keyblock(_gsskrb5_context, keyblock);
+ maj_stat = gsskrb5_get_subkey(&min_stat,
+ sctx,
+ &keyblock);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_get_subkey failed: %s",
+ gssapi_err(maj_stat, min_stat, mechoid));
+
+ krb5_free_keyblock(_gsskrb5_context, keyblock);
+
+ maj_stat = gsskrb5_get_initiator_subkey(&min_stat,
+ sctx,
+ &keyblock);
+ if (maj_stat != GSS_S_COMPLETE)
+ errx(1, "gss_krb5_get_initiator_subkey failed: %s",
+ gssapi_err(maj_stat, min_stat, mechoid));
+
+ krb5_free_keyblock(_gsskrb5_context, keyblock);
+
maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
sctx,
128,
More information about the samba-cvs
mailing list