svn commit: lorikeet r648 - in trunk/heimdal/lib/gssapi: . gssapi mech

Sat Nov 4 06:43:12 GMT 2006

Author: abartlet
Date: 2006-11-04 06:43:11 +0000 (Sat, 04 Nov 2006)
New Revision: 648

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=648

Log:
Add functions to access subkeys.

Andrew Bartlett

Modified:
   trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
   trunk/heimdal/lib/gssapi/mech/gss_krb5.c
   trunk/heimdal/lib/gssapi/test_context.c


Changeset:
Modified: trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h
===================================================================

--- trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h	2006-11-03 23:58:56 UTC (rev 647)
+++ trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h	2006-11-04 06:43:11 UTC (rev 648)
@@ -137,7 +137,15 @@
 OM_uint32 
 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
 				 gss_ctx_id_t context_handle,
-				 struct EncryptionKey *out);
+				 struct EncryptionKey **out);
+OM_uint32 
+gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
+				 gss_ctx_id_t context_handle,
+				 struct EncryptionKey **out);
+OM_uint32 
+gsskrb5_get_subkey(OM_uint32 *minor_status,
+		   gss_ctx_id_t context_handle,
+		   struct EncryptionKey **out);
 
 /*
  * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to

Modified: trunk/heimdal/lib/gssapi/mech/gss_krb5.c
===================================================================
--- trunk/heimdal/lib/gssapi/mech/gss_krb5.c	2006-11-03 23:58:56 UTC (rev 647)
+++ trunk/heimdal/lib/gssapi/mech/gss_krb5.c	2006-11-04 06:43:11 UTC (rev 648)
@@ -27,6 +27,7 @@
  */
 
 #include "mech_locl.h"
+#include "krb5/gsskrb5_locl.h"
 RCSID("$Id: gss_krb5.c,v 1.13 2006/10/20 22:05:02 lha Exp $");
 
 #include <krb5.h>
@@ -581,10 +582,11 @@
     return GSS_S_COMPLETE;
 }
 
-OM_uint32
-gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
-				 gss_ctx_id_t context_handle,
-				 krb5_keyblock *keyblock)
+static OM_uint32
+gsskrb5_extract_key(OM_uint32 *minor_status,
+		    gss_ctx_id_t context_handle,
+		    const gss_OID oid, 
+		    krb5_keyblock **keyblock)
 {
     krb5_error_code ret;
     gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
@@ -596,10 +598,14 @@
 	return GSS_S_FAILURE;
     }
     
+    ret = _gsskrb5_init();
+    if(ret)
+	return GSS_S_FAILURE;
+
     major_status =
 	gss_inquire_sec_context_by_oid (minor_status,
 					context_handle,
-					GSS_KRB5_GET_SERVICE_KEYBLOCK_X,
+					oid,
 					&data_set);
     if (major_status)
 	return major_status;
@@ -617,13 +623,22 @@
 	goto out;
     }
     
-    ret = krb5_ret_keyblock(sp, keyblock);
+    *keyblock = calloc(1, sizeof(**keyblock));
+    if (keyblock == NULL) {
+	ret = ENOMEM;
+	goto out;
+    }
 
+    ret = krb5_ret_keyblock(sp, *keyblock);
+
 out: 
-   gss_release_buffer_set(minor_status, &data_set);
+    gss_release_buffer_set(minor_status, &data_set);
     if (sp)
 	krb5_storage_free(sp);
     if (ret) {
+	if (keyblock) {
+	    krb5_free_keyblock(_gsskrb5_context, *keyblock);
+	}
 
 	*minor_status = ret;
 	return GSS_S_FAILURE;
@@ -632,3 +647,35 @@
     return GSS_S_COMPLETE;
 }
 
+OM_uint32
+gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,
+				 gss_ctx_id_t context_handle,
+				 krb5_keyblock **keyblock)
+{
+    return gsskrb5_extract_key(minor_status,
+			       context_handle,
+			       GSS_KRB5_GET_SERVICE_KEYBLOCK_X,
+			       keyblock);
+}
+
+OM_uint32
+gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,
+			     gss_ctx_id_t context_handle,
+			     krb5_keyblock **keyblock)
+{
+    return gsskrb5_extract_key(minor_status,
+			       context_handle,
+			       GSS_KRB5_GET_INITIATOR_SUBKEY_X,
+			       keyblock);
+}
+
+OM_uint32
+gsskrb5_get_subkey(OM_uint32 *minor_status,
+		   gss_ctx_id_t context_handle,
+		   krb5_keyblock **keyblock)
+{
+    return gsskrb5_extract_key(minor_status,
+			       context_handle,
+			       GSS_KRB5_GET_ACCEPTOR_SUBKEY_X,
+			       keyblock);
+}

Modified: trunk/heimdal/lib/gssapi/test_context.c
===================================================================
--- trunk/heimdal/lib/gssapi/test_context.c	2006-11-03 23:58:56 UTC (rev 647)
+++ trunk/heimdal/lib/gssapi/test_context.c	2006-11-04 06:43:11 UTC (rev 648)
@@ -232,7 +232,7 @@
     if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) {
 	time_t time;
 	gss_buffer_desc authz_data;
-	krb5_keyblock keyblock;
+	krb5_keyblock *keyblock;
 	/* client */
 	maj_stat = gss_krb5_export_lucid_sec_context(&min_stat,
 						     &cctx,
@@ -275,8 +275,26 @@
 	    errx(1, "gss_krb5_export_service_keyblock failed: %s",
 		     gssapi_err(maj_stat, min_stat, mechoid));
 
-	krb5_free_keyblock_contents(_gsskrb5_context, &keyblock);
+	krb5_free_keyblock(_gsskrb5_context, keyblock);
 
+ 	maj_stat = gsskrb5_get_subkey(&min_stat,
+				      sctx,
+				      &keyblock);
+	if (maj_stat != GSS_S_COMPLETE)
+	    errx(1, "gss_krb5_get_subkey failed: %s",
+		     gssapi_err(maj_stat, min_stat, mechoid));
+
+	krb5_free_keyblock(_gsskrb5_context, keyblock);
+
+ 	maj_stat = gsskrb5_get_initiator_subkey(&min_stat,
+						    sctx,
+						    &keyblock);
+	if (maj_stat != GSS_S_COMPLETE)
+	    errx(1, "gss_krb5_get_initiator_subkey failed: %s",
+		     gssapi_err(maj_stat, min_stat, mechoid));
+
+	krb5_free_keyblock(_gsskrb5_context, keyblock);
+
  	maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat,
 							       sctx,
 							       128,

