svn commit: lorikeet r644 - in trunk/heimdal/lib/gssapi: krb5 mech
abartlet at samba.org
abartlet at samba.org
Mon Oct 30 06:19:36 GMT 2006
Author: abartlet
Date: 2006-10-30 06:19:36 +0000 (Mon, 30 Oct 2006)
New Revision: 644
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=644
Log:
A first attempt at adding the appropriate mechglue abstraction for
gsskrb5_extract_authz_data_from_sec_context().
Andrew Bartlett
Modified:
trunk/heimdal/lib/gssapi/krb5/copy_ccache.c
trunk/heimdal/lib/gssapi/mech/gss_krb5.c
Changeset:
Modified: trunk/heimdal/lib/gssapi/krb5/copy_ccache.c
===================================================================
--- trunk/heimdal/lib/gssapi/krb5/copy_ccache.c 2006-10-30 02:29:45 UTC (rev 643)
+++ trunk/heimdal/lib/gssapi/krb5/copy_ccache.c 2006-10-30 06:19:36 UTC (rev 644)
@@ -190,51 +190,6 @@
}
-OM_uint32
-_gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
- gss_ctx_id_t context_handle,
- int ad_type,
- gss_buffer_t ad_data)
-{
- const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
- krb5_error_code ret;
- krb5_data data;
-
- ad_data->value = NULL;
- ad_data->length = 0;
-
- HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
- if (ctx->ticket == NULL) {
- HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- *minor_status = EINVAL;
- return GSS_S_FAILURE;
- }
-
- ret = krb5_ticket_get_authorization_data_type(_gsskrb5_context,
- ctx->ticket,
- ad_type,
- &data);
- HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
- if (ret) {
- *minor_status = ret;
- return GSS_S_FAILURE;
- }
-
- ad_data->value = malloc(data.length);
- if (ad_data->value == NULL) {
- krb5_data_free(&data);
- *minor_status = ENOMEM;
- return GSS_S_FAILURE;
- }
-
- ad_data->length = data.length;
- memcpy(ad_data->value, data.data, ad_data->length);
- krb5_data_free(&data);
-
- *minor_status = 0;
- return GSS_S_COMPLETE;
-}
-
OM_uint32 gsskrb5_copy_service_keyblock
(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
Modified: trunk/heimdal/lib/gssapi/mech/gss_krb5.c
===================================================================
--- trunk/heimdal/lib/gssapi/mech/gss_krb5.c 2006-10-30 02:29:45 UTC (rev 643)
+++ trunk/heimdal/lib/gssapi/mech/gss_krb5.c 2006-10-30 06:19:36 UTC (rev 644)
@@ -263,7 +263,7 @@
krb5_storage *sp = NULL;
uint32_t num;
- if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) {
+ if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT || version != 1) {
ret = EINVAL;
return GSS_S_FAILURE;
}
@@ -482,3 +482,97 @@
*minor_status = 0;
return GSS_S_COMPLETE;
}
+
+OM_uint32
+gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int ad_type,
+ gss_buffer_t ad_data)
+{
+ gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
+ OM_uint32 maj_stat;
+ gss_OID_desc authz_oid_flat;
+ heim_oid authz_oid;
+ heim_oid new_authz_oid;
+ size_t size;
+
+ if (context_handle == GSS_C_NO_CONTEXT) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ /* All this to append an integer to an oid... */
+
+ if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements,
+ GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length,
+ &authz_oid, &size) != 0) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ /* Structure assignment */
+ new_authz_oid = authz_oid;
+
+ new_authz_oid.components = malloc(authz_oid.length + 1);
+ if (!new_authz_oid.components) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ memcpy(new_authz_oid.components, authz_oid.components,
+ authz_oid.length * sizeof(*authz_oid.components));
+
+ new_authz_oid.components[new_authz_oid.length - 1] = ad_type;
+
+ authz_oid_flat.length = der_length_oid(&new_authz_oid);
+ authz_oid_flat.elements = malloc(authz_oid_flat.length);
+
+ if (!new_authz_oid.components) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ if (der_put_oid(authz_oid_flat.elements,
+ authz_oid_flat.length,
+ &new_authz_oid, &size) != 0) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+
+ free(authz_oid.components);
+ free(new_authz_oid.components);
+
+ /* FINALLY, we have the OID */
+
+ maj_stat =
+ gss_inquire_sec_context_by_oid (minor_status,
+ context_handle,
+ &authz_oid_flat,
+ &data_set);
+
+ free(authz_oid_flat.elements);
+
+ if (maj_stat)
+ return maj_stat;
+
+ if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
+ gss_release_buffer_set(minor_status, &data_set);
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ ad_data->value = malloc(data_set->elements[0].length);
+ if (ad_data->value == NULL) {
+ gss_release_buffer_set(minor_status, &data_set);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ ad_data->length = data_set->elements[0].length;
+ memcpy(ad_data->value, data_set->elements[0].value, ad_data->length);
+ gss_release_buffer_set(minor_status, &data_set);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
More information about the samba-cvs
mailing list