svn commit: lorikeet r644 - in trunk/heimdal/lib/gssapi: krb5 mech

abartlet at samba.org abartlet at samba.org
Mon Oct 30 06:19:36 GMT 2006 

Author: abartlet
Date: 2006-10-30 06:19:36 +0000 (Mon, 30 Oct 2006)
New Revision: 644

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=644

Log:
A first attempt at adding the appropriate mechglue abstraction for
gsskrb5_extract_authz_data_from_sec_context().

Andrew Bartlett

Modified:
   trunk/heimdal/lib/gssapi/krb5/copy_ccache.c
   trunk/heimdal/lib/gssapi/mech/gss_krb5.c


Changeset:
Modified: trunk/heimdal/lib/gssapi/krb5/copy_ccache.c
===================================================================
--- trunk/heimdal/lib/gssapi/krb5/copy_ccache.c	2006-10-30 02:29:45 UTC (rev 643)
+++ trunk/heimdal/lib/gssapi/krb5/copy_ccache.c	2006-10-30 06:19:36 UTC (rev 644)
@@ -190,51 +190,6 @@
 }
 
 
-OM_uint32
-_gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
-					     gss_ctx_id_t context_handle,
-					     int ad_type,
-					     gss_buffer_t ad_data)
-{
-    const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
-    krb5_error_code ret;
-    krb5_data data;
-    
-    ad_data->value = NULL;
-    ad_data->length = 0;
-    
-    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
-    if (ctx->ticket == NULL) {
-	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
-    }
-
-    ret = krb5_ticket_get_authorization_data_type(_gsskrb5_context,
-						  ctx->ticket,
-						  ad_type,
-						  &data);
-    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
-    if (ret) {
-	*minor_status = ret;
-	return GSS_S_FAILURE;
-    }
-    
-    ad_data->value = malloc(data.length);
-    if (ad_data->value == NULL) {
-	krb5_data_free(&data);
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
-    }
-
-    ad_data->length = data.length;
-    memcpy(ad_data->value, data.data, ad_data->length);
-    krb5_data_free(&data);
-	    
-    *minor_status = 0;
-    return GSS_S_COMPLETE;
-}
-
 OM_uint32 gsskrb5_copy_service_keyblock
         (OM_uint32 *minor_status,
 	 gss_ctx_id_t context_handle,

Modified: trunk/heimdal/lib/gssapi/mech/gss_krb5.c
===================================================================
--- trunk/heimdal/lib/gssapi/mech/gss_krb5.c	2006-10-30 02:29:45 UTC (rev 643)
+++ trunk/heimdal/lib/gssapi/mech/gss_krb5.c	2006-10-30 06:19:36 UTC (rev 644)
@@ -263,7 +263,7 @@
     krb5_storage *sp = NULL;
     uint32_t num;
 
-    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) {
+    if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT || version != 1) {
 	ret = EINVAL;
 	return GSS_S_FAILURE;
     }
@@ -482,3 +482,97 @@
     *minor_status = 0;
     return GSS_S_COMPLETE;
 }
+
+OM_uint32
+gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
+					    gss_ctx_id_t context_handle,
+					    int ad_type,
+					    gss_buffer_t ad_data)
+{
+    gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
+    OM_uint32 maj_stat;
+    gss_OID_desc authz_oid_flat;
+    heim_oid authz_oid;
+    heim_oid new_authz_oid;
+    size_t size;
+    
+    if (context_handle == GSS_C_NO_CONTEXT) {
+	*minor_status = EINVAL;
+	return GSS_S_FAILURE;
+    }
+
+    /* All this to append an integer to an oid... */
+
+    if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements,
+		    GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length,
+		    &authz_oid, &size) != 0) {
+	*minor_status = EINVAL;
+	return GSS_S_FAILURE;
+    }
+    
+    /* Structure assignment */
+    new_authz_oid = authz_oid;
+
+    new_authz_oid.components = malloc(authz_oid.length + 1);
+    if (!new_authz_oid.components) {
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    memcpy(new_authz_oid.components, authz_oid.components, 
+	   authz_oid.length * sizeof(*authz_oid.components));
+    
+    new_authz_oid.components[new_authz_oid.length - 1] = ad_type;
+
+    authz_oid_flat.length = der_length_oid(&new_authz_oid);
+    authz_oid_flat.elements = malloc(authz_oid_flat.length);
+
+    if (!new_authz_oid.components) {
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    if (der_put_oid(authz_oid_flat.elements, 
+		    authz_oid_flat.length,
+		    &new_authz_oid, &size) != 0) {
+	*minor_status = EINVAL;
+	return GSS_S_FAILURE;
+    }
+
+    
+    free(authz_oid.components);
+    free(new_authz_oid.components);
+
+    /* FINALLY, we have the OID */
+
+    maj_stat =
+	gss_inquire_sec_context_by_oid (minor_status,
+					context_handle,
+					&authz_oid_flat,
+					&data_set);
+
+    free(authz_oid_flat.elements);
+
+    if (maj_stat)
+	return maj_stat;
+    
+    if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {
+	gss_release_buffer_set(minor_status, &data_set);
+	*minor_status = EINVAL;
+	return GSS_S_FAILURE;
+    }
+
+    ad_data->value = malloc(data_set->elements[0].length);
+    if (ad_data->value == NULL) {
+	gss_release_buffer_set(minor_status, &data_set);
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    ad_data->length = data_set->elements[0].length;
+    memcpy(ad_data->value, data_set->elements[0].value, ad_data->length);
+    gss_release_buffer_set(minor_status, &data_set);
+    
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
+}

More information about the samba-cvs mailing list