2 * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Kungliga Tekniska
20 * Högskolan and its contributors.
22 * 4. Neither the name of the Institute nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 #include "gssapi_locl.h"
43 static krb5_keytab gss_keytab
;
46 gsskrb5_register_acceptor_identity (char *identity
)
49 if(gss_keytab
!= NULL
) {
50 krb5_kt_close(gssapi_krb5_context
, gss_keytab
);
53 asprintf(&p
, "FILE:%s", identity
);
56 krb5_kt_resolve(gssapi_krb5_context
, p
, &gss_keytab
);
58 return GSS_S_COMPLETE
;
61 OM_uint32 gss_accept_sec_context
62 (OM_uint32
* minor_status
,
63 gss_ctx_id_t
* context_handle
,
64 const gss_cred_id_t acceptor_cred_handle
,
65 const gss_buffer_t input_token_buffer
,
66 const gss_channel_bindings_t input_chan_bindings
,
67 gss_name_t
* src_name
,
69 gss_buffer_t output_token
,
70 OM_uint32
* ret_flags
,
72 gss_cred_id_t
* delegated_cred_handle
78 krb5_flags ap_options
;
81 krb5_keytab keytab
= NULL
;
85 if (*context_handle
== GSS_C_NO_CONTEXT
) {
86 *context_handle
= malloc(sizeof(**context_handle
));
87 if (*context_handle
== GSS_C_NO_CONTEXT
)
91 (*context_handle
)->auth_context
= NULL
;
92 (*context_handle
)->source
= NULL
;
93 (*context_handle
)->target
= NULL
;
94 (*context_handle
)->flags
= 0;
95 (*context_handle
)->more_flags
= 0;
97 kret
= krb5_auth_con_init (gssapi_krb5_context
,
98 &(*context_handle
)->auth_context
);
107 krb5_auth_con_getflags(gssapi_krb5_context
,
108 (*context_handle
)->auth_context
,
110 tmp
|= KRB5_AUTH_CONTEXT_DO_SEQUENCE
;
111 krb5_auth_con_setflags(gssapi_krb5_context
,
112 (*context_handle
)->auth_context
,
116 ret
= gssapi_krb5_decapsulate (input_token_buffer
,
122 if (acceptor_cred_handle
== GSS_C_NO_CREDENTIAL
) {
123 if (gss_keytab
!= NULL
) {
126 } else if (acceptor_cred_handle
->keytab
!= NULL
) {
127 keytab
= acceptor_cred_handle
->keytab
;
130 kret
= krb5_rd_req (gssapi_krb5_context
,
131 &(*context_handle
)->auth_context
,
133 (acceptor_cred_handle
== GSS_C_NO_CREDENTIAL
) ? NULL
134 : acceptor_cred_handle
->principal
,
143 kret
= krb5_copy_principal (gssapi_krb5_context
,
145 &(*context_handle
)->source
);
152 kret
= krb5_copy_principal (gssapi_krb5_context
,
162 krb5_authenticator authenticator
;
164 kret
= krb5_auth_getauthenticator(gssapi_krb5_context
,
165 (*context_handle
)->auth_context
,
172 kret
= gssapi_krb5_verify_8003_checksum(input_chan_bindings
,
173 authenticator
->cksum
,
175 krb5_free_authenticator(gssapi_krb5_context
, &authenticator
);
184 (*context_handle
)->flags
= flags
;
185 (*context_handle
)->more_flags
|= OPEN
;
188 *mech_type
= GSS_KRB5_MECHANISM
;
191 *time_rec
= GSS_C_INDEFINITE
;
193 if(flags
& GSS_C_MUTUAL_FLAG
) {
196 kret
= krb5_mk_rep (gssapi_krb5_context
,
197 &(*context_handle
)->auth_context
,
200 krb5_data_free (&outbuf
);
204 ret
= gssapi_krb5_encapsulate (&outbuf
,
210 output_token
->length
= 0;
213 return GSS_S_COMPLETE
;
216 krb5_auth_con_free (gssapi_krb5_context
,
217 (*context_handle
)->auth_context
);
218 if((*context_handle
)->source
)
219 krb5_free_principal (gssapi_krb5_context
,
220 (*context_handle
)->source
);
221 if((*context_handle
)->target
)
222 krb5_free_principal (gssapi_krb5_context
,
223 (*context_handle
)->target
);
224 free (*context_handle
);
225 *context_handle
= GSS_C_NO_CONTEXT
;
226 return GSS_S_FAILURE
;