search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:heimdal: import lorikeet-heimdal-200911170333 (commit b532c294d974cead40a1183c71be...
[Samba.git] / source4 / heimdal / lib / gssapi / spnego / accept_sec_context.c
blobab8a4d1aacd19d4f732912fd9ec5944131d1cd74
1 /*
2 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * Portions Copyright (c) 2004 PADL Software Pty Ltd.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "spnego_locl.h"
35
36 static OM_uint32
37 send_reject (OM_uint32 *minor_status,
38 gss_buffer_t output_token)
39 {
40 NegotiationToken nt;
41 size_t size;
42
43 nt.element = choice_NegotiationToken_negTokenResp;
44
45 ALLOC(nt.u.negTokenResp.negResult, 1);
46 if (nt.u.negTokenResp.negResult == NULL) {
47 *minor_status = ENOMEM;
48 return GSS_S_FAILURE;
49 }
50 *(nt.u.negTokenResp.negResult) = reject;
51 nt.u.negTokenResp.supportedMech = NULL;
52 nt.u.negTokenResp.responseToken = NULL;
53 nt.u.negTokenResp.mechListMIC = NULL;
54
55 ASN1_MALLOC_ENCODE(NegotiationToken,
56 output_token->value, output_token->length, &nt,
57 &size, *minor_status);
58 free_NegotiationToken(&nt);
59 if (*minor_status != 0)
60 return GSS_S_FAILURE;
61
62 return GSS_S_BAD_MECH;
63 }
64
65 static OM_uint32
66 acceptor_approved(gss_name_t target_name, gss_OID mech)
67 {
68 gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
69 gss_OID_set oidset;
70 OM_uint32 junk, ret;
71
72 if (target_name == GSS_C_NO_NAME)
73 return GSS_S_COMPLETE;
74
75 gss_create_empty_oid_set(&junk, &oidset);
76 gss_add_oid_set_member(&junk, mech, &oidset);
77
78 ret = gss_acquire_cred(&junk, target_name, GSS_C_INDEFINITE, oidset,
79 GSS_C_ACCEPT, &cred, NULL, NULL);
80 gss_release_oid_set(&junk, &oidset);
81 if (ret != GSS_S_COMPLETE)
82 return ret;
83 gss_release_cred(&junk, &cred);
84
85 return GSS_S_COMPLETE;
86 }
87
88 static OM_uint32
89 send_supported_mechs (OM_uint32 *minor_status,
90 gss_buffer_t output_token)
91 {
92 NegotiationTokenWin nt;
93 size_t buf_len;
94 gss_buffer_desc data;
95 OM_uint32 ret;
96
97 memset(&nt, 0, sizeof(nt));
98
99 nt.element = choice_NegotiationTokenWin_negTokenInit;
100 nt.u.negTokenInit.reqFlags = NULL;
101 nt.u.negTokenInit.mechToken = NULL;
102 nt.u.negTokenInit.negHints = NULL;
103
104 ret = _gss_spnego_indicate_mechtypelist(minor_status, GSS_C_NO_NAME,
105 acceptor_approved, 1, NULL,
106 &nt.u.negTokenInit.mechTypes, NULL);
107 if (ret != GSS_S_COMPLETE) {
108 return ret;
109 }
110
111 ALLOC(nt.u.negTokenInit.negHints, 1);
112 if (nt.u.negTokenInit.negHints == NULL) {
113 *minor_status = ENOMEM;
114 free_NegotiationTokenWin(&nt);
115 return GSS_S_FAILURE;
116 }
117
118 ALLOC(nt.u.negTokenInit.negHints->hintName, 1);
119 if (nt.u.negTokenInit.negHints->hintName == NULL) {
120 *minor_status = ENOMEM;
121 free_NegotiationTokenWin(&nt);
122 return GSS_S_FAILURE;
123 }
124
125 *nt.u.negTokenInit.negHints->hintName = strdup("not_defined_in_RFC4178@please_ignore");
126 nt.u.negTokenInit.negHints->hintAddress = NULL;
127
128 ASN1_MALLOC_ENCODE(NegotiationTokenWin,
129 data.value, data.length, &nt, &buf_len, ret);
130 free_NegotiationTokenWin(&nt);
131 if (ret) {
132 *minor_status = ret;
133 return GSS_S_FAILURE;
134 }
135 if (data.length != buf_len)
136 abort();
137
138 ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token);
139
140 free (data.value);
141
142 if (ret != GSS_S_COMPLETE)
143 return ret;
144
145 *minor_status = 0;
146
147 return GSS_S_CONTINUE_NEEDED;
148 }
149
150 static OM_uint32
151 send_accept (OM_uint32 *minor_status,
152 gssspnego_ctx context_handle,
153 gss_buffer_t mech_token,
154 int initial_response,
155 gss_buffer_t mech_buf,
156 gss_buffer_t output_token)
157 {
158 NegotiationToken nt;
159 OM_uint32 ret;
160 gss_buffer_desc mech_mic_buf;
161 size_t size;
162
163 memset(&nt, 0, sizeof(nt));
164
165 nt.element = choice_NegotiationToken_negTokenResp;
166
167 ALLOC(nt.u.negTokenResp.negResult, 1);
168 if (nt.u.negTokenResp.negResult == NULL) {
169 *minor_status = ENOMEM;
170 return GSS_S_FAILURE;
171 }
172
173 if (context_handle->open) {
174 if (mech_token != GSS_C_NO_BUFFER
175 && mech_token->length != 0
176 && mech_buf != GSS_C_NO_BUFFER)
177 *(nt.u.negTokenResp.negResult) = accept_incomplete;
178 else
179 *(nt.u.negTokenResp.negResult) = accept_completed;
180 } else {
181 if (initial_response && context_handle->require_mic)
182 *(nt.u.negTokenResp.negResult) = request_mic;
183 else
184 *(nt.u.negTokenResp.negResult) = accept_incomplete;
185 }
186
187 if (initial_response) {
188 ALLOC(nt.u.negTokenResp.supportedMech, 1);
189 if (nt.u.negTokenResp.supportedMech == NULL) {
190 free_NegotiationToken(&nt);
191 *minor_status = ENOMEM;
192 return GSS_S_FAILURE;
193 }
194
195 ret = der_get_oid(context_handle->preferred_mech_type->elements,
196 context_handle->preferred_mech_type->length,
197 nt.u.negTokenResp.supportedMech,
198 NULL);
199 if (ret) {
200 free_NegotiationToken(&nt);
201 *minor_status = ENOMEM;
202 return GSS_S_FAILURE;
203 }
204 } else {
205 nt.u.negTokenResp.supportedMech = NULL;
206 }
207
208 if (mech_token != GSS_C_NO_BUFFER && mech_token->length != 0) {
209 ALLOC(nt.u.negTokenResp.responseToken, 1);
210 if (nt.u.negTokenResp.responseToken == NULL) {
211 free_NegotiationToken(&nt);
212 *minor_status = ENOMEM;
213 return GSS_S_FAILURE;
214 }
215 nt.u.negTokenResp.responseToken->length = mech_token->length;
216 nt.u.negTokenResp.responseToken->data = mech_token->value;
217 mech_token->length = 0;
218 mech_token->value = NULL;
219 } else {
220 nt.u.negTokenResp.responseToken = NULL;
221 }
222
223 if (mech_buf != GSS_C_NO_BUFFER) {
224 ret = gss_get_mic(minor_status,
225 context_handle->negotiated_ctx_id,
226 0,
227 mech_buf,
228 &mech_mic_buf);
229 if (ret == GSS_S_COMPLETE) {
230 ALLOC(nt.u.negTokenResp.mechListMIC, 1);
231 if (nt.u.negTokenResp.mechListMIC == NULL) {
232 gss_release_buffer(minor_status, &mech_mic_buf);
233 free_NegotiationToken(&nt);
234 *minor_status = ENOMEM;
235 return GSS_S_FAILURE;
236 }
237 nt.u.negTokenResp.mechListMIC->length = mech_mic_buf.length;
238 nt.u.negTokenResp.mechListMIC->data = mech_mic_buf.value;
239 } else if (ret == GSS_S_UNAVAILABLE) {
240 nt.u.negTokenResp.mechListMIC = NULL;
241 } else {
242 free_NegotiationToken(&nt);
243 return ret;
244 }
245
246 } else
247 nt.u.negTokenResp.mechListMIC = NULL;
248
249 ASN1_MALLOC_ENCODE(NegotiationToken,
250 output_token->value, output_token->length,
251 &nt, &size, ret);
252 if (ret) {
253 free_NegotiationToken(&nt);
254 *minor_status = ret;
255 return GSS_S_FAILURE;
256 }
257
258 /*
259 * The response should not be encapsulated, because
260 * it is a SubsequentContextToken (note though RFC 1964
261 * specifies encapsulation for all _Kerberos_ tokens).
262 */
263
264 if (*(nt.u.negTokenResp.negResult) == accept_completed)
265 ret = GSS_S_COMPLETE;
266 else
267 ret = GSS_S_CONTINUE_NEEDED;
268 free_NegotiationToken(&nt);
269 return ret;
270 }
271
272
273 static OM_uint32
274 verify_mechlist_mic
275 (OM_uint32 *minor_status,
276 gssspnego_ctx context_handle,
277 gss_buffer_t mech_buf,
278 heim_octet_string *mechListMIC
279 )
280 {
281 OM_uint32 ret;
282 gss_buffer_desc mic_buf;
283
284 if (context_handle->verified_mic) {
285 /* This doesn't make sense, we've already verified it? */
286 *minor_status = 0;
287 return GSS_S_DUPLICATE_TOKEN;
288 }
289
290 if (mechListMIC == NULL) {
291 *minor_status = 0;
292 return GSS_S_DEFECTIVE_TOKEN;
293 }
294
295 mic_buf.length = mechListMIC->length;
296 mic_buf.value = mechListMIC->data;
297
298 ret = gss_verify_mic(minor_status,
299 context_handle->negotiated_ctx_id,
300 mech_buf,
301 &mic_buf,
302 NULL);
303
304 if (ret != GSS_S_COMPLETE)
305 ret = GSS_S_DEFECTIVE_TOKEN;
306
307 return ret;
308 }
309
310 static OM_uint32
311 select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
312 gss_OID *mech_p)
313 {
314 char mechbuf[64];
315 size_t mech_len;
316 gss_OID_desc oid;
317 gss_OID oidp;
318 gss_OID_set mechs;
319 int i;
320 OM_uint32 ret, junk;
321
322 ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
323 sizeof(mechbuf),
324 mechType,
325 &mech_len);
326 if (ret) {
327 return GSS_S_DEFECTIVE_TOKEN;
328 }
329
330 oid.length = mech_len;
331 oid.elements = mechbuf + sizeof(mechbuf) - mech_len;
332
333 if (gss_oid_equal(&oid, GSS_SPNEGO_MECHANISM)) {
334 return GSS_S_BAD_MECH;
335 }
336
337 *minor_status = 0;
338
339 /* Translate broken MS Kebreros OID */
340 if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc))
341 oidp = &_gss_spnego_krb5_mechanism_oid_desc;
342 else
343 oidp = &oid;
344
345
346 ret = gss_indicate_mechs(&junk, &mechs);
347 if (ret)
348 return (ret);
349
350 for (i = 0; i < mechs->count; i++)
351 if (gss_oid_equal(&mechs->elements[i], oidp))
352 break;
353
354 if (i == mechs->count) {
355 gss_release_oid_set(&junk, &mechs);
356 return GSS_S_BAD_MECH;
357 }
358 gss_release_oid_set(&junk, &mechs);
359
360 ret = gss_duplicate_oid(minor_status,
361 &oid, /* possibly this should be oidp */
362 mech_p);
363
364 if (verify_p) {
365 gss_name_t name = GSS_C_NO_NAME;
366 gss_buffer_desc namebuf;
367 char *str = NULL, *host, hostname[MAXHOSTNAMELEN];
368
369 host = getenv("GSSAPI_SPNEGO_NAME");
370 if (host == NULL || issuid()) {
371 if (gethostname(hostname, sizeof(hostname)) != 0) {
372 *minor_status = errno;
373 return GSS_S_FAILURE;
374 }
375 asprintf(&str, "host@%s", hostname);
376 host = str;
377 }
378
379 namebuf.length = strlen(host);
380 namebuf.value = host;
381
382 ret = gss_import_name(minor_status, &namebuf,
383 GSS_C_NT_HOSTBASED_SERVICE, &name);
384 if (str)
385 free(str);
386 if (ret != GSS_S_COMPLETE)
387 return ret;
388
389 ret = acceptor_approved(name, *mech_p);
390 gss_release_name(&junk, &name);
391 }
392
393 return ret;
394 }
395
396
397 static OM_uint32
398 acceptor_complete(OM_uint32 * minor_status,
399 gssspnego_ctx ctx,
400 int *get_mic,
401 gss_buffer_t mech_buf,
402 gss_buffer_t mech_input_token,
403 gss_buffer_t mech_output_token,
404 heim_octet_string *mic,
405 gss_buffer_t output_token)
406 {
407 OM_uint32 ret;
408 int require_mic, verify_mic;
409 gss_buffer_desc buf;
410
411 buf.length = 0;
412 buf.value = NULL;
413
414 ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic);
415 if (ret)
416 return ret;
417
418 ctx->require_mic = require_mic;
419
420 if (mic != NULL)
421 require_mic = 1;
422
423 if (ctx->open && require_mic) {
424 if (mech_input_token == GSS_C_NO_BUFFER) { /* Even/One */
425 verify_mic = 1;
426 *get_mic = 0;
427 } else if (mech_output_token != GSS_C_NO_BUFFER &&
428 mech_output_token->length == 0) { /* Odd */
429 *get_mic = verify_mic = 1;
430 } else { /* Even/One */
431 verify_mic = 0;
432 *get_mic = 1;
433 }
434
435 if (verify_mic || *get_mic) {
436 int eret;
437 size_t buf_len;
438
439 ASN1_MALLOC_ENCODE(MechTypeList,
440 mech_buf->value, mech_buf->length,
441 &ctx->initiator_mech_types, &buf_len, eret);
442 if (eret) {
443 *minor_status = eret;
444 return GSS_S_FAILURE;
445 }
446 if (buf.length != buf_len)
447 abort();
448 }
449
450 if (verify_mic) {
451 ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
452 if (ret) {
453 if (*get_mic)
454 send_reject (minor_status, output_token);
455 if (buf.value)
456 free(buf.value);
457 return ret;
458 }
459 ctx->verified_mic = 1;
460 }
461 if (buf.value)
462 free(buf.value);
463
464 } else
465 *get_mic = 0;
466
467 return GSS_S_COMPLETE;
468 }
469
470
471 static OM_uint32
472 acceptor_start
473 (OM_uint32 * minor_status,
474 gss_ctx_id_t * context_handle,
475 const gss_cred_id_t acceptor_cred_handle,
476 const gss_buffer_t input_token_buffer,
477 const gss_channel_bindings_t input_chan_bindings,
478 gss_name_t * src_name,
479 gss_OID * mech_type,
480 gss_buffer_t output_token,
481 OM_uint32 * ret_flags,
482 OM_uint32 * time_rec,
483 gss_cred_id_t *delegated_cred_handle
484 )
485 {
486 OM_uint32 ret, junk;
487 NegotiationToken nt;
488 size_t nt_len;
489 NegTokenInit *ni;
490 int i;
491 gss_buffer_desc data;
492 gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
493 gss_buffer_desc mech_output_token;
494 gss_buffer_desc mech_buf;
495 gss_OID preferred_mech_type = GSS_C_NO_OID;
496 gssspnego_ctx ctx;
497 int get_mic = 0;
498 int first_ok = 0;
499
500 mech_output_token.value = NULL;
501 mech_output_token.length = 0;
502 mech_buf.value = NULL;
503
504 if (input_token_buffer->length == 0)
505 return send_supported_mechs (minor_status, output_token);
506
507 ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
508 if (ret != GSS_S_COMPLETE)
509 return ret;
510
511 ctx = (gssspnego_ctx)*context_handle;
512
513 /*
514 * The GSS-API encapsulation is only present on the initial
515 * context token (negTokenInit).
516 */
517 ret = gss_decapsulate_token (input_token_buffer,
518 GSS_SPNEGO_MECHANISM,
519 &data);
520 if (ret)
521 return ret;
522
523 ret = decode_NegotiationToken(data.value, data.length, &nt, &nt_len);
524 gss_release_buffer(minor_status, &data);
525 if (ret) {
526 *minor_status = ret;
527 return GSS_S_DEFECTIVE_TOKEN;
528 }
529 if (nt.element != choice_NegotiationToken_negTokenInit) {
530 *minor_status = 0;
531 return GSS_S_DEFECTIVE_TOKEN;
532 }
533 ni = &nt.u.negTokenInit;
534
535 if (ni->mechTypes.len < 1) {
536 free_NegotiationToken(&nt);
537 *minor_status = 0;
538 return GSS_S_DEFECTIVE_TOKEN;
539 }
540
541 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
542
543 ret = copy_MechTypeList(&ni->mechTypes, &ctx->initiator_mech_types);
544 if (ret) {
545 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
546 free_NegotiationToken(&nt);
547 *minor_status = ret;
548 return GSS_S_FAILURE;
549 }
550
551 /*
552 * First we try the opportunistic token if we have support for it,
553 * don't try to verify we have credential for the token,
554 * gss_accept_sec_context() will (hopefully) tell us that.
555 * If that failes,
556 */
557
558 ret = select_mech(minor_status,
559 &ni->mechTypes.val[0],
560 0,
561 &preferred_mech_type);
562
563 if (ret == 0 && ni->mechToken != NULL) {
564 gss_buffer_desc ibuf;
565
566 ibuf.length = ni->mechToken->length;
567 ibuf.value = ni->mechToken->data;
568 mech_input_token = &ibuf;
569
570 if (ctx->mech_src_name != GSS_C_NO_NAME)
571 gss_release_name(&junk, &ctx->mech_src_name);
572
573 ret = gss_accept_sec_context(minor_status,
574 &ctx->negotiated_ctx_id,
575 acceptor_cred_handle,
576 mech_input_token,
577 input_chan_bindings,
578 &ctx->mech_src_name,
579 &ctx->negotiated_mech_type,
580 &mech_output_token,
581 &ctx->mech_flags,
582 &ctx->mech_time_rec,
583 delegated_cred_handle);
584
585 if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
586 ctx->preferred_mech_type = preferred_mech_type;
587 if (ret == GSS_S_COMPLETE)
588 ctx->open = 1;
589
590 ret = acceptor_complete(minor_status,
591 ctx,
592 &get_mic,
593 &mech_buf,
594 mech_input_token,
595 &mech_output_token,
596 ni->mechListMIC,
597 output_token);
598 if (ret != GSS_S_COMPLETE)
599 goto out;
600
601 first_ok = 1;
602 } else {
603 gss_mg_collect_error(preferred_mech_type, ret, *minor_status);
604 }
605 }
606
607 /*
608 * If opportunistic token failed, lets try the other mechs.
609 */
610
611 if (!first_ok && ni->mechToken != NULL) {
612
613 preferred_mech_type = GSS_C_NO_OID;
614
615 /* Call glue layer to find first mech we support */
616 for (i = 1; i < ni->mechTypes.len; ++i) {
617 ret = select_mech(minor_status,
618 &ni->mechTypes.val[i],
619 1,
620 &preferred_mech_type);
621 if (ret == 0)
622 break;
623 }
624 if (preferred_mech_type == GSS_C_NO_OID) {
625 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
626 free_NegotiationToken(&nt);
627 return ret;
628 }
629
630 ctx->preferred_mech_type = preferred_mech_type;
631 }
632
633 /*
634 * The initial token always have a response
635 */
636
637 ret = send_accept (minor_status,
638 ctx,
639 &mech_output_token,
640 1,
641 get_mic ? &mech_buf : NULL,
642 output_token);
643 if (ret)
644 goto out;
645
646 out:
647 if (mech_output_token.value != NULL)
648 gss_release_buffer(&junk, &mech_output_token);
649 if (mech_buf.value != NULL) {
650 free(mech_buf.value);
651 mech_buf.value = NULL;
652 }
653 free_NegotiationToken(&nt);
654
655
656 if (ret == GSS_S_COMPLETE) {
657 if (src_name != NULL && ctx->mech_src_name != NULL) {
658 spnego_name name;
659
660 name = calloc(1, sizeof(*name));
661 if (name) {
662 name->mech = ctx->mech_src_name;
663 ctx->mech_src_name = NULL;
664 *src_name = (gss_name_t)name;
665 }
666 }
667 }
668
669 if (mech_type != NULL)
670 *mech_type = ctx->negotiated_mech_type;
671 if (ret_flags != NULL)
672 *ret_flags = ctx->mech_flags;
673 if (time_rec != NULL)
674 *time_rec = ctx->mech_time_rec;
675
676 if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
677 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
678 return ret;
679 }
680
681 _gss_spnego_internal_delete_sec_context(&junk, context_handle,
682 GSS_C_NO_BUFFER);
683
684 return ret;
685 }
686
687
688 static OM_uint32
689 acceptor_continue
690 (OM_uint32 * minor_status,
691 gss_ctx_id_t * context_handle,
692 const gss_cred_id_t acceptor_cred_handle,
693 const gss_buffer_t input_token_buffer,
694 const gss_channel_bindings_t input_chan_bindings,
695 gss_name_t * src_name,
696 gss_OID * mech_type,
697 gss_buffer_t output_token,
698 OM_uint32 * ret_flags,
699 OM_uint32 * time_rec,
700 gss_cred_id_t *delegated_cred_handle
701 )
702 {
703 OM_uint32 ret, ret2, minor;
704 NegotiationToken nt;
705 size_t nt_len;
706 NegTokenResp *na;
707 unsigned int negResult = accept_incomplete;
708 gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
709 gss_buffer_t mech_output_token = GSS_C_NO_BUFFER;
710 gss_buffer_desc mech_buf;
711 gssspnego_ctx ctx;
712
713 mech_buf.value = NULL;
714
715 ctx = (gssspnego_ctx)*context_handle;
716
717 /*
718 * The GSS-API encapsulation is only present on the initial
719 * context token (negTokenInit).
720 */
721
722 ret = decode_NegotiationToken(input_token_buffer->value,
723 input_token_buffer->length,
724 &nt, &nt_len);
725 if (ret) {
726 *minor_status = ret;
727 return GSS_S_DEFECTIVE_TOKEN;
728 }
729 if (nt.element != choice_NegotiationToken_negTokenResp) {
730 *minor_status = 0;
731 return GSS_S_DEFECTIVE_TOKEN;
732 }
733 na = &nt.u.negTokenResp;
734
735 if (na->negResult != NULL) {
736 negResult = *(na->negResult);
737 }
738
739 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
740
741 {
742 gss_buffer_desc ibuf, obuf;
743 int require_mic, get_mic = 0;
744 int require_response;
745 heim_octet_string *mic;
746
747 if (na->responseToken != NULL) {
748 ibuf.length = na->responseToken->length;
749 ibuf.value = na->responseToken->data;
750 mech_input_token = &ibuf;
751 } else {
752 ibuf.value = NULL;
753 ibuf.length = 0;
754 }
755
756 if (mech_input_token != GSS_C_NO_BUFFER) {
757
758 if (ctx->mech_src_name != GSS_C_NO_NAME)
759 gss_release_name(&minor, &ctx->mech_src_name);
760
761 ret = gss_accept_sec_context(&minor,
762 &ctx->negotiated_ctx_id,
763 acceptor_cred_handle,
764 mech_input_token,
765 input_chan_bindings,
766 &ctx->mech_src_name,
767 &ctx->negotiated_mech_type,
768 &obuf,
769 &ctx->mech_flags,
770 &ctx->mech_time_rec,
771 delegated_cred_handle);
772
773 if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
774 mech_output_token = &obuf;
775 }
776 if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
777 free_NegotiationToken(&nt);
778 gss_mg_collect_error(ctx->negotiated_mech_type, ret, minor);
779 send_reject (minor_status, output_token);
780 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
781 return ret;
782 }
783 if (ret == GSS_S_COMPLETE)
784 ctx->open = 1;
785 } else
786 ret = GSS_S_COMPLETE;
787
788 ret2 = _gss_spnego_require_mechlist_mic(minor_status,
789 ctx,
790 &require_mic);
791 if (ret2)
792 goto out;
793
794 ctx->require_mic = require_mic;
795
796 mic = na->mechListMIC;
797 if (mic != NULL)
798 require_mic = 1;
799
800 if (ret == GSS_S_COMPLETE)
801 ret = acceptor_complete(minor_status,
802 ctx,
803 &get_mic,
804 &mech_buf,
805 mech_input_token,
806 mech_output_token,
807 na->mechListMIC,
808 output_token);
809
810 if (ctx->mech_flags & GSS_C_DCE_STYLE)
811 require_response = (negResult != accept_completed);
812 else
813 require_response = 0;
814
815 /*
816 * Check whether we need to send a result: there should be only
817 * one accept_completed response sent in the entire negotiation
818 */
819 if ((mech_output_token != GSS_C_NO_BUFFER &&
820 mech_output_token->length != 0)
821 || (ctx->open && negResult == accept_incomplete)
822 || require_response
823 || get_mic) {
824 ret2 = send_accept (minor_status,
825 ctx,
826 mech_output_token,
827 0,
828 get_mic ? &mech_buf : NULL,
829 output_token);
830 if (ret2)
831 goto out;
832 }
833
834 out:
835 if (ret2 != GSS_S_COMPLETE)
836 ret = ret2;
837 if (mech_output_token != NULL)
838 gss_release_buffer(&minor, mech_output_token);
839 if (mech_buf.value != NULL)
840 free(mech_buf.value);
841 free_NegotiationToken(&nt);
842 }
843
844 if (ret == GSS_S_COMPLETE) {
845 if (src_name != NULL && ctx->mech_src_name != NULL) {
846 spnego_name name;
847
848 name = calloc(1, sizeof(*name));
849 if (name) {
850 name->mech = ctx->mech_src_name;
851 ctx->mech_src_name = NULL;
852 *src_name = (gss_name_t)name;
853 }
854 }
855 }
856
857 if (mech_type != NULL)
858 *mech_type = ctx->negotiated_mech_type;
859 if (ret_flags != NULL)
860 *ret_flags = ctx->mech_flags;
861 if (time_rec != NULL)
862 *time_rec = ctx->mech_time_rec;
863
864 if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
865 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
866 return ret;
867 }
868
869 _gss_spnego_internal_delete_sec_context(&minor, context_handle,
870 GSS_C_NO_BUFFER);
871
872 return ret;
873 }
874
875 OM_uint32
876 _gss_spnego_accept_sec_context
877 (OM_uint32 * minor_status,
878 gss_ctx_id_t * context_handle,
879 const gss_cred_id_t acceptor_cred_handle,
880 const gss_buffer_t input_token_buffer,
881 const gss_channel_bindings_t input_chan_bindings,
882 gss_name_t * src_name,
883 gss_OID * mech_type,
884 gss_buffer_t output_token,
885 OM_uint32 * ret_flags,
886 OM_uint32 * time_rec,
887 gss_cred_id_t *delegated_cred_handle
888 )
889 {
890 _gss_accept_sec_context_t *func;
891
892 *minor_status = 0;
893
894 output_token->length = 0;
895 output_token->value = NULL;
896
897 if (src_name != NULL)
898 *src_name = GSS_C_NO_NAME;
899 if (mech_type != NULL)
900 *mech_type = GSS_C_NO_OID;
901 if (ret_flags != NULL)
902 *ret_flags = 0;
903 if (time_rec != NULL)
904 *time_rec = 0;
905 if (delegated_cred_handle != NULL)
906 *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
907
908
909 if (*context_handle == GSS_C_NO_CONTEXT)
910 func = acceptor_start;
911 else
912 func = acceptor_continue;
913
914
915 return (*func)(minor_status, context_handle, acceptor_cred_handle,
916 input_token_buffer, input_chan_bindings,
917 src_name, mech_type, output_token, ret_flags,
918 time_rec, delegated_cred_handle);
919 }
Samba GIT mirror