| blob | 6b4a90ab711ebd466ea8a5ee193a23b34bc96eb2 |
1 /*
2 * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 2000-2002 Internet Software Consortium.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
16 */
18 /*
19 * $Id: gssapi_link.c,v 1.7.128.5 2008/07/23 10:33:26 marka Exp $
20 */
22 #include <config.h>
24 #ifdef GSSAPI
26 #include <isc/buffer.h>
27 #include <isc/mem.h>
28 #include <isc/string.h>
29 #include <isc/util.h>
31 #include <dst/result.h>
36 #include <dst/gssapi.h>
38 #define INITIAL_BUFFER_SIZE 1024
39 #define BUFFER_EXTRA 1024
41 #define REGION_TO_GBUFFER(r, gb) \
42 do { \
43 (gb).length = (r).length; \
44 (gb).value = (r).base; \
45 } while (0)
50 };
52 /*%
53 * Allocate a temporary "context" for use in gathering data for signing
54 * or verifying.
55 */
56 static isc_result_t
59 isc_result_t result;
68 INITIAL_BUFFER_SIZE);
72 }
77 }
79 /*%
80 * Destroy the temporary sign/verify context.
81 */
82 static void
91 }
92 }
94 /*%
95 * Add data to our running buffer of data we will be signing or verifying.
96 * This code will see if the new data will fit in our existing buffer, and
97 * copy it in if it will. If not, it will attempt to allocate a larger
98 * buffer and copy old+new into it, and free the old buffer.
99 */
100 static isc_result_t
104 isc_region_t r;
106 isc_result_t result;
126 }
128 /*%
129 * Sign.
130 */
131 static isc_result_t
134 isc_region_t message;
140 /*
141 * Convert the data we wish to sign into a structure gssapi can
142 * understand.
143 */
147 /*
148 * Generate the signature.
149 */
153 /*
154 * If it did not complete, we log the result and return a generic
155 * failure code.
156 */
161 }
163 /*
164 * If it will not fit in our allocated buffer, return that we need
165 * more space.
166 */
170 }
172 /*
173 * Copy the output into our buffer space, and release the gssapi
174 * allocated space.
175 */
181 }
183 /*%
184 * Verify.
185 */
186 static isc_result_t
196 /*
197 * Convert the data we wish to sign into a structure gssapi can
198 * understand.
199 */
203 /*
204 * XXXMLG
205 * It seem that gss_verify_mic() modifies the signature buffer,
206 * at least on Heimdal's implementation. Copy it here to an allocated
207 * buffer.
208 */
217 /*
218 * Verify the data.
219 */
224 /*
225 * Convert return codes into something useful to us.
226 */
240 else
242 }
245 }
247 static isc_boolean_t
252 /* No idea */
254 }
256 static isc_result_t
261 /* No idea */
263 }
265 static isc_boolean_t
269 }
271 static void
276 }
279 gssapi_create_signverify_ctx,
280 gssapi_destroy_signverify_ctx,
281 gssapi_adddata,
282 gssapi_sign,
283 gssapi_verify,
285 gssapi_compare,
287 gssapi_generate,
288 gssapi_isprivate,
289 gssapi_destroy,
294 NULL /*%< cleanup */
295 };
297 isc_result_t
303 }
305 #else
307 #endif
309 /*! \file */