| blob | 1529ab1137fed1a9dbf85a062a7358329bf26433 |
1 /*-
2 * Copyright (c) 2005 Doug Rabson
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: src/lib/libgssapi/gss_accept_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $
27 */
31 static OM_uint32
33 {
38 /*
39 * Token must start with [APPLICATION 0] SEQUENCE.
40 * But if it doesn't assume it is DCE-STYLE Kerberos!
41 */
45 p++;
46 len--;
48 /*
49 * Decode the length and make sure it agrees with the
50 * token length.
51 */
56 p++;
57 len--;
60 p++;
61 len--;
67 p++;
68 len--;
69 b--;
70 }
71 }
75 /*
76 * Decode the OID for the mechanism. Simplify life by
77 * assuming that the OID length is less than 128 bytes.
78 */
89 }
98 static OM_uint32
100 {
101 OM_uint32 status;
103 /*
104 * First try to parse the gssapi token header and see if it's a
105 * correct header, use that in the first hand.
106 */
112 /*
113 * Lets guess what mech is really is, callback function to mech ??
114 */
118 {
123 {
124 /* Could be a raw AP-REQ (check for APPLICATION tag) */
128 /*
129 * There is the a wierd mode of SPNEGO (in CIFS and
130 * SASL GSS-SPENGO where the first token is zero
131 * length and the acceptor returns a mech_list, lets
132 * hope that is what is happening now.
133 *
134 * http://msdn.microsoft.com/en-us/library/cc213114.aspx
135 * "NegTokenInit2 Variation for Server-Initiation"
136 */
139 }
141 }
151 gss_buffer_t output_token,
155 {
157 gssapi_mech_interface m;
162 gss_name_t src_mn;
179 /*
180 * If this is the first call (*context_handle is NULL), we must
181 * parse the input token to figure out the mechanism to use.
182 */
184 gss_OID_desc mech_oid;
190 /*
191 * Now that we have a mechanism, we can find the
192 * implementation.
193 */
198 }
204 }
208 }
217 }
221 }
227 acceptor_mc,
228 input_token,
229 input_chan_bindings,
232 output_token,
234 time_rec,
238 {
242 }
248 /*
249 * Make a new name and mark it as an MN.
250 */
257 }
261 }
269 /*
270 * If the returned mech_type is not the same
271 * as the mech, assume its pseudo mech type
272 * and the returned type is already a
273 * mech-glue object
274 */
286 }
294 }
301 }
302 }
307 }