"Fossies" - the Fresh Open Source Software Archive

Member "spnegohelp/spnegohelp.c" (10 Apr 2005, 6298 Bytes) of package /linux/www/apache_httpd_modules/old/modgssapache-0.0.5.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 /* -----------------------------------------------------------------------------
    2  * spnegohelp.c defines RFC 2478 SPNEGO GSS-API mechanism APIs.
    3  *
    4  * Author: Frank Balluffi
    5  *
    6  * Copyright (C) 2002-2003 All rights reserved.
    7  * -----------------------------------------------------------------------------
    8  */
    9 
   10 #include "spnegohelp.h"
   11 #include "spnego.h"
   12 
   13 #include <stdlib.h>
   14 
   15 int makeNegTokenTarg (const unsigned char *  kerberosToken,
   16                       size_t                 kerberosTokenLength,
   17                       const unsigned char ** negTokenTarg,
   18                       size_t *               negTokenTargLength)
   19 {
   20     SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;
   21     int                 rc1          = 1;
   22     int                 rc2          = SPNEGO_E_SUCCESS;
   23 
   24     /* Check arguments. */
   25 
   26     if (!kerberosToken ||
   27         !negTokenTarg  ||
   28         !negTokenTargLength)
   29         return 10;
   30 
   31     /* Does IIS reply with 1.2.840.48018.1.2.2 or 1.2.840.113554.1.2.2? */
   32 
   33     /* Does IIS always reply with accept_completed? */
   34 
   35     /* IIS does not include a MIC. */
   36 
   37     rc2 = spnegoCreateNegTokenTarg (spnego_mech_oid_Kerberos_V5_Legacy,
   38                                     spnego_negresult_success,
   39                                     (unsigned char *) kerberosToken,
   40                                     kerberosTokenLength,
   41                                     NULL,
   42                                     0,
   43                                     &hSpnegoToken);
   44 
   45     if (rc2 != SPNEGO_E_SUCCESS)
   46     {
   47         rc1 = abs(rc2)+100;
   48         goto cleanup;
   49     }
   50 
   51     /* Get NegTokenTarg length. */
   52 
   53     rc2 = spnegoTokenGetBinary (hSpnegoToken,
   54                                 NULL,
   55                                 (unsigned long*) negTokenTargLength);
   56 
   57     if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL)
   58     {
   59         rc1 = abs(rc2)+200;
   60         goto cleanup;
   61     }
   62 
   63     *negTokenTarg = malloc (*negTokenTargLength);
   64 
   65     if (!*negTokenTarg)
   66     {
   67         rc1 = abs(rc2)+300;
   68         goto cleanup;
   69     }
   70 
   71     /* Get NegTokenTarg data. */
   72 
   73     rc2 = spnegoTokenGetBinary (hSpnegoToken,
   74                               (unsigned char *) *negTokenTarg,
   75                               (unsigned long*) negTokenTargLength);
   76 
   77 
   78     if (rc2 != SPNEGO_E_SUCCESS)
   79     {
   80         rc1 = abs(rc2)+400;
   81         goto error;
   82     }
   83 
   84     rc1 = 0;
   85 
   86     goto cleanup;
   87 
   88 error:
   89 
   90     if (*negTokenTarg)
   91     {
   92         free ((unsigned char *) *negTokenTarg);
   93         *negTokenTarg = NULL;
   94         *negTokenTargLength = 0;
   95     }
   96 
   97 cleanup:
   98 
   99     if (hSpnegoToken)
  100         spnegoFreeData (hSpnegoToken);
  101 
  102     LOG(("makeNegTokenTarg returned %d\n",rc1));
  103     return rc1;
  104 }
  105 
  106 int parseNegTokenInit (const unsigned char *  negTokenInit,
  107                        size_t                 negTokenInitLength,
  108                        const unsigned char ** kerberosToken,
  109                        size_t *               kerberosTokenLength)
  110 {
  111     SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;
  112     int                 index        = -1;
  113     int                 rc1          = 1;
  114     int                 rc2          = SPNEGO_E_SUCCESS;
  115     unsigned char       reqFlags     = 0;
  116     int                 tokenType    = 0;
  117 
  118     /* Check arguments. */
  119 
  120     if (!negTokenInit  ||
  121         !kerberosToken ||
  122         !kerberosTokenLength)
  123         return 10;
  124 
  125     /* Decode SPNEGO token. */
  126 
  127     rc2 = spnegoInitFromBinary ((unsigned char *) negTokenInit,
  128                                 negTokenInitLength,
  129                                 &hSpnegoToken);
  130 
  131     if (rc2 != SPNEGO_E_SUCCESS)
  132     {
  133         rc1 = abs(rc2)+100;
  134         goto cleanup;
  135     }
  136 
  137     /* Check for negTokenInit choice. */
  138 
  139     rc2 = spnegoGetTokenType (hSpnegoToken,
  140                               &tokenType);
  141 
  142     if (rc2 != SPNEGO_E_SUCCESS)
  143     {
  144         rc1 = abs(rc2)+200;
  145         goto cleanup;
  146     }
  147 
  148     if (tokenType != SPNEGO_TOKEN_INIT)
  149     {
  150         rc1 = abs(rc2)+300;
  151         goto cleanup;
  152     }
  153 
  154    /*
  155     Check that first mechType is 1.2.840.113554.1.2.2 or 1.2.840.48018.1.2.2.
  156     */
  157 
  158    /*
  159     IE seems to reply with 1.2.840.48018.1.2.2 and then 1.2.840.113554.1.2.2.
  160     */
  161 
  162     rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,
  163                                      spnego_mech_oid_Kerberos_V5_Legacy,
  164                                      &index);
  165 
  166     if (rc2 != SPNEGO_E_SUCCESS ||
  167         index != 0)
  168     {
  169         rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,
  170                                          spnego_mech_oid_Kerberos_V5,
  171                                          &index);
  172 
  173         if (rc2 != SPNEGO_E_SUCCESS ||
  174             index != 0)
  175         {
  176             rc1 = abs(rc2)+400;
  177             goto cleanup;
  178         }
  179     }
  180 
  181     /* Check for no reqFlags. */
  182 
  183     /* Does IE ever send reqFlags? */
  184 
  185     rc2 = spnegoGetContextFlags (hSpnegoToken,
  186                                  &reqFlags);
  187 
  188     if (rc2 == SPNEGO_E_SUCCESS)
  189     {
  190         rc1 = abs(rc2)+500;
  191         goto cleanup;
  192     }
  193 
  194     /* Get mechanism token length. */
  195 
  196     rc2 = spnegoGetMechToken (hSpnegoToken,
  197                               NULL,
  198                               (unsigned long*) kerberosTokenLength);
  199 
  200     if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL)
  201     {
  202         rc1 = abs(rc2)+600;
  203         goto cleanup;
  204     }
  205 
  206     *kerberosToken = malloc (*kerberosTokenLength);
  207 
  208     if (!*kerberosToken)
  209     {
  210         rc1 = abs(rc2)+700;
  211         goto cleanup;
  212     }
  213 
  214     /* Get mechanism token data. */
  215 
  216     rc2 = spnegoGetMechToken (hSpnegoToken,
  217                               (unsigned char *) *kerberosToken,
  218                               (unsigned long*) kerberosTokenLength);
  219 
  220     if (rc2 != SPNEGO_E_SUCCESS)
  221     {
  222         rc1 = abs(rc2)+800;
  223         goto error;
  224     }
  225 
  226     /* According to Microsoft, IE does not send a MIC. */
  227 
  228     rc1 = 0;
  229 
  230     goto cleanup;
  231 
  232 error:
  233 
  234     if (*kerberosToken)
  235     {
  236         free ((unsigned char *) *kerberosToken);
  237         *kerberosToken = NULL;
  238         *kerberosTokenLength = 0;
  239     }
  240 
  241 cleanup:
  242 
  243     if (hSpnegoToken)
  244         spnegoFreeData (hSpnegoToken);
  245 
  246     LOG(("parseNegTokenInit returned %d\n",rc1));
  247     return rc1;
  248 }