static OM_uint32
gsskrb5_acceptor_ready(OM_uint32 * minor_status,
gsskrb5_ctx ctx,
krb5_context context,
gss_cred_id_t *delegated_cred_handle)
{
OM_uint32 ret;
int32_t seq_number;
int is_cfx = 0;
krb5_auth_con_getremoteseqnumber (context,
ctx->auth_context,
&seq_number);
_gsskrb5i_is_cfx(context, ctx, 1);
is_cfx = (ctx->more_flags & IS_CFX);
ret = _gssapi_msg_order_create(minor_status,
&ctx->gk5c.order,
_gssapi_msg_order_f(ctx->flags),
seq_number, 0, is_cfx);
if (ret)
return ret;
/*
* If requested, set local sequence num to remote sequence if this
* isn't a mutual authentication context
*/
if (!(ctx->flags & GSS_C_MUTUAL_FLAG) && _gssapi_msg_order_f(ctx->flags)) {
krb5_auth_con_setlocalseqnumber(context,
ctx->auth_context,
seq_number);
}
/*
* We should handle the delegation ticket, in case it's there
*/
if (ctx->fwd_data.length > 0 && (ctx->flags & GSS_C_DELEG_FLAG)) {
ret = gsskrb5_accept_delegated_token(minor_status,
ctx,
context,
delegated_cred_handle);
if (ret)
return ret;
} else {
/* Well, looks like it wasn't there after all */
ctx->flags &= ~GSS_C_DELEG_FLAG;
}
ctx->acceptor_state = step_acceptor_completed;
ctx->more_flags |= OPEN;
return GSS_S_COMPLETE;
}
static OM_uint32
gsskrb5_initiator_ready(
OM_uint32 * minor_status,
gsskrb5_ctx ctx)
{
OM_uint32 ret;
int32_t seq_number;
int is_cfx = 0;
OM_uint32 flags = ctx->flags;
krb5_auth_getremoteseqnumber (_gsskrb5_context,
ctx->auth_context,
&seq_number);
_gsskrb5i_is_cfx(ctx, &is_cfx);
ret = _gssapi_msg_order_create(minor_status,
&ctx->order,
_gssapi_msg_order_f(flags),
seq_number, 0, is_cfx);
if (ret) return ret;
ctx->state = INITIATOR_READY;
ctx->more_flags |= OPEN;
return GSS_S_COMPLETE;
}
OM_uint32
gss_import_sec_context (
OM_uint32 * minor_status,
const gss_buffer_t interprocess_token,
gss_ctx_id_t * context_handle
)
{
OM_uint32 ret = GSS_S_FAILURE;
krb5_error_code kret;
krb5_storage *sp;
krb5_auth_context ac;
krb5_address local, remote;
krb5_address *localp, *remotep;
krb5_data data;
gss_buffer_desc buffer;
krb5_keyblock keyblock;
int32_t tmp;
int32_t flags;
OM_uint32 minor;
int is_cfx = 0;
GSSAPI_KRB5_INIT ();
localp = remotep = NULL;
sp = krb5_storage_from_mem (interprocess_token->value,
interprocess_token->length);
if (sp == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
*context_handle = malloc(sizeof(**context_handle));
if (*context_handle == NULL) {
*minor_status = ENOMEM;
krb5_storage_free (sp);
return GSS_S_FAILURE;
}
memset (*context_handle, 0, sizeof(**context_handle));
HEIMDAL_MUTEX_init(&(*context_handle)->ctx_id_mutex);
kret = krb5_auth_con_init (gssapi_krb5_context,
&(*context_handle)->auth_context);
if (kret) {
gssapi_krb5_set_error_string ();
*minor_status = kret;
ret = GSS_S_FAILURE;
goto failure;
}
/* flags */
*minor_status = 0;
if (krb5_ret_int32 (sp, &flags) != 0)
goto failure;
/* retrieve the auth context */
ac = (*context_handle)->auth_context;
krb5_ret_int32 (sp, &ac->flags);
if (flags & SC_LOCAL_ADDRESS) {
if (krb5_ret_address (sp, localp = &local) != 0)
goto failure;
}
if (flags & SC_REMOTE_ADDRESS) {
if (krb5_ret_address (sp, remotep = &remote) != 0)
goto failure;
}
krb5_auth_con_setaddrs (gssapi_krb5_context, ac, localp, remotep);
if (localp)
krb5_free_address (gssapi_krb5_context, localp);
if (remotep)
krb5_free_address (gssapi_krb5_context, remotep);
localp = remotep = NULL;
if (krb5_ret_int16 (sp, &ac->local_port) != 0)
goto failure;
if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
goto failure;
if (flags & SC_KEYBLOCK) {
if (krb5_ret_keyblock (sp, &keyblock) != 0)
goto failure;
krb5_auth_con_setkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (flags & SC_LOCAL_SUBKEY) {
if (krb5_ret_keyblock (sp, &keyblock) != 0)
goto failure;
krb5_auth_con_setlocalsubkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (flags & SC_REMOTE_SUBKEY) {
if (krb5_ret_keyblock (sp, &keyblock) != 0)
goto failure;
krb5_auth_con_setremotesubkey (gssapi_krb5_context, ac, &keyblock);
krb5_free_keyblock_contents (gssapi_krb5_context, &keyblock);
}
if (krb5_ret_int32 (sp, &ac->local_seqnumber))
goto failure;
if (krb5_ret_int32 (sp, &ac->remote_seqnumber))
goto failure;
if (krb5_ret_int32 (sp, &tmp) != 0)
goto failure;
ac->keytype = tmp;
if (krb5_ret_int32 (sp, &tmp) != 0)
goto failure;
ac->cksumtype = tmp;
/* names */
if (krb5_ret_data (sp, &data))
goto failure;
buffer.value = data.data;
buffer.length = data.length;
ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
&(*context_handle)->source);
if (ret) {
ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
&(*context_handle)->source);
if (ret) {
krb5_data_free (&data);
goto failure;
}
}
krb5_data_free (&data);
if (krb5_ret_data (sp, &data) != 0)
goto failure;
buffer.value = data.data;
buffer.length = data.length;
ret = gss_import_name (minor_status, &buffer, GSS_C_NT_EXPORT_NAME,
&(*context_handle)->target);
if (ret) {
ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID,
&(*context_handle)->target);
if (ret) {
krb5_data_free (&data);
goto failure;
}
}
krb5_data_free (&data);
if (krb5_ret_int32 (sp, &tmp))
goto failure;
(*context_handle)->flags = tmp;
if (krb5_ret_int32 (sp, &tmp))
goto failure;
(*context_handle)->more_flags = tmp;
if (krb5_ret_int32 (sp, &tmp) == 0)
(*context_handle)->lifetime = tmp;
else
(*context_handle)->lifetime = GSS_C_INDEFINITE;
gsskrb5_is_cfx(*context_handle, &is_cfx);
ret = _gssapi_msg_order_create(minor_status,
&(*context_handle)->order,
_gssapi_msg_order_f((*context_handle)->flags),
0, 0, is_cfx);
if (ret)
goto failure;
krb5_storage_free (sp);
return GSS_S_COMPLETE;
failure:
krb5_auth_con_free (gssapi_krb5_context,
(*context_handle)->auth_context);
if ((*context_handle)->source != NULL)
gss_release_name(&minor, &(*context_handle)->source);
if ((*context_handle)->target != NULL)
gss_release_name(&minor, &(*context_handle)->target);
if (localp)
krb5_free_address (gssapi_krb5_context, localp);
if (remotep)
krb5_free_address (gssapi_krb5_context, remotep);
if((*context_handle)->order)
_gssapi_msg_order_destroy(&(*context_handle)->order);
HEIMDAL_MUTEX_destroy(&(*context_handle)->ctx_id_mutex);
krb5_storage_free (sp);
free (*context_handle);
*context_handle = GSS_C_NO_CONTEXT;
return ret;
}
