コード例 #1
0
ファイル: uams_gss.c プロジェクト: NTmatter/Netatalk
static int do_gss_auth(void *obj,
                       char *ibuf, size_t ibuflen,
                       char *rbuf, int *rbuflen,
                       char *username, size_t ulen,
                       struct session_info *sinfo )
{
    OM_uint32 status = 0;
    gss_name_t client_name;
    gss_ctx_id_t context = GSS_C_NO_CONTEXT;
    gss_buffer_desc ticket_buffer, authenticator_buff;
    int ret = 0;

    /*
     * Try to accept the secondary context, using the ticket/token the
     * client sent us. Ticket is stored at current ibuf position.
     * Don't try to release ticket_buffer later, it points into ibuf!
     */
    ticket_buffer.length = ibuflen;
    ticket_buffer.value = ibuf;

    if ((ret = accept_sec_context(&context,
                                  &ticket_buffer,
                                  &client_name,
                                  &authenticator_buff)))
        return ret;
    log_service_name(context);

    /* We succesfully acquired the secondary context, now get the
       username for afpd and gss_wrap the sessionkey */
    if ((ret = get_client_username(username, ulen, &client_name)))
        goto cleanup_client_name;

    if ((ret = wrap_sessionkey(context, sinfo)))
        goto cleanup_client_name;

    /* Authenticated, construct the reply using:
     * authenticator length (uint16_t)
     * authenticator
     */
    /* copy the authenticator length into the reply buffer */
    uint16_t auth_len = htons(authenticator_buff.length);
    memcpy(rbuf, &auth_len, sizeof(auth_len));
    *rbuflen += sizeof(auth_len);
    rbuf += sizeof(auth_len);

    /* copy the authenticator value into the reply buffer */
    memcpy(rbuf, authenticator_buff.value, authenticator_buff.length);
    *rbuflen += authenticator_buff.length;

cleanup_client_name:
    gss_release_name(&status, &client_name);

cleanup_context:
    gss_release_buffer(&status, &authenticator_buff);
    gss_delete_sec_context(&status, &context, NULL);

    return ret;
}
コード例 #2
0
ファイル: uams_gss.c プロジェクト: SaM-Solutions/netatalk
/* return 0 on success */
static int do_gss_auth(void *obj, char *ibuf, int ticket_len,
                       char *rbuf, int *rbuflen, char *username, int ulen,
                       struct session_info *sinfo )
{
    OM_uint32 status = 0;
    gss_name_t server_name, client_name;
    gss_cred_id_t server_creds;
    gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
    gss_buffer_desc ticket_buffer, authenticator_buff;
    int ret = 0;

    /* import our principal name from afpd */
    if (get_afpd_principal(obj, &server_name) != 0) {
        return 1;
    }
    log_principal(server_name);

    /* Now we have to acquire our credentials */
    if ((ret = acquire_credentials (&server_name, &server_creds)))
        goto cleanup_vars;

    /*
     * Try to accept the secondary context, using the ticket/token the
     * client sent us. Ticket is stored at current ibuf position.
     * Don't try to release ticket_buffer later, it points into ibuf!
     */
    ticket_buffer.length = ticket_len;
    ticket_buffer.value = ibuf;

    ret = accept_sec_context (&context_handle, server_creds, &ticket_buffer,
                              &client_name, &authenticator_buff);

    if (!ret) {
        /* We succesfully acquired the secondary context, now get the
           username for afpd and gss_wrap the sessionkey */
        if ( 0 == (ret = get_client_username(username, ulen, &client_name)) ) {
            ret = wrap_sessionkey(context_handle, sinfo);
        }

        if (!ret) {
            /* FIXME: Is copying the authenticator really necessary?
               Where is this documented? */
            u_int16_t auth_len = htons( authenticator_buff.length );

            /* copy the authenticator length into the reply buffer */
            memcpy( rbuf, &auth_len, sizeof(auth_len) );
            *rbuflen += sizeof(auth_len);
            rbuf += sizeof(auth_len);

            /* copy the authenticator value into the reply buffer */
            memcpy( rbuf, authenticator_buff.value, authenticator_buff.length );
            *rbuflen += authenticator_buff.length;
        }

        /* Clean up after ourselves */
        gss_release_name( &status, &client_name );
        if ( authenticator_buff.value)
            gss_release_buffer( &status, &authenticator_buff );

        gss_delete_sec_context( &status, &context_handle, NULL );
    }
    gss_release_cred( &status, &server_creds );

cleanup_vars:
    gss_release_name( &status, &server_name );

    return ret;
}