void checkChain(IOBuf* buf, boost::mt19937& gen) {
IOBuf *current = buf;
do {
checkBuf(current->data(), current->length(), gen);
current = current->next();
} while (current != buf);
}
void IOBufQueue::clear() {
if (!head_) {
return;
}
IOBuf* buf = head_.get();
do {
buf->clear();
buf = buf->next();
} while (buf != head_.get());
chainLength_ = 0;
}
/**
* Some utility functions.
*/
unique_ptr<folly::IOBuf> KerberosSASLHandshakeUtils::wrapMessage(
gss_ctx_id_t context,
unique_ptr<folly::IOBuf>&& buf) {
#ifdef GSSAPI_EXT_H_
uint64_t numElements = buf->countChainElements();
// Allocate iov vector with header | data blocks ... | padding | trailer
std::vector<gss_iov_buffer_desc> iov(numElements + 3);
uint64_t headerIdx = 0;
uint64_t paddingIdx = numElements + 1;
uint64_t trailerIdx = numElements + 2;
iov[headerIdx].type = GSS_IOV_BUFFER_TYPE_HEADER;
uint64_t count = 1;
IOBuf *current = buf.get();
do {
iov[count].type = GSS_IOV_BUFFER_TYPE_DATA;
iov[count].buffer.value = (void *)current->writableData();
iov[count].buffer.length = current->length();
count++;
current = current->next();
} while (current != buf.get());
iov[paddingIdx].type = GSS_IOV_BUFFER_TYPE_PADDING;
iov[trailerIdx].type = GSS_IOV_BUFFER_TYPE_TRAILER;
// Compute required header / padding / trailer lengths
OM_uint32 maj_stat, min_stat;
maj_stat = gss_wrap_iov_length(
&min_stat,
context,
1,
GSS_C_QOP_DEFAULT,
nullptr,
&iov[0],
iov.size());
if (maj_stat != GSS_S_COMPLETE) {
KerberosSASLHandshakeUtils::throwGSSException(
"Error constructing iov chain", maj_stat, min_stat);
}
// Allocate the additional buffers
std::unique_ptr<IOBuf> header = IOBuf::create(
iov[headerIdx].buffer.length);
header->append(iov[headerIdx].buffer.length);
std::unique_ptr<IOBuf> padding = IOBuf::create(
iov[paddingIdx].buffer.length);
padding->append(iov[paddingIdx].buffer.length);
std::unique_ptr<IOBuf> trailer = IOBuf::create(
iov[trailerIdx].buffer.length);
trailer->append(iov[trailerIdx].buffer.length);
iov[headerIdx].buffer.value = (void *)header->writableData();
iov[paddingIdx].buffer.value = (void *)padding->writableData();
iov[trailerIdx].buffer.value = (void *)trailer->writableData();
// Link all the buffers in a chain
header->prependChain(std::move(buf));
header->prependChain(std::move(padding));
header->prependChain(std::move(trailer));
// Encrypt in place
maj_stat = gss_wrap_iov(
&min_stat,
context,
1, // conf and integrity requested
GSS_C_QOP_DEFAULT,
nullptr,
&iov[0],
iov.size()
);
if (maj_stat != GSS_S_COMPLETE) {
KerberosSASLHandshakeUtils::throwGSSException(
"Error wrapping message", maj_stat, min_stat);
}
return header;
#else
// Don't bother with getting things working on an older platform.
// Things should never reach this point anyway, because security will
// be disabled at a higher level.
throw TKerberosException(
"Linking against older version of krb5 without support for security.");
return std::move(buf);
#endif
}
