static isc_result_t
gssapi_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) {
OM_uint32 major, minor;
gss_buffer_desc gssbuffer;
size_t len;
char *buf;
isc_buffer_t b;
isc_region_t r;
isc_result_t result;
major = gss_export_sec_context(&minor, &key->keydata.gssctx,
&gssbuffer);
if (major != GSS_S_COMPLETE) {
fprintf(stderr, "gss_export_sec_context -> %d, %d\n",
major, minor);
return (ISC_R_FAILURE);
}
if (gssbuffer.length == 0U)
return (ISC_R_FAILURE);
len = ((gssbuffer.length + 2)/3) * 4;
buf = isc_mem_get(mctx, len);
if (buf == NULL) {
gss_release_buffer(&minor, &gssbuffer);
return (ISC_R_NOMEMORY);
}
isc_buffer_init(&b, buf, (unsigned int)len);
GBUFFER_TO_REGION(gssbuffer, r);
result = isc_base64_totext(&r, 0, "", &b);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
gss_release_buffer(&minor, &gssbuffer);
*buffer = buf;
*length = (int)len;
return (ISC_R_SUCCESS);
}
OM_uint32 gssi_export_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_buffer_t interprocess_token)
{
struct gpp_context_handle *ctx;
gss_buffer_desc output_token;
OM_uint32 maj, min;
GSSI_TRACE();
ctx = (struct gpp_context_handle *)context_handle;
if (!ctx) {
return GSS_S_CALL_INACCESSIBLE_READ;
}
/* for now we have support only for some specific known
* mechanisms for which we can export/import the context */
if (ctx->remote && !ctx->local) {
maj = gpp_remote_to_local_ctx(&min, &ctx->remote, &ctx->local);
if (maj != GSS_S_COMPLETE) {
*minor_status = gpp_map_error(min);
return maj;
}
}
maj = gss_export_sec_context(minor_status, &ctx->local,
interprocess_token);
if (maj == GSS_S_COMPLETE && ctx->remote) {
(void)gpm_delete_sec_context(&min, &ctx->remote, &output_token);
}
return maj;
}
uint32_t
sapgss_export_sec_context(
uint32_t *minor_status,
gss_ctx_id_t *context_handle,
gss_buffer_t interprocess_token)
{
return gss_export_sec_context(minor_status, context_handle,
interprocess_token);
}
OM_uint32
ntlm_gss_export_sec_context(
OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_buffer_t interprocess_token)
{
OM_uint32 ret;
ret = gss_export_sec_context(minor_status,
context_handle,
interprocess_token);
return (ret);
}
OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_sec_context (
OM_uint32 * minor_status,
gss_ctx_id_t * context_handle,
gss_buffer_t interprocess_token
)
{
gssspnego_ctx ctx;
OM_uint32 ret;
*minor_status = 0;
if (context_handle == NULL) {
return GSS_S_NO_CONTEXT;
}
ctx = (gssspnego_ctx)*context_handle;
if (ctx == NULL)
return GSS_S_NO_CONTEXT;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_NO_CONTEXT;
}
ret = gss_export_sec_context(minor_status,
&ctx->negotiated_ctx_id,
interprocess_token);
if (ret == GSS_S_COMPLETE) {
ret = _gss_spnego_internal_delete_sec_context(minor_status,
context_handle,
GSS_C_NO_BUFFER);
if (ret == GSS_S_COMPLETE)
return GSS_S_COMPLETE;
}
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return ret;
}
/*
* Yes, yes, this isn't the best place for doing this test.
* DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH.
* -TYT
*/
static int
test_import_export_context(gss_ctx_id_t *context)
{
OM_uint32 min_stat, maj_stat;
gss_buffer_desc context_token, copied_token;
struct timeval tm1, tm2;
/*
* Attempt to save and then restore the context.
*/
gettimeofday(&tm1, (struct timezone *) 0);
maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
if (maj_stat != GSS_S_COMPLETE) {
display_status("exporting context", maj_stat, min_stat);
return 1;
}
gettimeofday(&tm2, (struct timezone *) 0);
if (verbose && logfile)
fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
(int) context_token.length, timeval_subtract(&tm2, &tm1));
copied_token.length = context_token.length;
copied_token.value = malloc(context_token.length);
if (copied_token.value == 0) {
if (logfile)
fprintf(logfile,
"Couldn't allocate memory to copy context token.\n");
return 1;
}
memcpy(copied_token.value, context_token.value, copied_token.length);
maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
if (maj_stat != GSS_S_COMPLETE) {
display_status("importing context", maj_stat, min_stat);
return 1;
}
free(copied_token.value);
gettimeofday(&tm1, (struct timezone *) 0);
if (verbose && logfile)
fprintf(logfile, "Importing context: %7.4f seconds\n",
timeval_subtract(&tm1, &tm2));
(void) gss_release_buffer(&min_stat, &context_token);
return 0;
}
