static void
test_ipc(const char *service)
{
heim_isemaphore s;
heim_idata req, rep;
heim_ipc ipc;
int ret;
ret = heim_ipc_init_context(service, &ipc);
if (ret)
errx(1, "heim_ipc_init_context: %d", ret);
req.length = 0;
req.data = NULL;
ret = heim_ipc_call(ipc, &req, &rep, NULL);
if (ret)
errx(1, "heim_ipc_call: %d", ret);
s = heim_ipc_semaphore_create(0);
if (s == NULL)
errx(1, "heim_ipc_semaphore_create");
ret = heim_ipc_async(ipc, &req, s, reply);
if (ret)
errx(1, "heim_ipc_async: %d", ret);
heim_ipc_semaphore_wait(s, HEIM_IPC_WAIT_FOREVER); /* wait for reply to complete the work */
heim_ipc_free_context(ipc);
}
static krb5_error_code
kcm_send_request(krb5_context context,
krb5_storage *request,
krb5_data *response_data)
{
krb5_error_code ret = 0;
krb5_data request_data;
HEIMDAL_MUTEX_lock(&kcm_mutex);
if (kcm_ipc == NULL)
ret = heim_ipc_init_context(kcm_ipc_name, &kcm_ipc);
HEIMDAL_MUTEX_unlock(&kcm_mutex);
if (ret)
return KRB5_CC_NOSUPP;
ret = krb5_storage_to_data(request, &request_data);
if (ret) {
krb5_clear_error_message(context);
return KRB5_CC_NOMEM;
}
ret = heim_ipc_call(kcm_ipc, &request_data, response_data, NULL);
krb5_data_free(&request_data);
if (ret) {
krb5_clear_error_message(context);
ret = KRB5_CC_NOSUPP;
}
return ret;
}
static void
kcm_init_ipc(void *ctx)
{
heim_ipc_init_context(kcm_ipc_name, &kcm_ipc);
}
static OM_uint32
pku2u_acceptor_start(OM_uint32 * minor_status,
gsskrb5_ctx ctx,
krb5_context context,
const gss_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
gss_OID * mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec,
gss_cred_id_t * delegated_cred_handle)
{
krb5_data indata, outdata;
krb5_error_code kret;
heim_ipc ictx;
OM_uint32 ret;
if (ctx->messages == NULL) {
ctx->messages = krb5_storage_emem();
if (ctx->messages == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
}
ret = _gsskrb5_decapsulate (minor_status,
input_token_buffer,
&indata,
"\x05\x01",
ctx->mech);
if (ret == GSS_S_DEFECTIVE_TOKEN) {
ctx->acceptor_state = gsskrb5_acceptor_start;
return GSS_S_COMPLETE;
} else if (ret != GSS_S_COMPLETE)
return ret;
krb5_storage_write(ctx->messages,
input_token_buffer->value,
input_token_buffer->length);
kret = heim_ipc_init_context("ANY:org.h5l.kdc", &ictx);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
}
ret = _gsskrb5_encapsulate(minor_status,
&outdata,
output_token,
"\x06\x00",
ctx->mech);
heim_ipc_free_data(&outdata);
if (ret != GSS_S_COMPLETE)
return ret;
krb5_storage_write(ctx->messages,
output_token->value,
output_token->length);
*minor_status = 0;
return GSS_S_FAILURE;
}
static OM_uint32
iakerb_acceptor_start(OM_uint32 * minor_status,
gsskrb5_ctx ctx,
krb5_context context,
const gss_cred_id_t acceptor_cred_handle,
const gss_buffer_t input_token_buffer,
const gss_channel_bindings_t input_chan_bindings,
gss_name_t * src_name,
gss_OID * mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec,
gss_cred_id_t * delegated_cred_handle)
{
krb5_data indata, outdata;
gss_buffer_desc idata;
krb5_error_code kret;
heim_ipc ictx;
OM_uint32 ret;
if (ctx->messages == NULL) {
ctx->messages = krb5_storage_emem();
if (ctx->messages == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
}
ret = _gsskrb5_iakerb_parse_header(minor_status, context, ctx, input_token_buffer, &indata);
if (ret == GSS_S_DEFECTIVE_TOKEN) {
ctx->acceptor_state = gsskrb5_acceptor_start;
return GSS_S_COMPLETE;
} else if (ret != GSS_S_COMPLETE)
return ret;
krb5_storage_write(ctx->messages,
input_token_buffer->value,
input_token_buffer->length);
idata.value = indata.data;
idata.length = indata.length;
heim_assert(ctx->iakerbrealm != NULL, "realm not set by decoder, non OPT value");
if (krb5_realm_is_lkdc(ctx->iakerbrealm)) {
kret = heim_ipc_init_context("ANY:org.h5l.kdc", &ictx);
if (kret) {
*minor_status = kret;
return GSS_S_FAILURE;
}
kret = heim_ipc_call(ictx, &indata, &outdata, NULL);
heim_ipc_free_context(ictx);
if (kret) {
_gsskrb5_error_token(minor_status, ctx->mech, context, kret,
NULL, NULL, output_token);
*minor_status = kret;
return GSS_S_FAILURE;
}
ret = _gsskrb5_iakerb_make_header(minor_status, context, ctx, ctx->iakerbrealm, &outdata, output_token);
heim_ipc_free_data(&outdata);
if (ret)
return ret;
} else {
/* XXX dont support non local realms right now */
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
krb5_storage_write(ctx->messages,
output_token->value,
output_token->length);
return GSS_S_CONTINUE_NEEDED;
}
