/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
EncTicketPart enc_part;
AuthorizationData authData = { 0 };
krb5_crypto krbCrypto = NULL;
- unsigned char *buf = NULL;
- size_t buf_size, len;
+ krb5_data ticketData = { 0 };
+ krb5_data encPartData = { 0 };
+ size_t len;
#else
krb5_ticket ticket;
krb5_enc_tkt_part enc_part;
+ krb5_data *ticketData = NULL;
#endif
- krb5_data *ticketData = NULL, credsData = { 0 };
+ krb5_data credsData = { 0 };
krb5_creds creds = { 0 };
krb5_auth_context authContext = NULL;
GSSEAP_KRB_INIT(&krbContext);
code = getAcceptorKey(krbContext, ctx, cred, &server, &acceptorKey);
- if (code == KRB5_KT_NOTFOUND) {
+ if (code != 0) {
*minor = code;
return GSS_S_UNAVAILABLE;
- } else if (code != 0)
- goto cleanup;
-
-#ifdef HAVE_HEIMDAL_VERSION
- ticket.realm = server->realm;
- ticket.sname = server->name;
-#else
- ticket.server = server;
-#endif
+ }
/*
* Generate a random session key to place in the ticket and
* sign the "KDC-Issued" authorization data element.
*/
- code = krb5_c_make_random_key(krbContext, ctx->encryptionType,
- &session);
+#ifdef HAVE_HEIMDAL_VERSION
+ ticket.realm = server->realm;
+ ticket.sname = server->name;
+
+ code = krb5_generate_random_keyblock(krbContext, ctx->encryptionType,
+ &session);
if (code != 0)
goto cleanup;
-#ifdef HAVE_HEIMDAL_VERSION
enc_part.flags.initial = 1;
enc_part.key = session;
enc_part.crealm = ctx->initiatorName->krbPrincipal->realm;
if (GSS_ERROR(major))
goto cleanup;
- ASN1_MALLOC_ENCODE(EncTicketPart, buf, buf_size, &enc_part, &len, code);
+ ASN1_MALLOC_ENCODE(EncTicketPart, encPartData.data, encPartData.length,
+ &enc_part, &len, code);
if (code != 0)
goto cleanup;
code = krb5_encrypt_EncryptedData(krbContext,
krbCrypto,
KRB5_KU_TICKET,
- buf,
- len,
+ encPartData.data,
+ encPartData.length,
0,
&ticket.enc_part);
if (code != 0)
goto cleanup;
- GSSEAP_FREE(buf);
- buf = NULL;
-
- ASN1_MALLOC_ENCODE(Ticket, buf, buf_size, &ticket, &len, code);
+ ASN1_MALLOC_ENCODE(Ticket, ticketData.data, ticketData.length,
+ &ticket, &len, code);
if (code != 0)
goto cleanup;
#else
+ ticket.server = server;
+
+ code = krb5_c_make_random_key(krbContext, ctx->encryptionType,
+ &session);
+ if (code != 0)
+ goto cleanup;
+
enc_part.flags = TKT_FLG_INITIAL;
enc_part.session = &session;
enc_part.client = ctx->initiatorName->krbPrincipal;
creds.times.endtime = enc_part.endtime;
creds.times.renew_till = 0;
creds.flags.b = enc_part.flags;
- creds.ticket = *ticketData;
+ creds.ticket = ticketData;
creds.authdata = authData;
#else
creds.keyblock = session;
#ifdef HAVE_HEIMDAL_VERSION
if (krbCrypto != NULL)
krb5_crypto_destroy(krbContext, krbCrypto);
- if (buf != NULL)
- GSSEAP_FREE(buf);
free_AuthorizationData(&authData);
free_EncryptedData(&ticket.enc_part);
+ krb5_data_free(&ticketData);
+ krb5_data_free(&encPartData);
#else
krb5_free_authdata(krbContext, enc_part.authorization_data);
if (ticket.enc_part.ciphertext.data != NULL)
GSSEAP_FREE(ticket.enc_part.ciphertext.data);
+ krb5_free_data(krbContext, ticketData);
#endif
krb5_free_keyblock_contents(krbContext, &session);
krb5_free_principal(krbContext, server);
krb5_free_keyblock_contents(krbContext, &acceptorKey);
- krb5_free_data(krbContext, ticketData);
krb5_auth_con_free(krbContext, authContext);
if (major == GSS_S_COMPLETE) {
}
static int
-isTicketGrantingServiceP(krb5_context krbContext,
+isTicketGrantingServiceP(krb5_context krbContext GSSEAP_UNUSED,
krb5_const_principal principal)
{
if (KRB_PRINC_LENGTH(principal) == 2 &&
*/
static OM_uint32
defrostAttrContext(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
gss_ctx_id_t glueContext,
+#else
gss_name_t glueName,
+#endif
gss_name_t mechName)
{
OM_uint32 major, tmpMinor;
*/
OM_uint32
gssEapGlueToMechName(OM_uint32 *minor,
- gss_ctx_id_t glueContext,
+ gss_ctx_id_t ctx,
gss_name_t glueName,
gss_name_t *pMechName)
{
goto cleanup;
major = gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
- pMechName);
+ ctx->mechanismUsed, pMechName);
if (GSS_ERROR(major))
goto cleanup;
- major = defrostAttrContext(minor, glueContext, glueName, *pMechName);
+ major = defrostAttrContext(minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ ctx->reauthCtx,
+#else
+ glueName,
+#endif
+ *pMechName);
if (GSS_ERROR(major))
goto cleanup;
*/
OM_uint32
gssEapReauthComplete(OM_uint32 *minor,
- gss_ctx_id_t ctx,
- gss_cred_id_t cred,
- const gss_OID mech,
- OM_uint32 timeRec)
+ gss_ctx_id_t ctx,
+ gss_cred_id_t cred GSSEAP_UNUSED,
+ const gss_OID mech,
+ OM_uint32 timeRec)
{
OM_uint32 major, tmpMinor;
gss_buffer_set_t keyData = GSS_C_NO_BUFFER_SET;
/* Get the raw subsession key and encryption type */
#ifdef HAVE_HEIMDAL_VERSION
#define KRB_GSS_SUBKEY_COUNT 1 /* encoded session key */
- major = gssInquireSecContextByOid(minor, ctx->kerberosCtx,
+ major = gssInquireSecContextByOid(minor, ctx->reauthCtx,
GSS_KRB5_GET_SUBKEY_X, &keyData);
#else
#define KRB_GSS_SUBKEY_COUNT 2 /* raw session key, enctype OID */
- major = gssInquireSecContextByOid(minor, ctx->kerberosCtx,
+ major = gssInquireSecContextByOid(minor, ctx->reauthCtx,
GSS_C_INQ_SSPI_SESSION_KEY, &keyData);
#endif
if (GSS_ERROR(major))
NEXT_SYMBOL(gssDisplayNameNext, "gss_display_name");
NEXT_SYMBOL(gssImportNameNext, "gss_import_name");
NEXT_SYMBOL(gssStoreCredNext, "gss_store_cred");
+#ifndef HAVE_HEIMDAL_VERSION
NEXT_SYMBOL(gssGetNameAttributeNext, "gss_get_name_attribute");
+#endif
return major;
}