X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_lucid.c;h=359058c1963acddec65ab11e7523fcf12a8fd967;hb=refs%2Fheads%2Fddf-name;hp=e8bc7c373f6801e3952d3e1068d61f2e7a7699c3;hpb=d6427867bbbd27a0e0d4747ae29ea7d165a490a8;p=moonshot.git diff --git a/mech_eap/util_lucid.c b/mech_eap/util_lucid.c index e8bc7c3..359058c 100644 --- a/mech_eap/util_lucid.c +++ b/mech_eap/util_lucid.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, JANET(UK) + * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -30,18 +30,102 @@ * SUCH DAMAGE. */ +/* + * "Lucid" security context export routine (called by MIT Kerberos mechanism). + */ + #include "gssapiP_eap.h" OM_uint32 gssEapExportLucidSecContext(OM_uint32 *minor, gss_ctx_id_t ctx, - const gss_OID desiredObject, + const gss_OID desiredObject GSSEAP_UNUSED, gss_buffer_set_t *data_set) { + OM_uint32 major = GSS_S_COMPLETE; + int haveAcceptorSubkey = + ((rfc4121Flags(ctx, 0) & TOK_FLAG_ACCEPTOR_SUBKEY) != 0); + gss_buffer_desc rep; +#ifdef HAVE_HEIMDAL_VERSION + krb5_error_code code; + krb5_storage *sp; + krb5_data data = { 0 }; + + sp = krb5_storage_emem(); + if (sp == NULL) { + code = ENOMEM; + goto cleanup; + } + + code = krb5_store_int32(sp, 1); /* version */ + if (code != 0) + goto cleanup; + + code = krb5_store_int32(sp, CTX_IS_INITIATOR(ctx)); + if (code != 0) + goto cleanup; + + code = krb5_store_int32(sp, ctx->expiryTime); + if (code != 0) + goto cleanup; + + code = krb5_store_int32(sp, 0); + if (code != 0) + goto cleanup; + + code = krb5_store_int32(sp, ctx->sendSeq); + if (code != 0) + goto cleanup; + + code = krb5_store_int32(sp, 0); + if (code != 0) + goto cleanup; + + code = krb5_store_int32(sp, ctx->recvSeq); + if (code != 0) + goto cleanup; + + code = krb5_store_int32(sp, 1); /* is_cfx */ + if (code != 0) + goto cleanup; + + code = krb5_store_int32(sp, haveAcceptorSubkey); + if (code != 0) + goto cleanup; + + code = krb5_store_keyblock(sp, ctx->rfc3961Key); + if (code != 0) + goto cleanup; + + if (haveAcceptorSubkey) { + code = krb5_store_keyblock(sp, ctx->rfc3961Key); + if (code != 0) + goto cleanup; + } + + code = krb5_storage_to_data(sp, &data); + if (code != 0) + goto cleanup; + + rep.length = data.length; + rep.value = data.data; + + major = gss_add_buffer_set_member(minor, &rep, data_set); + if (GSS_ERROR(major)) + goto cleanup; + +cleanup: + krb5_data_free(&data); + + if (major == GSS_S_COMPLETE) { + *minor = code; + major = (code != 0) ? GSS_S_FAILURE : GSS_S_COMPLETE; + } + + return major; +#else gss_krb5_lucid_context_v1_t *lctx; gss_krb5_lucid_key_t *lkey = NULL; - OM_uint32 major; - gss_buffer_desc rep; lctx = (gss_krb5_lucid_context_v1_t *)GSSEAP_CALLOC(1, sizeof(*lctx)); if (lctx == NULL) { @@ -56,9 +140,12 @@ gssEapExportLucidSecContext(OM_uint32 *minor, lctx->send_seq = ctx->sendSeq; lctx->recv_seq = ctx->recvSeq; lctx->protocol = 1; - lctx->cfx_kd.have_acceptor_subkey = 0; - lkey = &lctx->cfx_kd.ctx_key; + lctx->cfx_kd.have_acceptor_subkey = haveAcceptorSubkey; + + lkey = haveAcceptorSubkey + ? &lctx->cfx_kd.ctx_key + : &lctx->cfx_kd.acceptor_subkey; lkey->type = KRB_KEY_TYPE(&ctx->rfc3961Key); lkey->data = GSSEAP_MALLOC(KRB_KEY_LENGTH(&ctx->rfc3961Key)); @@ -89,4 +176,5 @@ cleanup: } return major; +#endif /* HAVE_HEIMDAL_VERSION */ }