X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=src%2Fsessions.c;h=20679f9b10d76ac649a1ce82dfe0c44735dda29a;hb=c01b7aa059ea8ff9b82407615571962a58839bd8;hp=f90857c47252593ed391462580fc003d33fb8bc9;hpb=8cabd1e6ac6c300f7e603cd61f1a8a7a7da7fb8f;p=mod_auth_gssapi.git diff --git a/src/sessions.c b/src/sessions.c index f90857c..20679f9 100644 --- a/src/sessions.c +++ b/src/sessions.c @@ -176,6 +176,11 @@ void mag_check_session(request_rec *req, gsessdata->gssname.size); if (!mc->gss_name) goto done; + mc->basic_hash.length = gsessdata->basichash.size; + mc->basic_hash.value = apr_palloc(mc->parent, mc->basic_hash.length); + memcpy(mc->basic_hash.value, + gsessdata->basichash.buf, gsessdata->basichash.size); + /* OK we have a valid token */ mc->established = true; @@ -222,6 +227,10 @@ void mag_attempt_session(request_rec *req, goto done; if (OCTET_STRING_fromString(&gsessdata.gssname, mc->gss_name) != 0) goto done; + if (OCTET_STRING_fromBuf(&gsessdata.basichash, + (const char *)mc->basic_hash.value, + mc->basic_hash.length) != 0) + goto done; ret = encode_GSSSessionData(req->pool, &gsessdata, &plainbuf.value, &plainbuf.length); if (ret == false) { @@ -255,3 +264,77 @@ done: ASN_STRUCT_FREE_CONTENTS_ONLY(asn_DEF_GSSSessionData, &gsessdata); } +static int mag_basic_hmac(struct seal_key *key, unsigned char *mac, + gss_buffer_desc user, gss_buffer_desc pwd) +{ + struct databuf hmacbuf = { mac, 0 }; + int data_size = user.length + pwd.length + 1; + unsigned char data[data_size]; + struct databuf databuf = { data, data_size }; + + memcpy(data, user.value, user.length); + data[user.length] = '\0'; + memcpy(&data[user.length + 1], pwd.value, pwd.length); + + return HMAC_BUFFER(key, &databuf, &hmacbuf); +} + +static int mag_get_mac_size(struct mag_config *cfg) +{ + apr_status_t rc; + + if (!cfg->mag_skey) { + ap_log_perror(APLOG_MARK, APLOG_INFO, 0, cfg->pool, + "Session key not available, generating new one."); + rc = SEAL_KEY_CREATE(cfg->pool, &cfg->mag_skey, NULL); + if (rc != OK) { + ap_log_perror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, cfg->pool, + "Failed to create sealing key!"); + return 0; + } + } + + return get_mac_size(cfg->mag_skey); +} + +bool mag_basic_check(struct mag_config *cfg, struct mag_conn *mc, + gss_buffer_desc user, gss_buffer_desc pwd) +{ + int mac_size = mag_get_mac_size(cfg); + unsigned char mac[mac_size]; + int ret, i, j; + bool res = false; + + if (mac_size == 0) return false; + if (mc->basic_hash.value == NULL) return false; + + ret = mag_basic_hmac(cfg->mag_skey, mac, user, pwd); + if (ret != 0) goto done; + + for (i = 0, j = 0; i < mac_size; i++) { + if (mc->basic_hash.value[i] != mac[i]) j++; + } + if (j == 0) res = true; + +done: + if (res == false) { + mc->basic_hash.value = NULL; + mc->basic_hash.length = 0; + } + return res; +} + +void mag_basic_cache(struct mag_config *cfg, struct mag_conn *mc, + gss_buffer_desc user, gss_buffer_desc pwd) +{ + int mac_size = mag_get_mac_size(cfg); + unsigned char mac[mac_size]; + int ret; + + ret = mag_basic_hmac(cfg->mag_skey, mac, user, pwd); + if (ret != 0) return; + + mc->basic_hash.length = mac_size; + mc->basic_hash.value = apr_palloc(mc->parent, mac_size); + memcpy(mc->basic_hash.value, mac, mac_size); +}