unsigned inlen,
gss_buffer_t token)
{
+ OM_uint32 major, minor;
char *p = (char *)in;
unsigned remain = inlen;
int ret;
if (ret != SASL_OK)
return ret;
- buf.length = remain;
- buf.value = p;
-
if (text->gs2_flags & GS2_NONSTD_FLAG) {
- token->value = text->utils->malloc(buf.length);
- if (token->value == NULL)
- return SASL_NOMEM;
-
- token->length = buf.length;
- memcpy(token->value, buf.value, buf.length);
+ buf.length = remain;
+ buf.value = p;
} else {
- unsigned int token_size;
+ gss_buffer_desc tmp;
+
+ tmp.length = remain;
+ tmp.value = p;
- /* create a properly formed GSS token */
- token_size = gs2_token_size(text->mechanism, buf.length);
- token->value = text->utils->malloc(token_size);
- if (token->value == NULL)
+ major = gss_encapsulate_token(&tmp, text->mechanism, &buf);
+ if (GSS_ERROR(major))
return SASL_NOMEM;
+ }
- token->length = token_size;
+ token->value = text->utils->malloc(buf.length);
+ if (token->value == NULL)
+ return SASL_NOMEM;
- p = (char *)token->value;
- gs2_make_token_header(text->mechanism, buf.length,
- (unsigned char **)&p);
- memcpy(p, buf.value, buf.length);
- }
+ token->length = buf.length;
+ memcpy(token->value, buf.value, buf.length);
+
+ if ((text->gs2_flags & GS2_NONSTD_FLAG) == 0)
+ gss_release_buffer(&minor, &buf);
return SASL_OK;
}
unsigned *outlen)
{
OM_uint32 major, minor;
- unsigned char *mech_token_data;
- size_t mech_token_size;
- char *p;
- unsigned header_len = 0;
int ret;
-
- mech_token_size = token->length;
- mech_token_data = (unsigned char *)token->value;
+ unsigned header_len = 0;
+ gss_buffer_desc decap_token = GSS_C_EMPTY_BUFFER;
if (initialContextToken) {
header_len = *outlen;
- major = gs2_verify_token_header(&minor, text->mechanism,
- &mech_token_size, &mech_token_data,
- token->length);
+ major = gss_decapsulate_token(token, text->mechanism, &decap_token);
if ((major == GSS_S_DEFECTIVE_TOKEN &&
(text->plug.client->features & SASL_FEAT_GSS_FRAMING)) ||
GSS_ERROR(major))
return SASL_FAIL;
+
+ token = &decap_token;
}
ret = _plug_buf_alloc(text->utils, out, outlen,
- header_len + mech_token_size);
+ header_len + token->length);
if (ret != 0)
return ret;
- p = *out + header_len;
- memcpy(p, mech_token_data, mech_token_size);
+ memcpy(*out + header_len, token->value, token->length);
+ *outlen = header_len + token->length;
- *outlen = header_len + mech_token_size;
+ if (initialContextToken)
+ gss_release_buffer(&minor, &decap_token);
return SASL_OK;
}
goto cleanup;
}
- assert(text->client_name == GSS_C_NO_NAME);
+ if (oparams->authid != NULL) {
+ name_buf.length = strlen(oparams->authid);
+ name_buf.value = (void *)oparams->authid;
- name_buf.length = strlen(oparams->authid);
- name_buf.value = (void *)oparams->authid;
+ assert(text->client_name == GSS_C_NO_NAME);
- maj_stat = gss_import_name(&min_stat,
- &name_buf,
- GSS_C_NT_USER_NAME,
- &text->client_name);
- if (GSS_ERROR(maj_stat))
- goto cleanup;
+ maj_stat = gss_import_name(&min_stat,
+ &name_buf,
+ GSS_C_NT_USER_NAME,
+ &text->client_name);
+ if (GSS_ERROR(maj_stat))
+ goto cleanup;
+ }
}
/*
if (GSS_ERROR(maj_stat))
goto cleanup;
+ assert(text->client_name == GSS_C_NO_NAME);
+
maj_stat = gss_inquire_cred(&min_stat,
params->gss_creds
? (gss_cred_id_t)params->gss_creds
if (GSS_ERROR(maj_stat))
goto cleanup;
- assert(text->client_name == GSS_C_NO_NAME);
-
maj_stat = gss_display_name(&min_stat,
text->client_name,
&cred_authid,
if (GSS_ERROR(maj_stat))
goto cleanup;
- result = params->canon_user(params->utils->conn,
- cred_authid.value, cred_authid.length,
- SASL_CU_AUTHID, oparams);
- if (result != SASL_OK)
- goto cleanup;
+ if (userid == NULL || userid[0] == '\0') {
+ result = params->canon_user(params->utils->conn,
+ cred_authid.value, cred_authid.length,
+ SASL_CU_AUTHID | SASL_CU_AUTHZID,
+ oparams);
+ } else {
+ result = params->canon_user(params->utils->conn,
+ cred_authid.value, cred_authid.length,
+ SASL_CU_AUTHID, oparams);
+ if (result != SASL_OK)
+ goto cleanup;
+
+ result = params->canon_user(params->utils->conn,
+ cred_authid.value, cred_authid.length,
+ SASL_CU_AUTHZID, oparams);
+ if (result != SASL_OK)
+ goto cleanup;
+ }
}
/*
projects / cyrus-sasl.git / blobdiff