Heimdal portability fixes (except for reauth)

[mech_eap.orig] / util_cksum.c

diff --git a/util_cksum.c b/util_cksum.c
index d2b0bd8..cbd531d 100644 (file)
--- a/util_cksum.c
+++ b/util_cksum.c
@@ -51,13 +51,21 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/*
+ * Message protection services: checksum helpers.
+ */
+
 #include "gssapiP_eap.h"
 
 static int
 gssEapChecksum(krb5_context context,
                krb5_cksumtype type,
                size_t rrc,
-               krb5_keyblock *key,
+#ifdef HAVE_HEIMDAL_VERSION
+               krb5_crypto crypto,
+#else
+               krb5_keyblock *crypto,
+#endif
                krb5_keyusage sign_usage,
                gss_iov_buffer_desc *iov,
                int iov_count,
@@ -70,13 +78,15 @@ gssEapChecksum(krb5_context context,
     krb5_crypto_iov *kiov;
     size_t kiov_count;
     int i = 0, j;
-    unsigned int k5_checksumlen;
+    size_t k5_checksumlen;
+#ifdef HAVE_HEIMDAL_VERSION
+    krb5_cksumtype cksumtype;
+#endif
 
     if (verify)
         *valid = FALSE;
 
-    code = krb5_c_crypto_length(context, KRB_KEYTYPE(key),
-                                KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen);
+    code = krbCryptoLength(context, crypto, KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen);
     if (code != 0)
         return code;
 
@@ -126,17 +136,28 @@ gssEapChecksum(krb5_context context,
     }
     i++;
 
+#ifdef HAVE_HEIMDAL_VERSION
+    if (verify) {
+        code = krb5_verify_checksum_iov(context, crypto, sign_usage,
+                                        kiov, kiov_count, &cksumtype);
+        *valid = (code == 0);
+    } else {
+        code = krb5_create_checksum_iov(context, crypto, sign_usage,
+                                        kiov, kiov_count, &cksumtype);
+    }
+#else
     if (verify) {
         krb5_boolean kvalid = FALSE;
 
-        code = krb5_c_verify_checksum_iov(context, type, key,
+        code = krb5_c_verify_checksum_iov(context, type, crypto,
                                           sign_usage, kiov, kiov_count, &kvalid);
 
         *valid = kvalid;
     } else {
-        code = krb5_c_make_checksum_iov(context, type, key,
+        code = krb5_c_make_checksum_iov(context, type, crypto,
                                         sign_usage, kiov, kiov_count);
     }
+#endif /* HAVE_HEIMDAL_VERSION */
 
     GSSEAP_FREE(kiov);
 
@@ -147,12 +168,16 @@ int
 gssEapSign(krb5_context context,
            krb5_cksumtype type,
            size_t rrc,
-           krb5_keyblock *key,
+#ifdef HAVE_HEIMDAL_VERSION
+           krb5_crypto crypto,
+#else
+           krb5_keyblock *crypto,
+#endif
            krb5_keyusage sign_usage,
            gss_iov_buffer_desc *iov,
            int iov_count)
 {
-    return gssEapChecksum(context, type, rrc, key,
+    return gssEapChecksum(context, type, rrc, crypto,
                           sign_usage, iov, iov_count, 0, NULL);
 }
 
@@ -160,12 +185,61 @@ int
 gssEapVerify(krb5_context context,
              krb5_cksumtype type,
              size_t rrc,
-             krb5_keyblock *key,
+#ifdef HAVE_HEIMDAL_VERSION
+             krb5_crypto crypto,
+#else
+             krb5_keyblock *crypto,
+#endif
              krb5_keyusage sign_usage,
              gss_iov_buffer_desc *iov,
              int iov_count,
              int *valid)
 {
-    return gssEapChecksum(context, type, rrc, key,
+    return gssEapChecksum(context, type, rrc, crypto,
                           sign_usage, iov, iov_count, 1, valid);
 }
+
+#if 0
+OM_uint32
+gssEapEncodeGssChannelBindings(OM_uint32 *minor,
+                               gss_channel_bindings_t chanBindings,
+                               gss_buffer_t encodedBindings)
+{
+    OM_uint32 major, tmpMinor;
+    size_t length;
+    unsigned char *p;
+
+    if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS) {
+        length = 24;
+        length += chanBindings->initiator_address.length;
+        length += chanBindings->acceptor_address.length;
+        length += chanBindings->application_data.length;
+
+        encodedBindings->value = GSSEAP_MALLOC(length);
+        if (encodedBindings->value == NULL) {
+            *minor = ENOMEM;
+            return GSS_S_FAILURE;
+        }
+
+        encodedBindings->length = length;
+        p = (unsigned char *)encodedBindings->value;
+
+        store_uint32_be(chanBindings->initiator_addrtype, p);
+        store_buffer(&chanBindings->initiator_address, p + 4, 0);
+        p += 4 + chanBindings->initiator_address.length;
+
+        store_uint32_be(chanBindings->acceptor_addrtype, p);
+        store_buffer(&chanBindings->acceptor_address, p + 4, 0);
+        p += 4 + chanBindings->acceptor_address.length;
+
+        store_buffer(&chanBindings->application_data, p, 1);
+        p += chanBindings->application_data.length;
+    } else {
+        encodedBindings->length = 0;
+        encodedBindings->value = NULL;
+    }
+
+    *minor = 0;
+    return GSS_S_COMPLETE;
+}
+#endif