2 * Copyright (c) 2011, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Portions Copyright 2003-2010 Massachusetts Institute of Technology.
34 * All Rights Reserved.
36 * Export of this software from the United States of America may
37 * require a specific license from the United States Government.
38 * It is the responsibility of any person or organization contemplating
39 * export to obtain such a license before exporting.
41 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
42 * distribute this software and its documentation for any purpose and
43 * without fee is hereby granted, provided that the above copyright
44 * notice appear in all copies and that both that copyright notice and
45 * this permission notice appear in supporting documentation, and that
46 * the name of M.I.T. not be used in advertising or publicity pertaining
47 * to distribution of the software without specific, written prior
48 * permission. Furthermore if you modify this software you must label
49 * your software as modified software and not distribute it in such a
50 * fashion that it might be confused with the original M.I.T. software.
51 * M.I.T. makes no representations about the suitability of
52 * this software for any purpose. It is provided "as is" without express
53 * or implied warranty.
64 #include <sys/param.h>
75 #define MIN(_a,_b) ((_a)<(_b)?(_a):(_b))
78 #if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
79 #define GSSEAP_UNUSED __attribute__ ((__unused__))
86 makeStringBuffer(OM_uint32 *minor,
91 bufferToString(OM_uint32 *minor,
92 const gss_buffer_t buffer,
96 duplicateBuffer(OM_uint32 *minor,
97 const gss_buffer_t src,
101 bufferEqual(const gss_buffer_t b1, const gss_buffer_t b2)
103 return (b1->length == b2->length &&
104 memcmp(b1->value, b2->value, b2->length) == 0);
108 bufferEqualString(const gss_buffer_t b1, const char *s)
112 b2.length = strlen(s);
113 b2.value = (char *)s;
115 return bufferEqual(b1, &b2);
120 gssEapSign(krb5_context context,
123 #ifdef HAVE_HEIMDAL_VERSION
128 krb5_keyusage sign_usage,
129 gss_iov_buffer_desc *iov,
133 gssEapVerify(krb5_context context,
136 #ifdef HAVE_HEIMDAL_VERSION
141 krb5_keyusage sign_usage,
142 gss_iov_buffer_desc *iov,
148 gssEapEncodeGssChannelBindings(OM_uint32 *minor,
149 gss_channel_bindings_t chanBindings,
150 gss_buffer_t encodedBindings);
154 #define EAP_EXPORT_CONTEXT_V1 1
156 enum gss_eap_token_type {
157 TOK_TYPE_NONE = 0x0000, /* no token */
158 TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
159 TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
160 TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
161 TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
162 TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
163 TOK_TYPE_INITIATOR_CONTEXT = 0x0601, /* initiator-sent context token */
164 TOK_TYPE_ACCEPTOR_CONTEXT = 0x0602, /* acceptor-sent context token */
167 struct gss_eap_itok_map {
168 OM_uint32 type; /* inner token type */
169 OM_uint32 flag; /* context flag */
172 /* inner token types and flags */
173 #define ITOK_TYPE_NONE 0x00000000
174 #define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */
175 #define ITOK_TYPE_ACCEPTOR_NAME_REQ 0x00000002 /* TBD */
176 #define ITOK_TYPE_ACCEPTOR_NAME_RESP 0x00000003 /* TBD */
177 #define ITOK_TYPE_EAP_RESP 0x00000004 /* critical, required, if not reauth */
178 #define ITOK_TYPE_EAP_REQ 0x00000005 /* critical, required, if not reauth */
179 #define ITOK_TYPE_GSS_CHANNEL_BINDINGS 0x00000006 /* optional */
180 #define ITOK_TYPE_REAUTH_CREDS 0x00000007 /* optional */
181 #define ITOK_TYPE_REAUTH_REQ 0x00000008 /* optional */
182 #define ITOK_TYPE_REAUTH_RESP 0x00000009 /* optional */
183 #define ITOK_TYPE_GSS_FLAGS 0x0000000A /* optional */
184 #define ITOK_TYPE_INITIATOR_MIC 0x0000000B /* required */
185 #define ITOK_TYPE_ACCEPTOR_MIC 0x0000000C /* required */
186 #define ITOK_TYPE_SUPPORTED_ACCEPTOR_EXTS 0x0000000D /* optional */
187 #define ITOK_TYPE_SUPPORTED_INITIATOR_EXTS 0x0000000E /* optional */
190 #define ITOK_TYPE_VERSION_INFO 0x00000080 /* optional */
191 #define ITOK_TYPE_VENDOR_INFO 0x00000081 /* optional */
193 #define ITOK_FLAG_CRITICAL 0x80000000 /* critical, wire flag */
194 #define ITOK_FLAG_VERIFIED 0x40000000 /* verified, API flag */
196 #define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED))
198 #define ITOK_HEADER_LENGTH 8 /* type || length */
200 #define GSSEAP_WIRE_FLAGS_MASK ( GSS_C_MUTUAL_FLAG )
202 OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
203 OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
206 gssEapContextTime(OM_uint32 *minor,
207 gss_ctx_id_t context_handle,
208 OM_uint32 *time_rec);
211 gssEapGetConversationMIC(OM_uint32 *minor,
213 gss_buffer_t convMIC);
216 gssEapVerifyConversationMIC(OM_uint32 *minor,
218 const gss_buffer_t convMIC);
221 gssEapMakeTokenChannelBindings(OM_uint32 *minor,
223 gss_channel_bindings_t userBindings,
224 gss_buffer_t inputToken,
225 gss_channel_bindings_t wireBindings);
228 extern const gss_OID_desc gssEapPasswordCredType;
230 OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred);
231 OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred);
234 gssEapAcquireCred(OM_uint32 *minor,
235 const gss_name_t desiredName,
236 gss_const_OID credType,
237 const void *credData,
239 const gss_OID_set desiredMechs,
241 gss_cred_id_t *pCred,
242 gss_OID_set *pActualMechs,
245 int gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech);
248 gssEapInquireCred(OM_uint32 *minor,
251 OM_uint32 *pLifetime,
252 gss_cred_usage_t *cred_usage,
253 gss_OID_set *mechanisms);
257 gssEapEncrypt(krb5_context context, int dce_style, size_t ec,
259 #ifdef HAVE_HEIMDAL_VERSION
265 gss_iov_buffer_desc *iov, int iov_count);
268 gssEapDecrypt(krb5_context context, int dce_style, size_t ec,
270 #ifdef HAVE_HEIMDAL_VERSION
276 gss_iov_buffer_desc *iov, int iov_count);
279 gssEapMapCryptoFlag(OM_uint32 type);
282 gssEapLocateIov(gss_iov_buffer_desc *iov,
287 gssEapIovMessageLength(gss_iov_buffer_desc *iov,
290 size_t *assoc_data_length);
293 gssEapReleaseIov(gss_iov_buffer_desc *iov, int iov_count);
296 gssEapIsIntegrityOnly(gss_iov_buffer_desc *iov, int iov_count);
299 gssEapAllocIov(gss_iov_buffer_t iov, size_t size);
302 gssEapDeriveRfc3961Key(OM_uint32 *minor,
303 const unsigned char *key,
305 krb5_enctype enctype,
306 krb5_keyblock *pKey);
309 #ifdef HAVE_HEIMDAL_VERSION
311 #define KRB_TIME_FOREVER ((time_t)~0L)
313 #define KRB_KEY_TYPE(key) ((key)->keytype)
314 #define KRB_KEY_DATA(key) ((key)->keyvalue.data)
315 #define KRB_KEY_LENGTH(key) ((key)->keyvalue.length)
317 #define KRB_PRINC_LENGTH(princ) ((princ)->name.name_string.len)
318 #define KRB_PRINC_TYPE(princ) ((princ)->name.name_type)
319 #define KRB_PRINC_NAME(princ) ((princ)->name.name_string.val)
320 #define KRB_PRINC_REALM(princ) ((princ)->realm)
322 #define KRB_KT_ENT_KEYBLOCK(e) (&(e)->keyblock)
323 #define KRB_KT_ENT_FREE(c, e) krb5_kt_free_entry((c), (e))
325 #define KRB_CRYPTO_CONTEXT(ctx) (krbCrypto)
329 #define KRB_TIME_FOREVER KRB5_INT32_MAX
331 #define KRB_KEY_TYPE(key) ((key)->enctype)
332 #define KRB_KEY_DATA(key) ((key)->contents)
333 #define KRB_KEY_LENGTH(key) ((key)->length)
335 #define KRB_PRINC_LENGTH(princ) (krb5_princ_size(NULL, (princ)))
336 #define KRB_PRINC_TYPE(princ) (krb5_princ_type(NULL, (princ)))
337 #define KRB_PRINC_NAME(princ) (krb5_princ_name(NULL, (princ)))
338 #define KRB_PRINC_REALM(princ) (krb5_princ_realm(NULL, (princ)))
340 #define KRB_KT_ENT_KEYBLOCK(e) (&(e)->key)
341 #define KRB_KT_ENT_FREE(c, e) krb5_free_keytab_entry_contents((c), (e))
343 #define KRB_CRYPTO_CONTEXT(ctx) (&(ctx)->rfc3961Key)
345 #endif /* HAVE_HEIMDAL_VERSION */
347 #define KRB_KEY_INIT(key) do { \
348 KRB_KEY_TYPE(key) = ENCTYPE_NULL; \
349 KRB_KEY_DATA(key) = NULL; \
350 KRB_KEY_LENGTH(key) = 0; \
353 #define GSSEAP_KRB_INIT(ctx) do { \
354 OM_uint32 tmpMajor; \
356 tmpMajor = gssEapKerberosInit(minor, ctx); \
357 if (GSS_ERROR(tmpMajor)) { \
363 gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
366 rfc3961ChecksumTypeForKey(OM_uint32 *minor,
368 krb5_cksumtype *cksumtype);
371 krbCryptoLength(krb5_context krbContext,
372 #ifdef HAVE_HEIMDAL_VERSION
373 krb5_crypto krbCrypto,
381 krbPaddingLength(krb5_context krbContext,
382 #ifdef HAVE_HEIMDAL_VERSION
383 krb5_crypto krbCrypto,
391 krbBlockSize(krb5_context krbContext,
392 #ifdef HAVE_HEIMDAL_VERSION
393 krb5_crypto krbCrypto,
400 krbEnctypeToString(krb5_context krbContext,
401 krb5_enctype enctype,
403 gss_buffer_t string);
406 krbMakeAuthDataKdcIssued(krb5_context context,
407 const krb5_keyblock *key,
408 krb5_const_principal issuer,
409 #ifdef HAVE_HEIMDAL_VERSION
410 const AuthorizationData *authdata,
411 AuthorizationData *adKdcIssued
413 krb5_authdata *const *authdata,
414 krb5_authdata ***adKdcIssued
419 krbMakeCred(krb5_context context,
420 krb5_auth_context authcontext,
426 gssEapExportLucidSecContext(OM_uint32 *minor,
428 const gss_OID desiredObject,
429 gss_buffer_set_t *data_set);
432 extern gss_OID GSS_EAP_MECHANISM;
434 #define OID_FLAG_NULL_VALID 0x00000001
435 #define OID_FLAG_FAMILY_MECH_VALID 0x00000002
436 #define OID_FLAG_MAP_NULL_TO_DEFAULT_MECH 0x00000004
437 #define OID_FLAG_MAP_FAMILY_MECH_TO_NULL 0x00000008
440 gssEapCanonicalizeOid(OM_uint32 *minor,
446 gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid);
449 gssEapDefaultMech(OM_uint32 *minor,
453 gssEapIndicateMechs(OM_uint32 *minor,
457 gssEapEnctypeToOid(OM_uint32 *minor,
458 krb5_enctype enctype,
462 gssEapOidToEnctype(OM_uint32 *minor,
464 krb5_enctype *enctype);
467 gssEapIsMechanismOid(const gss_OID oid);
470 gssEapIsConcreteMechanismOid(const gss_OID oid);
473 gssEapValidateMechs(OM_uint32 *minor,
474 const gss_OID_set mechs);
477 gssEapOidToSaslName(const gss_OID oid);
480 gssEapSaslNameToOid(const gss_buffer_t name);
483 #define EXPORT_NAME_FLAG_OID 0x1
484 #define EXPORT_NAME_FLAG_COMPOSITE 0x2
485 #define EXPORT_NAME_FLAG_ALLOW_COMPOSITE 0x4
487 OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
488 OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
489 OM_uint32 gssEapExportName(OM_uint32 *minor,
490 const gss_name_t name,
491 gss_buffer_t exportedName);
492 OM_uint32 gssEapExportNameInternal(OM_uint32 *minor,
493 const gss_name_t name,
494 gss_buffer_t exportedName,
496 OM_uint32 gssEapImportName(OM_uint32 *minor,
497 const gss_buffer_t input_name_buffer,
498 const gss_OID input_name_type,
499 const gss_OID input_mech_type,
500 gss_name_t *output_name);
501 OM_uint32 gssEapImportNameInternal(OM_uint32 *minor,
502 const gss_buffer_t input_name_buffer,
503 gss_name_t *output_name,
506 gssEapDuplicateName(OM_uint32 *minor,
507 const gss_name_t input_name,
508 gss_name_t *dest_name);
511 gssEapCanonicalizeName(OM_uint32 *minor,
512 const gss_name_t input_name,
513 const gss_OID mech_type,
514 gss_name_t *dest_name);
517 gssEapDisplayName(OM_uint32 *minor,
519 gss_buffer_t output_name_buffer,
520 gss_OID *output_name_type);
523 gssEapCompareName(OM_uint32 *minor,
530 composeOid(OM_uint32 *minor_status,
537 decomposeOid(OM_uint32 *minor_status,
544 duplicateOid(OM_uint32 *minor_status,
545 const gss_OID_desc * const oid,
549 duplicateOidSet(OM_uint32 *minor,
550 const gss_OID_set src,
554 oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2)
556 if (o1 == GSS_C_NO_OID)
557 return (o2 == GSS_C_NO_OID);
558 else if (o2 == GSS_C_NO_OID)
559 return (o1 == GSS_C_NO_OID);
561 return (o1->length == o2->length &&
562 memcmp(o1->elements, o2->elements, o1->length) == 0);
565 /* util_ordering.c */
567 sequenceInternalize(OM_uint32 *minor,
573 sequenceExternalize(OM_uint32 *minor,
579 sequenceSize(void *vqueue);
582 sequenceFree(OM_uint32 *minor, void **vqueue);
585 sequenceCheck(OM_uint32 *minor, void **vqueue, uint64_t seqnum);
588 sequenceInit(OM_uint32 *minor, void **vqueue, uint64_t seqnum,
589 int do_replay, int do_sequence, int wide_nums);
593 GSSEAP_STATE_INITIAL = 0x01, /* initial state */
594 GSSEAP_STATE_AUTHENTICATE = 0x02, /* exchange EAP messages */
595 GSSEAP_STATE_INITIATOR_EXTS = 0x04, /* initiator extensions */
596 GSSEAP_STATE_ACCEPTOR_EXTS = 0x08, /* acceptor extensions */
597 #ifdef GSSEAP_ENABLE_REAUTH
598 GSSEAP_STATE_REAUTHENTICATE = 0x10, /* GSS reauthentication messages */
600 GSSEAP_STATE_ESTABLISHED = 0x20, /* context established */
601 GSSEAP_STATE_ALL = 0x3F
604 #define GSSEAP_STATE_NEXT(s) ((s) << 1)
606 #define GSSEAP_SM_STATE(ctx) ((ctx)->state)
609 void gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state);
610 #define GSSEAP_SM_TRANSITION(ctx, state) gssEapSmTransition((ctx), (state))
612 #define GSSEAP_SM_TRANSITION(ctx, newstate) do { (ctx)->state = (newstate); } while (0)
615 #define GSSEAP_SM_TRANSITION_NEXT(ctx) GSSEAP_SM_TRANSITION((ctx), GSSEAP_STATE_NEXT(GSSEAP_SM_STATE((ctx))))
617 /* state machine entry */
619 OM_uint32 inputTokenType;
620 OM_uint32 outputTokenType;
621 enum gss_eap_state validStates;
623 OM_uint32 (*processToken)(OM_uint32 *,
630 gss_channel_bindings_t,
636 /* state machine flags, set by handler */
637 #define SM_FLAG_SEND_TOKEN 0x00000001 /* exit state machine, send token */
638 #define SM_FLAG_OUTPUT_TOKEN_CRITICAL 0x00000002 /* output token is critical */
640 /* state machine flags, set by state machine */
641 #define SM_FLAG_INPUT_TOKEN_CRITICAL 0x10000000 /* input token was critical */
643 #define SM_ITOK_FLAG_REQUIRED 0x00000001 /* received tokens must be present */
646 gssEapSmStep(OM_uint32 *minor,
653 gss_channel_bindings_t chanBindings,
654 gss_buffer_t inputToken,
655 gss_buffer_t outputToken,
656 struct gss_eap_sm *sm,
660 gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state);
664 gssEapDecodeInnerTokens(OM_uint32 *minor,
665 const gss_buffer_t buffer,
666 gss_buffer_set_t *pExtensions,
670 gssEapRecordContextTokenHeader(OM_uint32 *minor,
672 enum gss_eap_token_type tokType);
675 gssEapRecordInnerContextToken(OM_uint32 *minor,
677 gss_buffer_t innerToken,
681 gssEapVerifyContextToken(OM_uint32 *minor,
683 const gss_buffer_t inputToken,
684 enum gss_eap_token_type tokenType,
685 gss_buffer_t innerInputToken);
688 gssEapEncodeSupportedExts(OM_uint32 *minor,
691 gss_buffer_t outputToken);
694 gssEapProcessSupportedExts(OM_uint32 *minor,
695 gss_buffer_t inputToken,
696 struct gss_eap_itok_map *map,
701 tokenSize(size_t bodySize);
704 makeTokenHeader(size_t body_size,
705 unsigned char **buf);
708 verifyTokenHeader(OM_uint32 *minor,
711 unsigned char **buf_in,
713 enum gss_eap_token_type *ret_tok_type);
717 #define GSSEAP_CALLOC calloc
718 #define GSSEAP_MALLOC malloc
719 #define GSSEAP_FREE free
720 #define GSSEAP_REALLOC realloc
722 #define GSSEAP_NOT_IMPLEMENTED do { \
723 assert(0 && "not implemented"); \
725 return GSS_S_FAILURE; \
730 #define GSSEAP_MUTEX pthread_mutex_t
731 #define GSSEAP_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
733 #define GSSEAP_MUTEX_INIT(m) pthread_mutex_init((m), NULL)
734 #define GSSEAP_MUTEX_DESTROY(m) pthread_mutex_destroy((m))
735 #define GSSEAP_MUTEX_LOCK(m) pthread_mutex_lock((m))
736 #define GSSEAP_MUTEX_UNLOCK(m) pthread_mutex_unlock((m))
738 #define GSSEAP_THREAD_KEY pthread_key_t
739 #define GSSEAP_KEY_CREATE(k, d) pthread_key_create((k), (d))
740 #define GSSEAP_GETSPECIFIC(k) pthread_getspecific((k))
741 #define GSSEAP_SETSPECIFIC(k, d) pthread_setspecific((k), (d))
743 #define GSSEAP_THREAD_ONCE pthread_once_t
744 #define GSSEAP_ONCE(o, i) pthread_once((o), (i))
745 #define GSSEAP_ONCE_INITIALIZER PTHREAD_ONCE_INIT
747 /* Helper functions */
749 store_uint16_be(uint16_t val, void *vp)
751 unsigned char *p = (unsigned char *)vp;
753 p[0] = (val >> 8) & 0xff;
754 p[1] = (val ) & 0xff;
757 static inline uint16_t
758 load_uint16_be(const void *cvp)
760 const unsigned char *p = (const unsigned char *)cvp;
762 return (p[1] | (p[0] << 8));
766 store_uint32_be(uint32_t val, void *vp)
768 unsigned char *p = (unsigned char *)vp;
770 p[0] = (val >> 24) & 0xff;
771 p[1] = (val >> 16) & 0xff;
772 p[2] = (val >> 8) & 0xff;
773 p[3] = (val ) & 0xff;
776 static inline uint32_t
777 load_uint32_be(const void *cvp)
779 const unsigned char *p = (const unsigned char *)cvp;
781 return (p[3] | (p[2] << 8)
782 | ((uint32_t) p[1] << 16)
783 | ((uint32_t) p[0] << 24));
787 store_uint64_be(uint64_t val, void *vp)
789 unsigned char *p = (unsigned char *)vp;
791 p[0] = (unsigned char)((val >> 56) & 0xff);
792 p[1] = (unsigned char)((val >> 48) & 0xff);
793 p[2] = (unsigned char)((val >> 40) & 0xff);
794 p[3] = (unsigned char)((val >> 32) & 0xff);
795 p[4] = (unsigned char)((val >> 24) & 0xff);
796 p[5] = (unsigned char)((val >> 16) & 0xff);
797 p[6] = (unsigned char)((val >> 8) & 0xff);
798 p[7] = (unsigned char)((val ) & 0xff);
801 static inline uint64_t
802 load_uint64_be(const void *cvp)
804 const unsigned char *p = (const unsigned char *)cvp;
806 return ((uint64_t)load_uint32_be(p) << 32) | load_uint32_be(p + 4);
809 static inline unsigned char *
810 store_buffer(gss_buffer_t buffer, void *vp, int wide_nums)
812 unsigned char *p = (unsigned char *)vp;
815 store_uint64_be(buffer->length, p);
818 store_uint32_be(buffer->length, p);
822 if (buffer->value != NULL) {
823 memcpy(p, buffer->value, buffer->length);
830 static inline unsigned char *
831 load_buffer(const void *cvp, size_t length, gss_buffer_t buffer)
834 buffer->value = GSSEAP_MALLOC(length);
835 if (buffer->value == NULL)
837 buffer->length = length;
838 memcpy(buffer->value, cvp, length);
839 return (unsigned char *)cvp + length;
842 static inline unsigned char *
843 store_oid(gss_OID oid, void *vp)
847 if (oid != GSS_C_NO_OID) {
848 buf.length = oid->length;
849 buf.value = oid->elements;
855 return store_buffer(&buf, vp, FALSE);
859 krbDataToGssBuffer(krb5_data *data, gss_buffer_t buffer)
861 buffer->value = (void *)data->data;
862 buffer->length = data->length;
866 krbPrincComponentToGssBuffer(krb5_principal krbPrinc,
867 int index, gss_buffer_t buffer)
869 #ifdef HAVE_HEIMDAL_VERSION
870 buffer->value = (void *)KRB_PRINC_NAME(krbPrinc)[index];
871 buffer->length = strlen((char *)buffer->value);
873 buffer->value = (void *)krb5_princ_component(NULL, krbPrinc, index)->data;
874 buffer->length = krb5_princ_component(NULL, krbPrinc, index)->length;
875 #endif /* HAVE_HEIMDAL_VERSION */
879 krbPrincRealmToGssBuffer(krb5_principal krbPrinc, gss_buffer_t buffer)
881 #ifdef HAVE_HEIMDAL_VERSION
882 buffer->value = (void *)KRB_PRINC_REALM(krbPrinc);
883 buffer->length = strlen((char *)buffer->value);
885 krbDataToGssBuffer(KRB_PRINC_REALM(krbPrinc), buffer);
890 gssBufferToKrbData(gss_buffer_t buffer, krb5_data *data)
892 data->data = (char *)buffer->value;
893 data->length = buffer->length;
900 #include "util_json.h"
901 #include "util_attr.h"
902 #include "util_base64.h"
903 #ifdef GSSEAP_ENABLE_REAUTH
904 #include "util_reauth.h"
907 #endif /* _UTIL_H_ */