2 * Copyright (c) 2012, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
33 * This code was adapted from the MIT Kerberos Consortium's
34 * GSS example code, which was distributed under the following
37 * Copyright 2004-2006 Massachusetts Institute of Technology.
38 * All Rights Reserved.
40 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
41 * distribute this software and its documentation for any purpose and
42 * without fee is hereby granted, provided that the above copyright
43 * notice appear in all copies and that both that copyright notice and
44 * this permission notice appear in supporting documentation, and that
45 * the name of M.I.T. not be used in advertising or publicity pertaining
46 * to distribution of the software without specific, written prior
47 * permission. Furthermore if you modify this software you must label
48 * your software as modified software and not distribute it in such a
49 * fashion that it might be confused with the original M.I.T. software.
50 * M.I.T. makes no representations about the suitability of
51 * this software for any purpose. It is provided "as is" without express
52 * or implied warranty.
57 /* --------------------------------------------------------------------------- */
58 /* Display the contents of the buffer in hex and ascii */
60 static void PrintBuffer (const char *inBuffer,
65 for (i = 0; i < inLength; i += 16) {
67 for (l = i; l < (i + 16); l++) {
71 u_int8_t *byte = (u_int8_t *) inBuffer + l;
72 printf ("%2.2x", *byte);
74 if ((l % 4) == 3) { printf (" "); }
77 for (l = i; l < (i + 16) && l < inLength; l++) {
78 printf ("%c", ((inBuffer[l] > 0x1f) &&
79 (inBuffer[l] < 0x7f)) ? inBuffer[l] : '.');
86 /* --------------------------------------------------------------------------- */
87 /* Standard network read loop, accounting for EINTR, EOF and incomplete reads */
89 static int ReadBuffer (int inSocket,
90 size_t inBufferLength,
94 ssize_t bytesRead = 0;
96 if (!ioBuffer) { err = EINVAL; }
101 ssize_t count = read (inSocket, ptr, inBufferLength - bytesRead);
103 /* Try again on EINTR */
104 if (errno != EINTR) { err = errno; }
105 } else if (count == 0) {
106 err = ECONNRESET; /* EOF and we expected data */
111 } while (!err && (bytesRead < inBufferLength));
114 if (err) { gsscon_print_error (err, "ReadBuffer failed"); }
119 /* --------------------------------------------------------------------------- */
120 /* Standard network write loop, accounting for EINTR and incomplete writes */
122 static int WriteBuffer (int inSocket,
123 const char *inBuffer,
124 size_t inBufferLength)
127 ssize_t bytesWritten = 0;
129 if (!inBuffer) { err = EINVAL; }
132 const char *ptr = inBuffer;
134 ssize_t count = write (inSocket, ptr, inBufferLength - bytesWritten);
136 /* Try again on EINTR */
137 if (errno != EINTR) { err = errno; }
140 bytesWritten += count;
142 } while (!err && (bytesWritten < inBufferLength));
145 if (err) { gsscon_print_error (err, "WritBuffer failed"); }
150 /* --------------------------------------------------------------------------- */
151 /* Read a GSS token (length + data) off the network */
153 int gsscon_read_token (int inSocket,
154 char **outTokenValue,
155 size_t *outTokenLength)
159 u_int32_t tokenLength = 0;
161 if (!outTokenValue ) { err = EINVAL; }
162 if (!outTokenLength) { err = EINVAL; }
165 err = ReadBuffer (inSocket, 4, (char *) &tokenLength);
169 tokenLength = ntohl (tokenLength);
170 token = malloc (tokenLength);
171 memset (token, 0, tokenLength);
173 err = ReadBuffer (inSocket, tokenLength, token);
177 printf ("Read token:\n");
178 PrintBuffer (token, tokenLength);
180 *outTokenLength = tokenLength;
181 *outTokenValue = token;
182 token = NULL; /* only free on error */
184 gsscon_print_error (err, "ReadToken failed");
187 if (token) { free (token); }
192 /* --------------------------------------------------------------------------- */
193 /* Write a GSS token (length + data) onto the network */
195 int gsscon_write_token (int inSocket,
196 const char *inTokenValue,
197 size_t inTokenLength)
200 u_int32_t tokenLength = htonl (inTokenLength);
202 if (!inTokenValue) { err = EINVAL; }
205 err = WriteBuffer (inSocket, (char *) &tokenLength, 4);
209 err = WriteBuffer (inSocket, inTokenValue, inTokenLength);
213 printf ("Wrote token:\n");
214 PrintBuffer (inTokenValue, inTokenLength);
216 gsscon_print_error (err, "gsscon_write_token() failed");
222 /* --------------------------------------------------------------------------- */
223 /* Read an encrypted GSS token (length + encrypted data) off the network */
226 int gsscon_read_encrypted_token (int inSocket,
227 const gss_ctx_id_t inContext,
228 char **outTokenValue,
229 size_t *outTokenLength)
233 size_t tokenLength = 0;
234 OM_uint32 majorStatus;
235 OM_uint32 minorStatus = 0;
236 gss_buffer_desc outputBuffer = { 0 , NULL};
237 char *unencryptedToken = NULL;
239 if (!inContext ) { err = EINVAL; }
240 if (!outTokenValue ) { err = EINVAL; }
241 if (!outTokenLength) { err = EINVAL; }
244 err = gsscon_read_token (inSocket, &token, &tokenLength);
248 gss_buffer_desc inputBuffer = { tokenLength, token};
249 int encrypted = 0; /* did mechanism encrypt/integrity protect? */
251 majorStatus = gss_unwrap (&minorStatus,
256 NULL /* qop_state */);
257 if (majorStatus != GSS_S_COMPLETE) {
258 gsscon_print_gss_errors("gss_unwrap", majorStatus, minorStatus);
259 err = minorStatus ? minorStatus : majorStatus;
260 } else if (!encrypted) {
261 fprintf (stderr, "WARNING! Mechanism not using encryption!");
262 err = EINVAL; /* You may not want to fail here. */
267 unencryptedToken = malloc (outputBuffer.length);
268 if (unencryptedToken == NULL) { err = ENOMEM; }
272 memcpy (unencryptedToken, outputBuffer.value, outputBuffer.length);
274 printf ("Unencrypted token:\n");
275 PrintBuffer (unencryptedToken, outputBuffer.length);
277 *outTokenLength = outputBuffer.length;
278 *outTokenValue = unencryptedToken;
279 unencryptedToken = NULL; /* only free on error */
282 gsscon_print_error (err, "ReadToken failed");
285 if (token ) { free (token); }
286 if (outputBuffer.value) { gss_release_buffer (&minorStatus, &outputBuffer); }
287 if (unencryptedToken ) { free (unencryptedToken); }
292 /* --------------------------------------------------------------------------- */
293 /* Write an encrypted GSS token (length + encrypted data) onto the network */
295 int gsscon_write_encrypted_token (int inSocket,
296 const gss_ctx_id_t inContext,
298 size_t inTokenLength)
301 OM_uint32 majorStatus;
302 OM_uint32 minorStatus = 0;
303 gss_buffer_desc outputBuffer = { 0, NULL };
305 if (!inContext) { err = EINVAL; }
306 if (!inToken ) { err = EINVAL; }
309 gss_buffer_desc inputBuffer = { inTokenLength, (char *) inToken };
310 int encrypt = 1; /* do encryption and integrity protection */
311 int encrypted = 0; /* did mechanism encrypt/integrity protect? */
313 majorStatus = gss_wrap (&minorStatus,
320 if (majorStatus != GSS_S_COMPLETE) {
321 gsscon_print_gss_errors ("gss_wrap", majorStatus, minorStatus);
322 err = minorStatus ? minorStatus : majorStatus;
323 } else if (!encrypted) {
324 fprintf (stderr, "WARNING! Mechanism does not support encryption!");
325 err = EINVAL; /* You may not want to fail here. */
330 printf ("Unencrypted token:\n");
331 PrintBuffer (inToken, inTokenLength);
332 err = gsscon_write_token (inSocket, outputBuffer.value, outputBuffer.length);
337 gsscon_print_error (err, "gsscon_write_token failed");
340 if (outputBuffer.value) { gss_release_buffer (&minorStatus, &outputBuffer); }
345 /* --------------------------------------------------------------------------- */
346 /* Print BSD error */
348 void gsscon_print_error (int inError,
349 const char *inString)
351 fprintf (stderr, "%s: %s (err = %d)\n",
352 inString, error_message (inError), inError);
355 /* --------------------------------------------------------------------------- */
356 /* PrintGSSAPI errors */
358 void gsscon_print_gss_errors (const char *inRoutineName,
359 OM_uint32 inMajorStatus,
360 OM_uint32 inMinorStatus)
362 OM_uint32 minorStatus;
363 OM_uint32 majorStatus;
364 gss_buffer_desc errorBuffer;
366 OM_uint32 messageContext = 0; /* first message */
369 fprintf (stderr, "Error returned by %s:\n", inRoutineName);
372 majorStatus = gss_display_status (&minorStatus,
378 if (majorStatus == GSS_S_COMPLETE) {
379 fprintf (stderr," major error <%d> %s\n",
380 count, (char *) errorBuffer.value);
381 gss_release_buffer (&minorStatus, &errorBuffer);
384 } while (messageContext != 0);
389 majorStatus = gss_display_status (&minorStatus,
395 fprintf (stderr," minor error <%d> %s\n",
396 count, (char *) errorBuffer.value);
398 } while (messageContext != 0);
projects / trust_router.git / blob