35 #include "gss-extra.h"
56 state->
cred = GSS_C_NO_CREDENTIAL;
57 state->
context = GSS_C_NO_CONTEXT;
67 const char *input,
size_t input_len,
68 char **output,
size_t *output_len)
71 gss_buffer_desc bufdesc1, bufdesc2;
72 OM_uint32 maj_stat, min_stat;
73 gss_buffer_desc client_name;
105 bufdesc1.length = strlen (service) + strlen (
"@")
106 + strlen (hostname) + 1;
107 bufdesc1.value = malloc (bufdesc1.length);
108 if (bufdesc1.value == NULL)
111 sprintf (bufdesc1.value,
"%s@%s", service, hostname);
113 maj_stat = gss_import_name (&min_stat, &bufdesc1,
114 GSS_C_NT_HOSTBASED_SERVICE, &server);
115 free (bufdesc1.value);
116 if (GSS_ERROR (maj_stat))
119 maj_stat = gss_acquire_cred (&min_stat, server, 0,
120 GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
121 &state->
cred, NULL, NULL);
122 gss_release_name (&min_stat, &server);
123 if (GSS_ERROR (maj_stat))
130 bufdesc1.value = (
void *) input;
131 bufdesc1.length = input_len;
134 gss_release_name (&min_stat, &state->
client);
135 state->
client = GSS_C_NO_NAME;
138 maj_stat = gss_accept_sec_context (&min_stat,
142 GSS_C_NO_CHANNEL_BINDINGS,
145 &bufdesc2, NULL, NULL, NULL);
146 if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED)
149 if (maj_stat == GSS_S_COMPLETE)
152 if (maj_stat == GSS_S_CONTINUE_NEEDED || bufdesc2.length > 0)
154 *output = malloc (bufdesc2.length);
157 memcpy (*output, bufdesc2.value, bufdesc2.length);
158 *output_len = bufdesc2.length;
161 maj_stat = gss_release_buffer (&min_stat, &bufdesc2);
162 if (GSS_ERROR (maj_stat))
165 if (maj_stat == GSS_S_CONTINUE_NEEDED || *output_len > 0)
173 memset (tmp, 0xFF, 4);
176 bufdesc1.value = tmp;
177 maj_stat = gss_wrap (&min_stat, state->
context, 0, GSS_C_QOP_DEFAULT,
178 &bufdesc1, NULL, &bufdesc2);
179 if (GSS_ERROR (maj_stat))
182 *output = malloc (bufdesc2.length);
185 memcpy (*output, bufdesc2.value, bufdesc2.length);
186 *output_len = bufdesc2.length;
188 maj_stat = gss_release_buffer (&min_stat, &bufdesc2);
189 if (GSS_ERROR (maj_stat))
197 bufdesc1.value = (
void *) input;
198 bufdesc1.length = input_len;
199 maj_stat = gss_unwrap (&min_stat, state->
context, &bufdesc1,
200 &bufdesc2, NULL, NULL);
201 if (GSS_ERROR (maj_stat))
219 if (bufdesc2.length < 4)
225 maj_stat = gss_release_buffer (&min_stat, &bufdesc2);
229 if (bufdesc2.length > 4)
231 (
char *) bufdesc2.value + 4,
232 bufdesc2.length - 4);
236 maj_stat = gss_display_name (&min_stat, state->
client,
237 &client_name, &mech_type);
238 if (GSS_ERROR (maj_stat))
242 client_name.value, client_name.length);
244 maj_stat = gss_release_buffer (&min_stat, &client_name);
245 if (GSS_ERROR (maj_stat))
248 maj_stat = gss_release_buffer (&min_stat, &bufdesc2);
249 if (GSS_ERROR (maj_stat))
274 if (state->
context != GSS_C_NO_CONTEXT)
275 gss_delete_sec_context (&min_stat, &state->
context, GSS_C_NO_BUFFER);
277 if (state->
cred != GSS_C_NO_CREDENTIAL)
278 gss_release_cred (&min_stat, &state->
cred);
280 if (state->
client != GSS_C_NO_NAME)
281 gss_release_name (&min_stat, &state->
client);
int gsasl_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop)
@ GSASL_GSSAPI_UNWRAP_ERROR
@ GSASL_GSSAPI_IMPORT_NAME_ERROR
@ GSASL_GSSAPI_RELEASE_BUFFER_ERROR
@ GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR
@ GSASL_AUTHENTICATION_ERROR
@ GSASL_GSSAPI_DISPLAY_NAME_ERROR
@ GSASL_GSSAPI_ACQUIRE_CRED_ERROR
@ GSASL_MECHANISM_CALLED_TOO_MANY_TIMES
@ GSASL_GSSAPI_WRAP_ERROR
@ GSASL_GSSAPI_UNSUPPORTED_PROTECTION_ERROR
_GSASL_API int gsasl_property_set_raw(Gsasl_session *sctx, Gsasl_property prop, const char *data, size_t len)
_GSASL_API int gsasl_property_set(Gsasl_session *sctx, Gsasl_property prop, const char *data)
_GSASL_API const char * gsasl_property_get(Gsasl_session *sctx, Gsasl_property prop)
@ GSASL_GSSAPI_DISPLAY_NAME
void _gsasl_gssapi_server_finish(Gsasl_session *sctx, void *mech_data)
int _gsasl_gssapi_server_start(Gsasl_session *sctx, void **mech_data)
int _gsasl_gssapi_server_step(Gsasl_session *sctx, void *mech_data, const char *input, size_t input_len, char **output, size_t *output_len)