1 /* -----------------------------------------------------------------------------
2 * spnegohelp.c defines RFC 2478 SPNEGO GSS-API mechanism APIs.
4 * Author: Frank Balluffi
6 * Copyright (C) 2002-2003 All rights reserved.
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
22 * -----------------------------------------------------------------------------
25 #include "spnegohelp.h"
30 int makeNegTokenTarg (const unsigned char * kerberosToken
,
31 size_t kerberosTokenLength
,
32 const unsigned char ** negTokenTarg
,
33 size_t * negTokenTargLength
)
35 SPNEGO_TOKEN_HANDLE hSpnegoToken
= NULL
;
37 int rc2
= SPNEGO_E_SUCCESS
;
39 /* Check arguments. */
46 /* Does IIS reply with 1.2.840.48018.1.2.2 or 1.2.840.113554.1.2.2? */
48 /* Does IIS always reply with accept_completed? */
50 /* IIS does not include a MIC. */
52 rc2
= spnegoCreateNegTokenTarg (spnego_mech_oid_Kerberos_V5_Legacy
,
53 spnego_negresult_success
,
54 (unsigned char *) kerberosToken
,
60 if (rc2
!= SPNEGO_E_SUCCESS
)
66 /* Get NegTokenTarg length. */
68 rc2
= spnegoTokenGetBinary (hSpnegoToken
,
70 (unsigned long*) negTokenTargLength
);
72 if (rc2
!= SPNEGO_E_BUFFER_TOO_SMALL
)
78 *negTokenTarg
= malloc (*negTokenTargLength
);
86 /* Get NegTokenTarg data. */
88 rc2
= spnegoTokenGetBinary (hSpnegoToken
,
89 (unsigned char *) *negTokenTarg
,
90 (unsigned long*) negTokenTargLength
);
93 if (rc2
!= SPNEGO_E_SUCCESS
)
107 free ((unsigned char *) *negTokenTarg
);
108 *negTokenTarg
= NULL
;
109 *negTokenTargLength
= 0;
115 spnegoFreeData (hSpnegoToken
);
117 LOG(("makeNegTokenTarg returned %d\n",rc1
));
121 int parseNegTokenInit (const unsigned char * negTokenInit
,
122 size_t negTokenInitLength
,
123 const unsigned char ** kerberosToken
,
124 size_t * kerberosTokenLength
)
126 SPNEGO_TOKEN_HANDLE hSpnegoToken
= NULL
;
129 int rc2
= SPNEGO_E_SUCCESS
;
130 unsigned char reqFlags
= 0;
133 /* Check arguments. */
137 !kerberosTokenLength
)
140 /* Decode SPNEGO token. */
142 rc2
= spnegoInitFromBinary ((unsigned char *) negTokenInit
,
146 if (rc2
!= SPNEGO_E_SUCCESS
)
152 /* Check for negTokenInit choice. */
154 rc2
= spnegoGetTokenType (hSpnegoToken
,
157 if (rc2
!= SPNEGO_E_SUCCESS
)
163 if (tokenType
!= SPNEGO_TOKEN_INIT
)
170 Check that first mechType is 1.2.840.113554.1.2.2 or 1.2.840.48018.1.2.2.
174 IE seems to reply with 1.2.840.48018.1.2.2 and then 1.2.840.113554.1.2.2.
177 rc2
= spnegoIsMechTypeAvailable (hSpnegoToken
,
178 spnego_mech_oid_Kerberos_V5_Legacy
,
181 if (rc2
!= SPNEGO_E_SUCCESS
||
184 rc2
= spnegoIsMechTypeAvailable (hSpnegoToken
,
185 spnego_mech_oid_Kerberos_V5
,
188 if (rc2
!= SPNEGO_E_SUCCESS
||
196 /* Check for no reqFlags. */
198 /* Does IE ever send reqFlags? */
200 rc2
= spnegoGetContextFlags (hSpnegoToken
,
203 if (rc2
== SPNEGO_E_SUCCESS
)
209 /* Get mechanism token length. */
211 rc2
= spnegoGetMechToken (hSpnegoToken
,
213 (unsigned long*) kerberosTokenLength
);
215 if (rc2
!= SPNEGO_E_BUFFER_TOO_SMALL
)
221 *kerberosToken
= malloc (*kerberosTokenLength
);
229 /* Get mechanism token data. */
231 rc2
= spnegoGetMechToken (hSpnegoToken
,
232 (unsigned char *) *kerberosToken
,
233 (unsigned long*) kerberosTokenLength
);
235 if (rc2
!= SPNEGO_E_SUCCESS
)
241 /* According to Microsoft, IE does not send a MIC. */
251 free ((unsigned char *) *kerberosToken
);
252 *kerberosToken
= NULL
;
253 *kerberosTokenLength
= 0;
259 spnegoFreeData (hSpnegoToken
);
261 LOG(("parseNegTokenInit returned %d\n",rc1
));