-/* -----------------------------------------------------------------------------\r
- * spnegohelp.c defines RFC 2478 SPNEGO GSS-API mechanism APIs.\r
- *\r
- * Author: Frank Balluffi\r
- *\r
- * Copyright (C) 2002-2003 All rights reserved.\r
- *\r
- * This program is free software; you can redistribute it and/or modify\r
- * it under the terms of the GNU General Public License as published by\r
- * the Free Software Foundation; either version 2 of the License, or\r
- * (at your option) any later version.\r
- *\r
- * This program is distributed in the hope that it will be useful,\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
- * GNU General Public License for more details.\r
- *\r
- * You should have received a copy of the GNU General Public License\r
- * along with this program; if not, write to the Free Software\r
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.\r
- *\r
- * -----------------------------------------------------------------------------\r
- */\r
-\r
-#include "spnegohelp.h"\r
-#include "spnego.h"\r
-\r
-#include <stdlib.h>\r
-\r
-int makeNegTokenTarg (const unsigned char * kerberosToken,\r
- size_t kerberosTokenLength,\r
- const unsigned char ** negTokenTarg,\r
- size_t * negTokenTargLength)\r
-{\r
- SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;\r
- int rc1 = 1;\r
- int rc2 = SPNEGO_E_SUCCESS;\r
-\r
- /* Check arguments. */\r
-\r
- if (!kerberosToken ||\r
- !negTokenTarg ||\r
- !negTokenTargLength)\r
- return 10;\r
-\r
- /* Does IIS reply with 1.2.840.48018.1.2.2 or 1.2.840.113554.1.2.2? */\r
-\r
- /* Does IIS always reply with accept_completed? */\r
-\r
- /* IIS does not include a MIC. */\r
-\r
- rc2 = spnegoCreateNegTokenTarg (spnego_mech_oid_Kerberos_V5_Legacy,\r
- spnego_negresult_success,\r
- (unsigned char *) kerberosToken,\r
- kerberosTokenLength,\r
- NULL,\r
- 0,\r
- &hSpnegoToken);\r
-\r
- if (rc2 != SPNEGO_E_SUCCESS)\r
- {\r
- rc1 = abs(rc2)+100;\r
- goto cleanup;\r
- }\r
-\r
- /* Get NegTokenTarg length. */\r
-\r
- rc2 = spnegoTokenGetBinary (hSpnegoToken,\r
- NULL,\r
- (unsigned long*) negTokenTargLength);\r
-\r
- if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL)\r
- {\r
- rc1 = abs(rc2)+200;\r
- goto cleanup;\r
- }\r
-\r
- *negTokenTarg = malloc (*negTokenTargLength);\r
-\r
- if (!*negTokenTarg)\r
- {\r
- rc1 = abs(rc2)+300;\r
- goto cleanup;\r
- }\r
-\r
- /* Get NegTokenTarg data. */\r
-\r
- rc2 = spnegoTokenGetBinary (hSpnegoToken,\r
- (unsigned char *) *negTokenTarg,\r
- (unsigned long*) negTokenTargLength);\r
-\r
-\r
- if (rc2 != SPNEGO_E_SUCCESS)\r
- {\r
- rc1 = abs(rc2)+400;\r
- goto error;\r
- }\r
-\r
- rc1 = 0;\r
-\r
- goto cleanup;\r
-\r
-error:\r
-\r
- if (*negTokenTarg)\r
- {\r
- free ((unsigned char *) *negTokenTarg);\r
- *negTokenTarg = NULL;\r
- *negTokenTargLength = 0;\r
- }\r
-\r
-cleanup:\r
-\r
- if (hSpnegoToken)\r
- spnegoFreeData (hSpnegoToken);\r
-\r
- LOG(("makeNegTokenTarg returned %d\n",rc1));\r
- return rc1;\r
-}\r
-\r
-int parseNegTokenInit (const unsigned char * negTokenInit,\r
- size_t negTokenInitLength,\r
- const unsigned char ** kerberosToken,\r
- size_t * kerberosTokenLength)\r
-{\r
- SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;\r
- int pindex = -1;\r
- int rc1 = 1;\r
- int rc2 = SPNEGO_E_SUCCESS;\r
- unsigned char reqFlags = 0;\r
- int tokenType = 0;\r
-\r
- /* Check arguments. */\r
-\r
- if (!negTokenInit ||\r
- !kerberosToken ||\r
- !kerberosTokenLength)\r
- return 10;\r
-\r
- /* Decode SPNEGO token. */\r
-\r
- rc2 = spnegoInitFromBinary ((unsigned char *) negTokenInit,\r
- negTokenInitLength,\r
- &hSpnegoToken);\r
-\r
- if (rc2 != SPNEGO_E_SUCCESS)\r
- {\r
- rc1 = abs(rc2)+100;\r
- goto cleanup;\r
- }\r
-\r
- /* Check for negTokenInit choice. */\r
-\r
- rc2 = spnegoGetTokenType (hSpnegoToken,\r
- &tokenType);\r
-\r
- if (rc2 != SPNEGO_E_SUCCESS)\r
- {\r
- rc1 = abs(rc2)+200;\r
- goto cleanup;\r
- }\r
-\r
- if (tokenType != SPNEGO_TOKEN_INIT)\r
- {\r
- rc1 = abs(rc2)+300;\r
- goto cleanup;\r
- }\r
-\r
- /*\r
- Check that first mechType is 1.2.840.113554.1.2.2 or 1.2.840.48018.1.2.2.\r
- */\r
-\r
- /*\r
- IE seems to reply with 1.2.840.48018.1.2.2 and then 1.2.840.113554.1.2.2.\r
- */\r
-\r
- rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,\r
- spnego_mech_oid_Kerberos_V5_Legacy,\r
- &pindex);\r
-\r
- if (rc2 != SPNEGO_E_SUCCESS ||\r
- pindex != 0)\r
- {\r
- rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,\r
- spnego_mech_oid_Kerberos_V5,\r
- &pindex);\r
-\r
- if (rc2 != SPNEGO_E_SUCCESS ||\r
- pindex != 0)\r
- {\r
- rc1 = abs(rc2)+400;\r
- goto cleanup;\r
- }\r
- }\r
-\r
- /* Check for no reqFlags. */\r
-\r
- /* Does IE ever send reqFlags? */\r
-\r
- rc2 = spnegoGetContextFlags (hSpnegoToken,\r
- &reqFlags);\r
-\r
- if (rc2 == SPNEGO_E_SUCCESS)\r
- {\r
- rc1 = abs(rc2)+500;\r
- goto cleanup;\r
- }\r
-\r
- /* Get mechanism token length. */\r
-\r
- rc2 = spnegoGetMechToken (hSpnegoToken,\r
- NULL,\r
- (unsigned long*) kerberosTokenLength);\r
-\r
- if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL)\r
- {\r
- rc1 = abs(rc2)+600;\r
- goto cleanup;\r
- }\r
-\r
- *kerberosToken = malloc (*kerberosTokenLength);\r
-\r
- if (!*kerberosToken)\r
- {\r
- rc1 = abs(rc2)+700;\r
- goto cleanup;\r
- }\r
-\r
- /* Get mechanism token data. */\r
-\r
- rc2 = spnegoGetMechToken (hSpnegoToken,\r
- (unsigned char *) *kerberosToken,\r
- (unsigned long*) kerberosTokenLength);\r
-\r
- if (rc2 != SPNEGO_E_SUCCESS)\r
- {\r
- rc1 = abs(rc2)+800;\r
- goto error;\r
- }\r
-\r
- /* According to Microsoft, IE does not send a MIC. */\r
-\r
- rc1 = 0;\r
-\r
- goto cleanup;\r
-\r
-error:\r
-\r
- if (*kerberosToken)\r
- {\r
- free ((unsigned char *) *kerberosToken);\r
- *kerberosToken = NULL;\r
- *kerberosTokenLength = 0;\r
- }\r
-\r
-cleanup:\r
-\r
- if (hSpnegoToken)\r
- spnegoFreeData (hSpnegoToken);\r
-\r
- LOG(("parseNegTokenInit returned %d\n",rc1));\r
- return rc1;\r
-}\r
+/* -----------------------------------------------------------------------------
+ * spnegohelp.c defines RFC 2478 SPNEGO GSS-API mechanism APIs.
+ *
+ * Author: Frank Balluffi
+ *
+ * Copyright (C) 2002-2003 All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * -----------------------------------------------------------------------------
+ */
+
+#include "spnegohelp.h"
+#include "spnego.h"
+
+#include <stdlib.h>
+
+int makeNegTokenTarg (const unsigned char * kerberosToken,
+ size_t kerberosTokenLength,
+ const unsigned char ** negTokenTarg,
+ size_t * negTokenTargLength)
+{
+ SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;
+ int rc1 = 1;
+ int rc2 = SPNEGO_E_SUCCESS;
+
+ /* Check arguments. */
+
+ if (!kerberosToken ||
+ !negTokenTarg ||
+ !negTokenTargLength)
+ return 10;
+
+ /* Does IIS reply with 1.2.840.48018.1.2.2 or 1.2.840.113554.1.2.2? */
+
+ /* Does IIS always reply with accept_completed? */
+
+ /* IIS does not include a MIC. */
+
+ rc2 = spnegoCreateNegTokenTarg (spnego_mech_oid_Kerberos_V5_Legacy,
+ spnego_negresult_success,
+ (unsigned char *) kerberosToken,
+ kerberosTokenLength,
+ NULL,
+ 0,
+ &hSpnegoToken);
+
+ if (rc2 != SPNEGO_E_SUCCESS)
+ {
+ rc1 = abs(rc2)+100;
+ goto cleanup;
+ }
+
+ /* Get NegTokenTarg length. */
+
+ rc2 = spnegoTokenGetBinary (hSpnegoToken,
+ NULL,
+ (unsigned long*) negTokenTargLength);
+
+ if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL)
+ {
+ rc1 = abs(rc2)+200;
+ goto cleanup;
+ }
+
+ *negTokenTarg = malloc (*negTokenTargLength);
+
+ if (!*negTokenTarg)
+ {
+ rc1 = abs(rc2)+300;
+ goto cleanup;
+ }
+
+ /* Get NegTokenTarg data. */
+
+ rc2 = spnegoTokenGetBinary (hSpnegoToken,
+ (unsigned char *) *negTokenTarg,
+ (unsigned long*) negTokenTargLength);
+
+
+ if (rc2 != SPNEGO_E_SUCCESS)
+ {
+ rc1 = abs(rc2)+400;
+ goto error;
+ }
+
+ rc1 = 0;
+
+ goto cleanup;
+
+error:
+
+ if (*negTokenTarg)
+ {
+ free ((unsigned char *) *negTokenTarg);
+ *negTokenTarg = NULL;
+ *negTokenTargLength = 0;
+ }
+
+cleanup:
+
+ if (hSpnegoToken)
+ spnegoFreeData (hSpnegoToken);
+
+ LOG(("makeNegTokenTarg returned %d\n",rc1));
+ return rc1;
+}
+
+int parseNegTokenInit (const unsigned char * negTokenInit,
+ size_t negTokenInitLength,
+ const unsigned char ** kerberosToken,
+ size_t * kerberosTokenLength)
+{
+ SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;
+ int pindex = -1;
+ int rc1 = 1;
+ int rc2 = SPNEGO_E_SUCCESS;
+ unsigned char reqFlags = 0;
+ int tokenType = 0;
+
+ /* Check arguments. */
+
+ if (!negTokenInit ||
+ !kerberosToken ||
+ !kerberosTokenLength)
+ return 10;
+
+ /* Decode SPNEGO token. */
+
+ rc2 = spnegoInitFromBinary ((unsigned char *) negTokenInit,
+ negTokenInitLength,
+ &hSpnegoToken);
+
+ if (rc2 != SPNEGO_E_SUCCESS)
+ {
+ rc1 = abs(rc2)+100;
+ goto cleanup;
+ }
+
+ /* Check for negTokenInit choice. */
+
+ rc2 = spnegoGetTokenType (hSpnegoToken,
+ &tokenType);
+
+ if (rc2 != SPNEGO_E_SUCCESS)
+ {
+ rc1 = abs(rc2)+200;
+ goto cleanup;
+ }
+
+ if (tokenType != SPNEGO_TOKEN_INIT)
+ {
+ rc1 = abs(rc2)+300;
+ goto cleanup;
+ }
+
+ /*
+ Check that first mechType is 1.2.840.113554.1.2.2 or 1.2.840.48018.1.2.2.
+ */
+
+ /*
+ IE seems to reply with 1.2.840.48018.1.2.2 and then 1.2.840.113554.1.2.2.
+ */
+
+ rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,
+ spnego_mech_oid_Kerberos_V5_Legacy,
+ &pindex);
+
+ if (rc2 != SPNEGO_E_SUCCESS ||
+ pindex != 0)
+ {
+ rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,
+ spnego_mech_oid_Kerberos_V5,
+ &pindex);
+
+ if (rc2 != SPNEGO_E_SUCCESS ||
+ pindex != 0)
+ {
+ rc1 = abs(rc2)+400;
+ goto cleanup;
+ }
+ }
+
+ /* Check for no reqFlags. */
+
+ /* Does IE ever send reqFlags? */
+
+ rc2 = spnegoGetContextFlags (hSpnegoToken,
+ &reqFlags);
+
+ if (rc2 == SPNEGO_E_SUCCESS)
+ {
+ rc1 = abs(rc2)+500;
+ goto cleanup;
+ }
+
+ /* Get mechanism token length. */
+
+ rc2 = spnegoGetMechToken (hSpnegoToken,
+ NULL,
+ (unsigned long*) kerberosTokenLength);
+
+ if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL)
+ {
+ rc1 = abs(rc2)+600;
+ goto cleanup;
+ }
+
+ *kerberosToken = malloc (*kerberosTokenLength);
+
+ if (!*kerberosToken)
+ {
+ rc1 = abs(rc2)+700;
+ goto cleanup;
+ }
+
+ /* Get mechanism token data. */
+
+ rc2 = spnegoGetMechToken (hSpnegoToken,
+ (unsigned char *) *kerberosToken,
+ (unsigned long*) kerberosTokenLength);
+
+ if (rc2 != SPNEGO_E_SUCCESS)
+ {
+ rc1 = abs(rc2)+800;
+ goto error;
+ }
+
+ /* According to Microsoft, IE does not send a MIC. */
+
+ rc1 = 0;
+
+ goto cleanup;
+
+error:
+
+ if (*kerberosToken)
+ {
+ free ((unsigned char *) *kerberosToken);
+ *kerberosToken = NULL;
+ *kerberosTokenLength = 0;
+ }
+
+cleanup:
+
+ if (hSpnegoToken)
+ spnegoFreeData (hSpnegoToken);
+
+ LOG(("parseNegTokenInit returned %d\n",rc1));
+ return rc1;
+}
-/* -----------------------------------------------------------------------------\r
- * spnegohelp.c declares RFC 2478 SPNEGO GSS-API mechanism APIs.\r
- *\r
- * Author: Frank Balluffi\r
- *\r
- * Copyright (C) 2002-2003. All rights reserved.\r
- * -----------------------------------------------------------------------------\r
- */\r
-\r
-#ifndef SPNEGOHELP_H\r
-#define SPNEGOHELP_H\r
-\r
-#ifdef __cplusplus\r
-extern "C" {\r
-#endif\r
-\r
-#include <stddef.h>\r
-\r
-/* -----------------------------------------------------------------------------\r
- * makeNegTokenTarg makes an RFC 2478 SPNEGO NegTokenTarg (token) from an\r
- * RFC 1964 Kerberos GSS-API token.\r
- *\r
- * If makeNegTokenTarg is successful, call free (*negTokenTarg) to free the\r
- * memory allocated by parseNegTokenInit.\r
- *\r
- * Returns 0 if successful, 1 otherwise.\r
- * -----------------------------------------------------------------------------\r
- */\r
-\r
-int makeNegTokenTarg (const unsigned char * kerberosToken,\r
- size_t kerberosTokenLength,\r
- const unsigned char ** negTokenTarg,\r
- size_t * negTokenTargLength);\r
-\r
-/* -----------------------------------------------------------------------------\r
- * parseNegTokenInit parses an RFC 2478 SPNEGO NegTokenInit (token) to extract\r
- * an RFC 1964 Kerberos GSS-API token.\r
- *\r
- * If the NegTokenInit does cotain a Kerberos GSS-API token, parseNegTokenInit\r
- * returns an error.\r
- *\r
- * If parseNegTokenInit is successful, call free (*kerberosToken) to\r
- * free the memory allocated by parseNegTokenInit.\r
- *\r
- * Returns 0 if successful, 1 otherwise.\r
- * -----------------------------------------------------------------------------\r
- */\r
-\r
-int parseNegTokenInit (const unsigned char * negTokenInit,\r
- size_t negTokenInitLength,\r
- const unsigned char ** kerberosToken,\r
- size_t * kerberosTokenLength);\r
-\r
-#ifdef __cplusplus\r
-}\r
-#endif\r
-\r
-#endif /* SPNEGOHELP_H */\r
+/* -----------------------------------------------------------------------------
+ * spnegohelp.c declares RFC 2478 SPNEGO GSS-API mechanism APIs.
+ *
+ * Author: Frank Balluffi
+ *
+ * Copyright (C) 2002-2003. All rights reserved.
+ * -----------------------------------------------------------------------------
+ */
+
+#ifndef SPNEGOHELP_H
+#define SPNEGOHELP_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stddef.h>
+
+/* -----------------------------------------------------------------------------
+ * makeNegTokenTarg makes an RFC 2478 SPNEGO NegTokenTarg (token) from an
+ * RFC 1964 Kerberos GSS-API token.
+ *
+ * If makeNegTokenTarg is successful, call free (*negTokenTarg) to free the
+ * memory allocated by parseNegTokenInit.
+ *
+ * Returns 0 if successful, 1 otherwise.
+ * -----------------------------------------------------------------------------
+ */
+
+int makeNegTokenTarg (const unsigned char * kerberosToken,
+ size_t kerberosTokenLength,
+ const unsigned char ** negTokenTarg,
+ size_t * negTokenTargLength);
+
+/* -----------------------------------------------------------------------------
+ * parseNegTokenInit parses an RFC 2478 SPNEGO NegTokenInit (token) to extract
+ * an RFC 1964 Kerberos GSS-API token.
+ *
+ * If the NegTokenInit does cotain a Kerberos GSS-API token, parseNegTokenInit
+ * returns an error.
+ *
+ * If parseNegTokenInit is successful, call free (*kerberosToken) to
+ * free the memory allocated by parseNegTokenInit.
+ *
+ * Returns 0 if successful, 1 otherwise.
+ * -----------------------------------------------------------------------------
+ */
+
+int parseNegTokenInit (const unsigned char * negTokenInit,
+ size_t negTokenInitLength,
+ const unsigned char ** kerberosToken,
+ size_t * kerberosTokenLength);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SPNEGOHELP_H */
projects / thirdparty / squid.git / commitdiff
