krb5_error_code KRB5_CALLCONV krb5_authdata_export_internal
(krb5_context kcontext,
krb5_authdata_context context,
+ krb5_boolean restrict_authenticated,
const char *module,
void **ptr);
(*authdata_client_export_internal_proc)(krb5_context context,
void *plugin_context,
void *request_context,
+ krb5_boolean restrict_authenticated,
void **ptr);
/* NB: this takes ownership of ptr */
gss_iov_buffer_desc *, /* iov */
int); /* iov_count */
+/*
+ * Naming extensions
+ */
+OM_uint32 KRB5_CALLCONV gss_display_name_ext
+(
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_OID, /* display_as_name_type */
+ gss_buffer_t /* display_name */
+);
+
+OM_uint32 KRB5_CALLCONV gss_inquire_name
+(
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int *, /* name_is_MN */
+ gss_OID *, /* MN_mech */
+ gss_buffer_set_t *, /* authenticated */
+ gss_buffer_set_t *, /* asserted */
+ gss_buffer_set_t * /* complete */
+);
+
+OM_uint32 KRB5_CALLCONV gss_get_name_attribute
+(
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t, /* attr */
+ int *, /* authenticated */
+ int *, /* complete */
+ gss_buffer_t, /* value */
+ gss_buffer_t, /* display_value */
+ int * /* more */
+);
+
+OM_uint32 KRB5_CALLCONV gss_set_name_attribute
+(
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int, /* complete */
+ gss_buffer_t, /* attr */
+ gss_buffer_t /* value */
+);
+
+OM_uint32 KRB5_CALLCONV gss_delete_name_attribute
+(
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t /* attr */
+);
+
+OM_uint32 KRB5_CALLCONV gss_export_name_composite
+(
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t /* exp_composite_name */
+);
+
typedef struct gss_any *gss_any_t;
+OM_uint32 KRB5_CALLCONV gss_map_name_to_any
+(
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ int, /* authenticated */
+ gss_buffer_t, /* type_id */
+ gss_any_t * /* output */
+);
+
+OM_uint32 KRB5_CALLCONV gss_release_any_name_mapping
+(
+ OM_uint32 *, /* minor_status */
+ gss_name_t, /* name */
+ gss_buffer_t, /* type_id */
+ gss_any_t * /* input */
+);
+
#ifdef __cplusplus
}
#endif
krb5_gss_name_t name1,
krb5_gss_name_t name2);
+OM_uint32
+krb5_gss_display_name_ext(OM_uint32 *minor_status,
+ gss_name_t name,
+ gss_OID display_as_name_type,
+ gss_buffer_t display_name);
+
+OM_uint32
+krb5_gss_inquire_name(OM_uint32 *minor_status,
+ gss_name_t name,
+ int *name_is_MN,
+ gss_OID *MN_mech,
+ gss_buffer_set_t *authenticated,
+ gss_buffer_set_t *asserted,
+ gss_buffer_set_t *complete);
+
+OM_uint32
+krb5_gss_get_name_attribute(OM_uint32 *minor_status,
+ gss_name_t name,
+ gss_buffer_t attr,
+ int *authenticated,
+ int *complete,
+ gss_buffer_t value,
+ gss_buffer_t display_value,
+ int *more);
+
+OM_uint32
+krb5_gss_set_name_attribute(OM_uint32 *minor_status,
+ gss_name_t name,
+ int complete,
+ gss_buffer_t attr,
+ gss_buffer_t value);
+
+OM_uint32
+krb5_gss_delete_name_attribute(OM_uint32 *minor_status,
+ gss_name_t name,
+ gss_buffer_t attr);
+
+OM_uint32
+krb5_gss_export_name_composite(OM_uint32 *minor_status,
+ gss_name_t name,
+ gss_buffer_t exp_composite_name);
+
+OM_uint32
+krb5_gss_map_name_to_any(OM_uint32 *minor_status,
+ gss_name_t name,
+ int authenticated,
+ gss_buffer_t type_id,
+ gss_any_t *output);
+
+OM_uint32
+krb5_gss_release_any_name_mapping(OM_uint32 *minor_status,
+ gss_name_t name,
+ gss_buffer_t type_id,
+ gss_any_t *input);
+
/*
* These take unglued krb5-mech-specific contexts.
*/
krb5_gss_unwrap_iov,
krb5_gss_wrap_iov_length,
NULL, /* complete_auth_token */
+ NULL, /* display_name_ext */
+ krb5_gss_inquire_name,
+ krb5_gss_get_name_attribute,
+ krb5_gss_set_name_attribute,
+ krb5_gss_delete_name_attribute,
+ NULL, /* export_name_composite */
+ krb5_gss_map_name_to_any,
+ krb5_gss_release_any_name_mapping,
};
OM_uint32
krb5_gss_inquire_name(OM_uint32 *minor_status,
gss_name_t name,
- int name_is_MN,
+ int *name_is_MN,
gss_OID *MN_mech,
gss_buffer_set_t *authenticated,
gss_buffer_set_t *asserted,
&kattr,
&kauthenticated,
&kcomplete,
- &kvalue,
- &kdisplay_value,
+ value ? &kvalue : NULL,
+ display_value ? &kdisplay_value : NULL,
more);
if (code == 0) {
- value->value = kvalue.data;
- value->length = kvalue.length;
+ if (value != NULL) {
+ value->value = kvalue.data;
+ value->length = kvalue.length;
+ }
- *authenticated = kauthenticated;
- *complete = kcomplete;
+ if (authenticated != NULL)
+ *authenticated = kauthenticated;
+ if (complete != NULL)
+ *complete = kcomplete;
- display_value->value = kvalue.data;
- display_value->length = kvalue.length;
+ if (display_value != NULL) {
+ display_value->value = kdisplay_value.data;
+ display_value->length = kdisplay_value.length;
+ }
}
krb5_free_context(context);
code = krb5_authdata_export_internal(context,
kname->ad_context,
+ authenticated,
kmodule,
(void **)output);
gss_context_time
gss_create_empty_buffer_set
gss_create_empty_oid_set
+gss_delete_name_attribute
gss_delete_sec_context
gss_display_name
+gss_display_name_ext
gss_display_status
gss_duplicate_name
gss_export_name
+gss_export_name_composite
gss_export_sec_context
gss_get_mic
+gss_get_name_attribute
gss_import_name
gss_import_sec_context
gss_indicate_mechs
gss_krb5int_unseal_token_v3
gsskrb5_extract_authtime_from_sec_context
gsskrb5_extract_authz_data_from_sec_context
+gss_map_name_to_any
gss_mech_krb5
gss_mech_krb5_old
gss_mech_set_krb5
gss_nt_user_name
gss_oid_to_str
gss_process_context_token
+gss_release_any_name_mapping
gss_release_buffer_set
gss_release_buffer
gss_release_cred
gss_release_oid
gss_release_oid_set
gss_seal
+gss_set_name_attribute
gss_set_sec_context_option
gss_sign
gss_str_to_oid
krb5_gss_dbg_client_expcreds
krb5_gss_register_acceptor_identity
krb5_gss_use_kdc_context
+gss_inquire_name
krb5_authdata **authdata2 = NULL;
int j;
+ if ((module->flags & flags) == 0)
+ continue;
+
if (module->ftable->export_attributes == NULL)
continue;
krb5_error_code KRB5_CALLCONV
krb5_authdata_export_internal(krb5_context kcontext,
krb5_authdata_context context,
+ krb5_boolean restrict_authenticated,
const char *module_name,
void **ptr)
{
code = (*module->ftable->export_internal)(kcontext,
module->plugin_context,
*(module->request_context_pp),
+ restrict_authenticated,
ptr);
break;
code = (*src_module->ftable->export_internal)(kcontext,
src_module->plugin_context,
*(src_module->request_context_pp),
+ FALSE,
&ptr);
if (code != 0)
return code;
static krb5_error_code
mspac_request_init(krb5_context context,
void *plugin_context,
- krb5_flags usage,
void **request_context)
{
struct mspac_context *pacctx;
- if ((usage & AD_USAGE_AP_REQ) == 0) {
- *request_context = NULL;
- return 0;
- }
-
pacctx = (struct mspac_context *)malloc(sizeof(*pacctx));
if (pacctx == NULL)
return ENOMEM;
value->data = NULL;
value->length = 0;
- display_value->data = NULL;
- display_value->length = 0;
+ if (display_value != NULL) {
+ display_value->data = NULL;
+ display_value->length = 0;
+ }
if (*more != -1 || pacctx->pac == NULL)
return ENOENT;
return code;
/* -1 is a magic type that refers to the entire PAC */
- if (type == (krb5_ui_4)-1)
- code = krb5int_copy_data_contents(context, &pacctx->pac->data, value);
- else
- code = krb5_pac_get_buffer(context, pacctx->pac, type, value);
+ if (type == (krb5_ui_4)-1) {
+ if (value != NULL)
+ code = krb5int_copy_data_contents(context,
+ &pacctx->pac->data,
+ value);
+ else
+ code = 0;
+ } else {
+ if (value != NULL)
+ code = krb5_pac_get_buffer(context, pacctx->pac, type, value);
+ else
+ code = k5_pac_locate_buffer(context, pacctx->pac, type, NULL);
+ }
if (code == 0) {
*authenticated = pacctx->pac->verified;
*complete = TRUE;
mspac_export_attributes(krb5_context context,
void *plugin_context,
void *request_context,
+ krb5_flags usage,
krb5_authdata ***out_authdata)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
mspac_export_internal(krb5_context context,
void *plugin_context,
void *request_context,
+ krb5_boolean restrict_authenticated,
void **ptr)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
krb5_error_code code;
krb5_pac pac;
+ *ptr = NULL;
+
if (pacctx->pac == NULL)
- return EINVAL;
+ return 0;
+
+ if (restrict_authenticated && (pacctx->pac->verified) == FALSE)
+ return 0;
code = krb5_pac_parse(context, pacctx->pac->data.data,
pacctx->pac->data.length, &pac);
req,
0)))
goto cleanup;
- krb5_authdata_debug(context, *ad_context);
}
/* read RFC 4537 etype list from sender */
krb5_authdata_context_copy
krb5_authdata_context_free
krb5_authdata_context_init
+krb5_authdata_delete_attribute
krb5_authdata_get_attribute_types
krb5_authdata_get_attribute
krb5_authdata_set_attribute
return GSS_S_COMPLETE;
}
+static void
+dumpAttribute(OM_uint32 *minor,
+ gss_name_t name,
+ gss_buffer_t attribute)
+{
+ OM_uint32 major, tmp;
+ gss_buffer_desc value;
+ gss_buffer_desc display_value;
+ int authenticated = 0;
+ int complete = 0;
+ int more = -1;
+ unsigned int i;
+
+ while (more != 0) {
+ value.value = NULL;
+ display_value.value = NULL;
+
+ major = gss_get_name_attribute(minor,
+ name,
+ attribute,
+ &authenticated,
+ &complete,
+ &value,
+ &display_value,
+ &more);
+ if (GSS_ERROR(major)) {
+ displayStatus("gss_get_name_attribute", major, minor);
+ break;
+ }
+
+ printf("\nAttribute %.*s %s %s %.*s\n",
+ (int)attribute->length, (char *)attribute->value,
+ authenticated ? "Authenticated" : "",
+ complete ? "Complete" : "",
+ (int)display_value.length, (char *)display_value.value);
+
+ for (i = 0; i < value.length; i++) {
+ if ((i % 32) == 0)
+ printf("\n");
+ printf("%02x", ((char *)value.value)[i] & 0xFF);
+ }
+
+ printf("\n");
+
+ gss_release_buffer(&tmp, &value);
+ gss_release_buffer(&tmp, &display_value);
+ }
+}
+
+static OM_uint32
+enumerateAttributes(OM_uint32 *minor,
+ gss_name_t name)
+{
+ OM_uint32 major, tmp;
+ int name_is_MN;
+ gss_OID mech = GSS_C_NO_OID;
+ gss_buffer_set_t authenticated = GSS_C_NO_BUFFER_SET;
+ gss_buffer_set_t asserted = GSS_C_NO_BUFFER_SET;
+ gss_buffer_set_t complete = GSS_C_NO_BUFFER_SET;
+ unsigned int i;
+
+ major = gss_inquire_name(minor,
+ name,
+ &name_is_MN,
+ &mech,
+ &authenticated,
+ &asserted,
+ &complete);
+ if (GSS_ERROR(major)) {
+ displayStatus("gss_inquire_name", major, minor);
+ goto cleanup;
+ }
+
+ if (authenticated != GSS_C_NO_BUFFER_SET) {
+ for (i = 0; i < authenticated->count; i++)
+ dumpAttribute(minor, name, &authenticated->elements[i]);
+ }
+ if (asserted != GSS_C_NO_BUFFER_SET) {
+ for (i = 0; i < authenticated->count; i++)
+ dumpAttribute(minor, name, &asserted->elements[i]);
+ }
+ if (complete != GSS_C_NO_BUFFER_SET) {
+ for (i = 0; i < authenticated->count; i++)
+ dumpAttribute(minor, name, &complete->elements[i]);
+ }
+
+cleanup:
+ gss_release_oid(&tmp, &mech);
+ gss_release_buffer_set(&tmp, &authenticated);
+ gss_release_buffer_set(&tmp, &asserted);
+ gss_release_buffer_set(&tmp, &complete);
+
+ return major;
+}
+
static OM_uint32
initAcceptSecContext(OM_uint32 *minor,
gss_cred_id_t verifier_cred_handle,
if (GSS_ERROR(major))
displayStatus("gss_accept_sec_context", major, minor);
- else
+ else {
displayCanonName(minor, source_name, "Source name");
+ enumerateAttributes(minor, source_name);
+ }
(void) gss_delete_sec_context(minor, &acceptor_context, NULL);
(void) gss_release_buffer(minor, &token);
projects / thirdparty / krb5.git / commitdiff
