krb5_authdata_get_attribute_types
(krb5_context kcontext,
krb5_authdata_context context,
- krb5_data **verified,
- krb5_data **asserted);
+ krb5_data **attrs);
krb5_error_code KRB5_CALLCONV krb5_authdata_get_attribute
(krb5_context kcontext,
struct _krb5_authdata_context *context,
void *plugin_context,
void *request_context,
- krb5_data **verified,
- krb5_data **asserted);
+ krb5_data **attrs);
typedef krb5_error_code
(*authdata_client_get_attribute_proc)(krb5_context kcontext,
gss_name_t, /* name */
int *, /* name_is_MN */
gss_OID *, /* MN_mech */
- gss_buffer_set_t *, /* authenticated */
- gss_buffer_set_t * /* asserted */
+ gss_buffer_set_t * /* attrs */
);
OM_uint32 KRB5_CALLCONV gss_get_name_attribute
gss_name_t name,
int *name_is_MN,
gss_OID *MN_mech,
- gss_buffer_set_t *authenticated,
- gss_buffer_set_t *asserted);
+ gss_buffer_set_t *attrs);
OM_uint32
krb5_gss_get_name_attribute(OM_uint32 *minor_status,
gss_name_t name,
int *name_is_MN,
gss_OID *MN_mech,
- gss_buffer_set_t *authenticated,
- gss_buffer_set_t *asserted)
+ gss_buffer_set_t *attrs)
{
krb5_context context;
krb5_error_code code;
krb5_gss_name_t kname;
- krb5_data *kauthenticated = NULL;
- krb5_data *kasserted = NULL;
+ krb5_data *kattrs = NULL;
if (minor_status != NULL)
*minor_status = 0;
- if (authenticated != NULL)
- *authenticated = GSS_C_NO_BUFFER_SET;
- if (asserted != NULL)
- *asserted = GSS_C_NO_BUFFER_SET;
+ if (attrs != NULL)
+ *attrs = GSS_C_NO_BUFFER_SET;
code = krb5_gss_init_context(&context);
if (code != 0) {
code = krb5_authdata_get_attribute_types(context,
kname->ad_context,
- &kauthenticated,
- &kasserted);
+ &kattrs);
if (code != 0)
goto cleanup;
- code = kg_data_list_to_buffer_set_nocopy(&kauthenticated,
- authenticated);
- if (code != 0)
- goto cleanup;
-
- code = kg_data_list_to_buffer_set_nocopy(&kasserted,
- asserted);
+ code = kg_data_list_to_buffer_set_nocopy(&kattrs, attrs);
if (code != 0)
goto cleanup;
cleanup:
k5_mutex_unlock(&kname->lock);
- krb5int_free_data_list(context, kauthenticated);
- krb5int_free_data_list(context, kasserted);
+ krb5int_free_data_list(context, kattrs);
krb5_free_context(context);
gss_name_t name,
int *name_is_MN,
gss_OID *MN_mech,
- gss_buffer_set_t *authenticated,
- gss_buffer_set_t *asserted)
+ gss_buffer_set_t *attrs)
{
OM_uint32 status, tmp;
gss_union_name_t union_name;
if (MN_mech != NULL)
*MN_mech = GSS_C_NO_OID;
- /* XXX really optional? */
- if (authenticated != NULL)
- *authenticated = GSS_C_NO_BUFFER_SET;
- if (asserted != NULL)
- *asserted = GSS_C_NO_BUFFER_SET;
+ if (attrs != NULL)
+ *attrs = GSS_C_NO_BUFFER_SET;
*minor_status = 0;
union_name = (gss_union_name_t)name;
union_name->mech_name,
NULL,
NULL,
- authenticated,
- asserted);
+ attrs);
if (status != GSS_S_COMPLETE) {
generic_gss_release_oid(&tmp, MN_mech);
map_error(minor_status, mech);
gss_name_t, /* name */
int *, /* name_is_MN */
gss_OID *, /* MN_mech */
- gss_buffer_set_t *, /* authenticated */
- gss_buffer_set_t * /* asserted */
+ gss_buffer_set_t * /* attrs */
/* */);
OM_uint32 (*gss_get_name_attribute)
gss_name_t name,
int *name_is_MN,
gss_OID *MN_mech,
- gss_buffer_set_t *authenticated,
- gss_buffer_set_t *asserted
+ gss_buffer_set_t *attrs
);
OM_uint32
gss_name_t name,
int *name_is_MN,
gss_OID *MN_mech,
- gss_buffer_set_t *authenticated,
- gss_buffer_set_t *asserted)
+ gss_buffer_set_t *attrs)
{
OM_uint32 ret;
ret = gss_inquire_name(minor_status,
name,
name_is_MN,
MN_mech,
- authenticated,
- asserted);
+ attrs);
return (ret);
}
krb5_error_code KRB5_CALLCONV
krb5_authdata_get_attribute_types(krb5_context kcontext,
krb5_authdata_context context,
- krb5_data **verified_attrs,
- krb5_data **asserted_attrs)
+ krb5_data **out_attrs)
{
int i;
krb5_error_code code = 0;
- krb5_data *verified = NULL;
- krb5_data *asserted = NULL;
- unsigned int verified_len = 0;
- unsigned int asserted_len = 0;
+ krb5_data *attrs = NULL;
+ unsigned int attrs_len = 0;
for (i = 0; i < context->n_modules; i++) {
struct _krb5_authdata_context_module *module = &context->modules[i];
- krb5_data *verified2 = NULL;
- krb5_data *asserted2 = NULL;
+ krb5_data *attrs2 = NULL;
if (module->ftable->get_attribute_types == NULL)
continue;
context,
module->plugin_context,
*(module->request_context_pp),
- verified_attrs ?
- &verified2 : NULL,
- asserted_attrs ?
- &asserted2 : NULL))
+ &attrs2))
continue;
- if (verified_attrs != NULL) {
- code = k5_merge_data_list(&verified, verified2, &verified_len);
- if (code != 0) {
- krb5int_free_data_list(kcontext, verified2);
- break;
- }
- if (verified2 != NULL)
- free(verified2);
- }
-
- if (asserted_attrs != NULL) {
- code = k5_merge_data_list(&asserted, asserted2, &asserted_len);
- if (code != 0) {
- krb5int_free_data_list(kcontext, asserted2);
- break;
- }
- if (asserted2 != NULL)
- free(asserted2);
+ code = k5_merge_data_list(&attrs, attrs2, &attrs_len);
+ if (code != 0) {
+ krb5int_free_data_list(kcontext, attrs2);
+ break;
}
+ if (attrs2 != NULL)
+ free(attrs2);
}
if (code != 0) {
- krb5int_free_data_list(kcontext, verified);
- verified = NULL;
-
- krb5int_free_data_list(kcontext, asserted);
- asserted = NULL;
+ krb5int_free_data_list(kcontext, attrs);
+ attrs = NULL;
}
- if (verified_attrs != NULL)
- *verified_attrs = verified;
- if (asserted_attrs != NULL)
- *asserted_attrs = asserted;
+ *out_attrs = attrs;
return code;
}
krb5_authdata_context context,
void *plugin_context,
void *request_context,
- krb5_data **verified,
- krb5_data **asserted)
+ krb5_data **out_attrs)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
unsigned int i, j;
krb5_data *attrs;
krb5_error_code code;
- krb5_data **outattrs;
if (pacctx->pac == NULL)
return ENOENT;
- outattrs = pacctx->pac->verified ? verified : asserted;
- if (outattrs == NULL)
- return ENOENT; /* caller is not interested */
-
attrs = calloc(1 + pacctx->pac->pac->cBuffers + 1, sizeof(krb5_data));
if (attrs == NULL)
return ENOMEM;
attrs[j].data = NULL;
attrs[j].length = 0;
- *outattrs = attrs;
+ *out_attrs = attrs;
return 0;
}
krb5_authdatatype ad_type,
krb5_flags *flags)
{
- *flags = AD_USAGE_TGS_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL;
+ *flags = AD_USAGE_AP_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL;
}
static void
krb5_authdata_context context,
void *plugin_context,
void *request_context,
- krb5_data **verified,
- krb5_data **asserted)
+ krb5_data **out_attrs)
{
krb5_error_code code;
struct greet_context *greet = (struct greet_context *)request_context;
if (greet->greeting.length == 0)
return ENOENT;
- if (asserted == NULL)
- return 0;
-
- *asserted = calloc(2, sizeof(krb5_data));
- if (*asserted == NULL)
+ *out_attrs = calloc(2, sizeof(krb5_data));
+ if (*out_attrs == NULL)
return ENOMEM;
code = krb5int_copy_data_contents_add0(kcontext,
&greet_attr,
- &(*asserted)[0]);
+ &(*out_attrs)[0]);
if (code != 0) {
- free(*asserted);
- *asserted = NULL;
+ free(*out_attrs);
+ *out_attrs = NULL;
return code;
}
#include <gssapi/gssapi_krb5.h>
#include <gssapi/gssapi_generic.h>
-#define USE_SPNEGO 1
-
-#ifdef USE_SPNEGO
static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
-#endif
+
+static int use_spnego = 0;
static void displayStatus_1(m, code, type)
char *m;
OM_uint32 major, tmp;
int name_is_MN;
gss_OID mech = GSS_C_NO_OID;
- gss_buffer_set_t authenticated = GSS_C_NO_BUFFER_SET;
- gss_buffer_set_t asserted = GSS_C_NO_BUFFER_SET;
- gss_buffer_set_t complete = GSS_C_NO_BUFFER_SET;
+ gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
unsigned int i;
major = gss_inquire_name(minor,
name,
&name_is_MN,
&mech,
- &authenticated,
- &asserted,
- &complete);
+ &attrs);
if (GSS_ERROR(major)) {
displayStatus("gss_inquire_name", major, *minor);
- goto cleanup;
+ return major;
}
- if (authenticated != GSS_C_NO_BUFFER_SET) {
- for (i = 0; i < authenticated->count; i++)
- dumpAttribute(minor, name, &authenticated->elements[i], noisy);
- }
- if (asserted != GSS_C_NO_BUFFER_SET) {
- for (i = 0; i < asserted->count; i++)
- dumpAttribute(minor, name, &asserted->elements[i], noisy);
- }
- if (complete != GSS_C_NO_BUFFER_SET) {
- for (i = 0; i < complete->count; i++)
- dumpAttribute(minor, name, &complete->elements[i], noisy);
+ if (attrs != GSS_C_NO_BUFFER_SET) {
+ for (i = 0; i < attrs->count; i++)
+ dumpAttribute(minor, name, &attrs->elements[i], noisy);
}
-cleanup:
gss_release_oid(&tmp, &mech);
- gss_release_buffer_set(&tmp, &authenticated);
- gss_release_buffer_set(&tmp, &asserted);
- gss_release_buffer_set(&tmp, &complete);
+ gss_release_buffer_set(&tmp, &attrs);
return major;
}
verifier_cred_handle,
&initiator_context,
target_name,
-#ifdef USE_SPNEGO
- (gss_OID)&spnego_mech,
-#else
- (gss_OID)gss_mech_krb5,
-#endif
+ use_spnego ?
+ (gss_OID)&spnego_mech :
+ (gss_OID)gss_mech_krb5,
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
GSS_C_INDEFINITE,
GSS_C_NO_CHANNEL_BINDINGS,
gss_OID_set actual_mechs = GSS_C_NO_OID_SET;
gss_name_t name = GSS_C_NO_NAME;
+ if (argc > 1 && strcmp(argv[1], "--spnego") == 0) {
+ use_spnego++;
+ argc--;
+ argv++;
+ }
+
if (argc > 1) {
gss_buffer_desc name_buf;
gss_name_t tmp_name;
gss_release_name(&tmp, &tmp_name);
-#if 1
major = testGreetAuthzData(&minor, name);
if (GSS_ERROR(major))
goto out;
-#endif
} else {
- fprintf(stderr, "Usage: %s [principal] [keytab]\n", argv[0]);
+ fprintf(stderr, "Usage: %s [--spnego] [principal] [keytab]\n", argv[0]);
exit(1);
}
}
-#if 0 /* XXX mechglue bug */
- mechs.elements = (gss_OID)&spnego_mech;
-#else
- mechs.elements = (gss_OID)gss_mech_krb5;
-#endif
+ mechs.elements = use_spnego ? (gss_OID)&spnego_mech :
+ (gss_OID)gss_mech_krb5;
mechs.count = 1;
/* get default cred */
static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
-int use_spnego = 0;
+static int use_spnego = 0;
static void displayStatus_1(m, code, type)
char *m;
OM_uint32 major, tmp_minor;
int name_is_MN;
gss_OID mech = GSS_C_NO_OID;
- gss_buffer_set_t authenticated = GSS_C_NO_BUFFER_SET;
- gss_buffer_set_t asserted = GSS_C_NO_BUFFER_SET;
- gss_buffer_set_t complete = GSS_C_NO_BUFFER_SET;
+ gss_buffer_set_t attrs = GSS_C_NO_BUFFER_SET;
unsigned int i;
major = gss_inquire_name(minor,
name,
&name_is_MN,
&mech,
- &authenticated,
- &asserted,
- &complete);
+ &attrs);
if (GSS_ERROR(major)) {
displayStatus("gss_inquire_name", major, *minor);
- goto cleanup;
+ return major;
}
- if (authenticated != GSS_C_NO_BUFFER_SET) {
- for (i = 0; i < authenticated->count; i++)
- dumpAttribute(minor, name, &authenticated->elements[i], noisy);
- }
- if (asserted != GSS_C_NO_BUFFER_SET) {
- for (i = 0; i < asserted->count; i++)
- dumpAttribute(minor, name, &asserted->elements[i], noisy);
- }
- if (complete != GSS_C_NO_BUFFER_SET) {
- for (i = 0; i < complete->count; i++)
- dumpAttribute(minor, name, &complete->elements[i], noisy);
+ if (attrs != GSS_C_NO_BUFFER_SET) {
+ for (i = 0; i < attrs->count; i++)
+ dumpAttribute(minor, name, &attrs->elements[i], noisy);
}
-cleanup:
gss_release_oid(&tmp_minor, &mech);
- gss_release_buffer_set(&tmp_minor, &authenticated);
- gss_release_buffer_set(&tmp_minor, &asserted);
- gss_release_buffer_set(&tmp_minor, &complete);
+ gss_release_buffer_set(&tmp_minor, &attrs);
return major;
}
projects / thirdparty / krb5.git / commitdiff
