krb5_gss_get_name_attribute,
krb5_gss_set_name_attribute,
krb5_gss_delete_name_attribute,
- NULL, /* export_name_composite */
+ krb5_gss_export_name_composite,
krb5_gss_map_name_to_any,
krb5_gss_release_any_name_mapping,
};
}
-#if 0
OM_uint32
krb5_gss_export_name_composite(OM_uint32 *minor_status,
gss_name_t name,
gss_buffer_t exp_composite_name)
{
+ krb5_context context;
+ krb5_error_code code;
+ krb5_gss_name_t kname;
+ krb5_authdata **authdata = NULL;
+ krb5_data *enc_authdata = NULL;
+ char *princstr = NULL, *cp;
+ size_t princlen;
+
+ if (minor_status != NULL)
+ *minor_status = 0;
+
+ code = krb5_gss_init_context(&context);
+ if (code != 0) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
+
+ if (!kg_validate_name(name)) {
+ *minor_status = (OM_uint32)G_VALIDATE_FAILED;
+ krb5_free_context(context);
+ return GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME;
+ }
+
+ kname = (krb5_gss_name_t)name;
+
+ code = k5_mutex_lock(&kname->lock);
+ if (code != 0) {
+ *minor_status = code;
+ return GSS_S_FAILURE;
+ }
+
+ if (kname->ad_context == NULL) {
+ code = ENOENT;
+ goto cleanup;
+ }
+
+ code = krb5_unparse_name(context, kname->princ, &princstr);
+ if (code != 0)
+ goto cleanup;
+
+ princlen = strlen(princstr);
+
+ code = krb5_authdata_export_attributes(context,
+ kname->ad_context,
+ AD_USAGE_AP_REQ,
+ &authdata);
+ if (code != 0)
+ goto cleanup;
+
+ if (authdata != NULL) {
+ code = encode_krb5_authdata(authdata, &enc_authdata);
+ if (code != 0)
+ goto cleanup;
+ }
+
+ /* 04 02 OID Name AuthData */
+
+ exp_composite_name->length = 14 + princlen +
+ (enc_authdata != NULL ? enc_authdata->length : 0) +
+ gss_mech_krb5->length;
+ exp_composite_name->value = malloc(exp_composite_name->length);
+ if (exp_composite_name->value == NULL) {
+ code = ENOMEM;
+ goto cleanup;
+ }
+
+ cp = exp_composite_name->value;
+
+ /* Note: we assume the OID will be less than 128 bytes... */
+ *cp++ = 0x04;
+ *cp++ = 0x02;
+
+ store_16_be(gss_mech_krb5->length + 2, cp);
+ cp += 2;
+ *cp++ = 0x06;
+ *cp++ = (gss_mech_krb5->length) & 0xFF;
+ memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length);
+ cp += gss_mech_krb5->length;
+
+ store_32_be(princlen, cp);
+ cp += 4;
+ memcpy(cp, princstr, princlen);
+ cp += princlen;
+
+ if (enc_authdata != NULL) {
+ store_32_be(enc_authdata->length, cp);
+ cp += 4;
+ memcpy(cp, enc_authdata->data, enc_authdata->length);
+ cp += enc_authdata->length;
+ }
+
+cleanup:
+ krb5_free_unparsed_name(context, princstr);
+ krb5_free_data(context, enc_authdata);
+ krb5_free_authdata(context, authdata);
+ k5_mutex_unlock(&kname->lock);
+ krb5_free_context(context);
+
+ return kg_map_name_error(minor_status, code);
}
+#if 0
OM_uint32
krb5_gss_display_name_ext(OM_uint32 *minor_status,
gss_name_t name,
len += j;
}
+ authdata[len] = NULL;
+
*pauthdata = authdata;
return code;
return code;
}
-#ifdef DEBUG
-static void
-debug_authdata_attribute(krb5_context kcontext,
- krb5_authdata_context context,
- const krb5_data *attr)
-{
- krb5_error_code code;
- krb5_boolean authenticated, complete;
- krb5_data value, display_value;
- int more = -1;
-
- while (more != 0) {
- code = krb5_authdata_get_attribute(kcontext, context, attr,
- &authenticated, &complete,
- &value, &display_value, &more);
- if (code != 0)
- break;
-
- fprintf(stderr, "AD Attribute %.*s Value Length %d "
- "Disp Value Length %d More %d\n",
- attr->length, attr->data, value.length, display_value.length, more);
-
- krb5_free_data_contents(kcontext, &value);
- krb5_free_data_contents(kcontext, &display_value);
- }
-}
-
-void
-krb5_authdata_debug(krb5_context kcontext,
- krb5_authdata_context context)
-{
- krb5_error_code code;
- krb5_data *asserted = NULL;
- krb5_data *verified = NULL;
- int i;
-
-#if 0
- {
- krb5_data fooattr = { KV5M_DATA, sizeof("mspac:1234"), "mspac:1234" };
- krb5_data foovalue = { KV5M_DATA, sizeof("abcdefghijklmnop"), "abcdefghijklmnop" };
-
- code = krb5_authdata_set_attribute(kcontext, context, TRUE, &fooattr, &foovalue);
- if (code != 0) {
- fprintf(stderr, "krb5_authdata_debug failed: %s\n",
- krb5_get_error_message(kcontext, code));
- }
- }
-#endif
-
- code = krb5_authdata_get_attribute_types(kcontext, context,
- &asserted, &verified);
- if (code != 0) {
- fprintf(stderr, "krb5_authdata_debug failed: %s\n",
- krb5_get_error_message(kcontext, code));
- return;
- }
-
- fprintf(stderr, "Asserted attributes:\n");
- if (asserted != NULL) {
- for (i = 0; asserted[i].data != NULL; i++) {
- debug_authdata_attribute(kcontext, context, &asserted[i]);
- }
- }
- fprintf(stderr, "Authenticated attributes:\n");
- if (verified != NULL) {
- for (i = 0; verified[i].data != NULL; i++) {
- debug_authdata_attribute(kcontext, context, &verified[i]);
- }
- }
- krb5int_free_data_list(kcontext, asserted);
- krb5int_free_data_list(kcontext, verified);
-}
-#endif /* DEBUG */
-
authdata[0]->length = data.length;
authdata[0]->contents = (krb5_octet *)data.data;
+ authdata[1] = NULL;
+
+ *out_authdata = authdata;
+
return 0;
}
projects / thirdparty / krb5.git / commitdiff
