From 6a7f4dec1defc21c1e4469788ed25c8eb891a5c6 Mon Sep 17 00:00:00 2001 From: Henrik Nordstrom Date: Sat, 9 Jan 2010 02:04:10 +0100 Subject: [PATCH] Remove optional kerberos/spnegohelp/ library due to licensing issues --- configure.in | 46 - helpers/negotiate_auth/kerberos/Makefile.am | 10 - .../kerberos/negotiate_kerberos_auth.cc | 69 - .../kerberos/negotiate_kerberos_auth_test.cc | 6 - .../kerberos/spnegohelp/derparse.cc | 706 ------- .../kerberos/spnegohelp/derparse.h | 206 -- .../kerberos/spnegohelp/spnego.cc | 762 ------- .../kerberos/spnegohelp/spnego.h | 251 --- .../kerberos/spnegohelp/spnegohelp.cc | 231 --- .../kerberos/spnegohelp/spnegohelp.h | 56 - .../kerberos/spnegohelp/spnegoparse.cc | 1834 ----------------- .../kerberos/spnegohelp/spnegoparse.h | 166 -- 12 files changed, 4343 deletions(-) delete mode 100644 helpers/negotiate_auth/kerberos/spnegohelp/derparse.cc delete mode 100644 helpers/negotiate_auth/kerberos/spnegohelp/derparse.h delete mode 100644 helpers/negotiate_auth/kerberos/spnegohelp/spnego.cc delete mode 100644 helpers/negotiate_auth/kerberos/spnegohelp/spnego.h delete mode 100644 helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.cc delete mode 100644 helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.h delete mode 100644 helpers/negotiate_auth/kerberos/spnegohelp/spnegoparse.cc delete mode 100644 helpers/negotiate_auth/kerberos/spnegohelp/spnegoparse.h diff --git a/configure.in b/configure.in index 303f458635..1c1c35f188 100644 --- a/configure.in +++ b/configure.in @@ -2105,51 +2105,6 @@ main(void) AC_DEFINE(HAVE_GSSAPI, 1, [GSSAPI support]) fi - AC_CACHE_CHECK([for spnego support], squid_cv_have_spnego, [ - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -#ifdef HAVE_HEIMDAL_KERBEROS -#ifdef HAVE_GSSAPI_GSSAPI_H -#include -#elif defined(HAVE_GSSAPI_H) -#include -#endif -#else -#ifdef HAVE_GSSAPI_GSSAPI_H -#include -#elif defined(HAVE_GSSAPI_H) -#include -#endif -#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H -#include -#endif -#ifdef HAVE_GSSAPI_GSSAPI_GENERIC_H -#include -#endif -#endif -#include -int main(int argc, char *argv[]) { - OM_uint32 major_status,minor_status; - gss_OID_set gss_mech_set; - int i; - -static gss_OID_desc _gss_mech_spnego = {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; -gss_OID gss_mech_spnego = &_gss_mech_spnego; - - major_status = gss_indicate_mechs( &minor_status, &gss_mech_set); - - for (i=0;icount;i++) { - if (!memcmp(gss_mech_set->elements[i].elements,gss_mech_spnego->elements,gss_mech_set->elements[i].length)) { - return 0; - } - } - - return 1; -} -]])], [ squid_cv_have_spnego=yes ], [ squid_cv_have_spnego=no ])]) - - if test "$squid_cv_have_spnego" = "yes" ; then - AC_DEFINE(HAVE_SPNEGO,1, [Define to 1 if you have SPNEGO support]) - fi AC_CACHE_CHECK([for working krb5], squid_cv_working_krb5, [ AC_RUN_IFELSE([AC_LANG_SOURCE([[ #ifdef HAVE_KRB5_H @@ -2182,7 +2137,6 @@ main(void) AC_SUBST(KRB5INCS) AC_SUBST(KRB5LIBS) fi -AM_CONDITIONAL(HAVE_SPNEGO, test x"$squid_cv_have_spnego" = x"yes" ) dnl Enable "NTLM fail open" AC_ARG_ENABLE(ntlm-fail-open, diff --git a/helpers/negotiate_auth/kerberos/Makefile.am b/helpers/negotiate_auth/kerberos/Makefile.am index 5ad1cf2832..92470c06cf 100644 --- a/helpers/negotiate_auth/kerberos/Makefile.am +++ b/helpers/negotiate_auth/kerberos/Makefile.am @@ -7,19 +7,9 @@ libexec_PROGRAMS = negotiate_kerberos_auth negotiate_kerberos_auth_test SOURCE = negotiate_kerberos_auth.cc base64.cc base64.h SOURCE_test = negotiate_kerberos_auth_test.cc base64.cc base64.h -SPNEGO = \ - spnegohelp/derparse.cc spnegohelp/derparse.h \ - spnegohelp/spnego.cc spnegohelp/spnego.h \ - spnegohelp/spnegohelp.cc spnegohelp/spnegohelp.h \ - spnegohelp/spnegoparse.cc spnegohelp/spnegoparse.h -if HAVE_SPNEGO negotiate_kerberos_auth_SOURCES = $(SOURCE) AM_CPPFLAGS = $(INCLUDES) -I$(srcdir) -else -negotiate_kerberos_auth_SOURCES = $(SOURCE) $(SPNEGO) -AM_CPPFLAGS = $(INCLUDES) -I$(srcdir)/spnegohelp -I$(srcdir) -endif negotiate_kerberos_auth_test_SOURCES = $(SOURCE_test) diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc index 61485f5bd5..ff5afe7997 100644 --- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc +++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc @@ -59,9 +59,6 @@ #include "base64.h" #include "getaddrinfo.h" #include "getnameinfo.h" -#if !HAVE_SPNEGO -#include "spnegohelp.h" -#endif #if HAVE_GSSAPI_GSSAPI_H #include @@ -224,9 +221,6 @@ main(int argc, char *const argv[]) int length = 0; static int err = 0; int opt, debug = 0, log = 0, norealm = 0; -#if !HAVE_SPNEGO - int rc; -#endif OM_uint32 ret_flags = 0, spnego_flag = 0; char *service_name = (char *) "HTTP", *host_name = NULL; char *token = NULL; @@ -240,9 +234,6 @@ main(int argc, char *const argv[]) gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER; gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER; const unsigned char *kerberosToken = NULL; -#if !HAVE_SPNEGO - size_t kerberosTokenLength = 0; -#endif const unsigned char *spnegoToken = NULL; size_t spnegoTokenLength = 0; @@ -419,46 +410,6 @@ main(int argc, char *const argv[]) ska_base64_decode((char*)input_token.value, buf + 3, input_token.length); -#if !HAVE_SPNEGO - if ((rc = parseNegTokenInit((const unsigned char*)input_token.value, - input_token.length, - &kerberosToken, &kerberosTokenLength)) != 0) { - if (debug) - fprintf(stderr, "%s| %s: parseNegTokenInit failed with rc=%d\n", - LogTime(), PROGRAM, rc); - - /* if between 100 and 200 it might be a GSSAPI token and not a SPNEGO token */ - if (rc < 100 || rc > 199) { - if (debug) - fprintf(stderr, "%s| %s: Invalid GSS-SPNEGO query [%s]\n", - LogTime(), PROGRAM, buf); - fprintf(stdout, "BH Invalid GSS-SPNEGO query\n"); - goto cleanup; - } - if ((input_token.length >= sizeof ntlmProtocol + 1) && - (!memcmp(input_token.value, ntlmProtocol, - sizeof ntlmProtocol))) { - if (debug) - fprintf(stderr, "%s| %s: received type %d NTLM token\n", - LogTime(), PROGRAM, - (int) *((unsigned char *) input_token.value + - sizeof ntlmProtocol)); - fprintf(stdout, "BH received type %d NTLM token\n", - (int) *((unsigned char *) input_token.value + - sizeof ntlmProtocol)); - goto cleanup; - } - if (debug) - fprintf(stderr, "%s| %s: Token is possibly a GSSAPI token\n", - LogTime(), PROGRAM); - spnego_flag = 0; - } else { - gss_release_buffer(&minor_status, &input_token); - input_token.length = kerberosTokenLength; - input_token.value = (void *) kerberosToken; - spnego_flag = 1; - } -#else if ((input_token.length >= sizeof ntlmProtocol + 1) && (!memcmp(input_token.value, ntlmProtocol, sizeof ntlmProtocol))) { if (debug) @@ -471,7 +422,6 @@ main(int argc, char *const argv[]) sizeof ntlmProtocol)); goto cleanup; } -#endif if (service_principal) { if (strcasecmp(service_principal, "GSS_C_NO_NAME")) { @@ -507,27 +457,8 @@ main(int argc, char *const argv[]) if (output_token.length) { -#if !HAVE_SPNEGO - if (spnego_flag) { - if ((rc = makeNegTokenTarg((const unsigned char*)output_token.value, - output_token.length, - &spnegoToken, &spnegoTokenLength)) != 0) { - if (debug) - fprintf(stderr, - "%s| %s: makeNegTokenTarg failed with rc=%d\n", - LogTime(), PROGRAM, rc); - fprintf(stdout, "BH makeNegTokenTarg failed with rc=%d\n", - rc); - goto cleanup; - } - } else { - spnegoToken = (const unsigned char*)output_token.value; - spnegoTokenLength = output_token.length; - } -#else spnegoToken = (const unsigned char*)output_token.value; spnegoTokenLength = output_token.length; -#endif token = (char*)xmalloc(ska_base64_encode_len(spnegoTokenLength)); if (token == NULL) { if (debug) diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc index dd9c2d84b9..90ea8067b6 100644 --- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc +++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc @@ -98,12 +98,10 @@ LogTime() return buf; } -#ifdef HAVE_SPNEGO #ifndef gss_mech_spnego static gss_OID_desc _gss_mech_spnego = { 6, (void *) "\x2b\x06\x01\x05\x05\x02" }; gss_OID gss_mech_spnego = &_gss_mech_spnego; #endif -#endif int check_gss_err(OM_uint32 major_status, OM_uint32 minor_status, @@ -190,11 +188,7 @@ squid_kerb_proxy_auth(char *proxy) major_status = gss_init_sec_context(&minor_status, GSS_C_NO_CREDENTIAL, &gss_context, server_name, -#ifdef HAVE_SPNEGO gss_mech_spnego, -#else - 0, -#endif 0, 0, GSS_C_NO_CHANNEL_BINDINGS, diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/derparse.cc b/helpers/negotiate_auth/kerberos/spnegohelp/derparse.cc deleted file mode 100644 index b40862fb77..0000000000 --- a/helpers/negotiate_auth/kerberos/spnegohelp/derparse.cc +++ /dev/null @@ -1,706 +0,0 @@ -// Copyright (C) 2002 Microsoft Corporation -// All rights reserved. -// -// THIS CODE AND INFORMATION IS PROVIDED "AS IS" -// WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -// OR IMPLIED, INCLUDING BUT NOT LIMITED -// TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY -// AND/OR FITNESS FOR A PARTICULAR PURPOSE. -// -// Date - 10/08/2002 -// Author - Sanj Surati - - -///////////////////////////////////////////////////////////// -// -// DERPARSE.C -// -// SPNEGO Token Handler Source File -// -// Contains implementation of ASN.1 DER read/write functions -// as defined in DERPARSE.H. -// -///////////////////////////////////////////////////////////// - -#include "config.h" -#include -#include -#include -#include "spnego.h" -#include "derparse.h" - -// -// The GSS Mechanism OID enumeration values (SPNEGO_MECH_OID) control which offset in -// the array below, that a mechanism can be found. -// -MECH_OID g_stcMechOIDList[] = { - {(unsigned char *) "\x06\x09\x2a\x86\x48\x82\xf7\x12\x01\x02\x02", 11, 9, spnego_mech_oid_Kerberos_V5_Legacy}, // 1.2.840.48018.1.2.2 - {(unsigned char *) "\x06\x09\x2a\x86\x48\x86\xf7\x12\x01\x02\x02", 11, 9, spnego_mech_oid_Kerberos_V5}, // 1.2.840.113554.1.2.2 - {(unsigned char *) "\x06\x06\x2b\x06\x01\x05\x05\x02", 8, 6, spnego_mech_oid_Spnego}, // 1.3.6.1.1.5.5.2 - {(unsigned char *) "", 0, 0, spnego_mech_oid_NotUsed} // Placeholder -}; - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerGetLength -// -// Parameters: -// [in] pbLengthData - DER Length Data -// [in] nBoundaryLength - Length that value must not exceed. -// [out] pnLength - Filled out with length value -// [out] pnNumLengthBytes - Filled out with number of bytes -// consumed by DER length. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Interprets the data at pbLengthData as a DER length. The length must -// fit within the bounds of nBoundary length. We do not currently -// process lengths that take more than 4 bytes. -// -//////////////////////////////////////////////////////////////////////////// - -int -ASNDerGetLength(unsigned char *pbLengthData, long nBoundaryLength, - long *pnLength, long *pnNumLengthBytes) -{ - int nReturn = SPNEGO_E_INVALID_LENGTH; - int nNumLengthBytes = 0; - - // First check if the extended length bit is set - - if (*pbLengthData & LEN_XTND) { - // Lower 7 bits contain the number of trailing bytes that describe the length - nNumLengthBytes = *pbLengthData & LEN_MASK; - - // Check that the number of bytes we are about to read is within our boundary - // constraints - - if (nNumLengthBytes <= nBoundaryLength - 1) { - - // For now, our handler won't deal with lengths greater than 4 bytes - if (nNumLengthBytes >= 1 && nNumLengthBytes <= 4) { - // 0 out the initial length - *pnLength = 0L; - - // Bump by 1 byte - pbLengthData++; - -#if defined(__LITTLE_ENDIAN__) || !defined(WORDS_BIGENDIAN) - - // There may be a cleaner way to do this, but for now, this seems to be - // an easy way to do the transformation - switch (nNumLengthBytes) { - case 1: { - *(((unsigned char *) pnLength)) = *pbLengthData; - break; - } - - case 2: { - *(((unsigned char *) pnLength)) = *(pbLengthData + 1); - *(((unsigned char *) pnLength) + 1) = *(pbLengthData); - - break; - } - - case 3: { - *(((unsigned char *) pnLength)) = *(pbLengthData + 2); - *(((unsigned char *) pnLength) + 2) = - *(pbLengthData + 1); - *(((unsigned char *) pnLength) + 3) = *(pbLengthData); - break; - } - - case 4: { - *(((unsigned char *) pnLength)) = *(pbLengthData + 3); - *(((unsigned char *) pnLength) + 1) = - *(pbLengthData + 2); - *(((unsigned char *) pnLength) + 2) = - *(pbLengthData + 1); - *(((unsigned char *) pnLength) + 3) = *(pbLengthData); - break; - } - - } // SWITCH ( nNumLengthBytes ) - -#else - // We are Big-Endian, so the length can be copied in from the source - // as is. Ensure that we adjust for the number of bytes we actually - // copy. - - memcpy(((unsigned char *) pnLength) + (4 - nNumLengthBytes), - pbLengthData, nNumLengthBytes); -#endif - - // Account for the initial length byte - *pnNumLengthBytes = nNumLengthBytes + 1; - nReturn = SPNEGO_E_SUCCESS; - - } // IF Valid Length - - } // IF num bytes to read is within the boundary length - - } // IF xtended length - else { - - // Extended bit is not set, so the length is in the value and the one - // byte describes the length - *pnLength = *pbLengthData & LEN_MASK; - *pnNumLengthBytes = 1; - nReturn = SPNEGO_E_SUCCESS; - - } - LOG(("ASNDerGetLength returned %d\n", nReturn)); - return nReturn; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerCheckToken -// -// Parameters: -// [in] pbTokenData - Token Data -// [in] nToken - Token identifier to check for -// [in] nLengthWithToken - Expected token length (with data) -// [in] nBoundaryLength - Length that value must not exceed. -// [out] pnLength - Filled out with data length -// [out] pnTokenLength - Filled out with number of bytes -// consumed by token identifier and length. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Checks the data pointed to by pbTokenData for the specified token -// identifier and the length that immediately follows. If -// nLengthWithToken is > 0, the calculated length must match. The -// length must also not exceed the specified boundary length . -// -//////////////////////////////////////////////////////////////////////////// - -int -ASNDerCheckToken(unsigned char *pbTokenData, unsigned char nToken, - long nLengthWithToken, long nBoundaryLength, - long *pnLength, long *pnTokenLength) -{ - - int nReturn = SPNEGO_E_INVALID_LENGTH; - long nNumLengthBytes = 0L; - - // Make sure that we've at least got 2 bytes of room to work with - - if (nBoundaryLength >= 2) { - // The first byte of the token data MUST match the specified token - if (*pbTokenData == nToken) { - // Next byte indicates the length - pbTokenData++; - - // Get the length described by the token - if ((nReturn = - ASNDerGetLength(pbTokenData, nBoundaryLength, pnLength, - &nNumLengthBytes)) == SPNEGO_E_SUCCESS) { - // Verify that the length is LESS THAN the boundary length - // (this should prevent us walking out of our buffer) - if ((nBoundaryLength - (nNumLengthBytes + 1) < *pnLength)) { - - nReturn = SPNEGO_E_INVALID_LENGTH; - - } - // If we were passed a length to check, do so now - if (nLengthWithToken > 0L) { - - // Check that the expected length matches - if ((nLengthWithToken - (nNumLengthBytes + 1)) != *pnLength) { - - nReturn = SPNEGO_E_INVALID_LENGTH; - - } - - } // IF need to validate length - - if (SPNEGO_E_SUCCESS == nReturn) { - *pnTokenLength = nNumLengthBytes + 1; - } - - } // IF ASNDerGetLength - - } // IF token matches - else { - nReturn = SPNEGO_E_TOKEN_NOT_FOUND; - } - - } // IF Boundary Length is at least 2 bytes - - LOG(("ASNDerCheckToken returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerCheckOID -// -// Parameters: -// [in] pbTokenData - Token Data -// [in] nMechOID - OID we are looking for -// [in] nBoundaryLength - Length that value must not exceed. -// [out] pnTokenLength - Filled out with number of bytes -// consumed by token and data. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Checks the data pointed to by pbTokenData for the specified OID. -// -//////////////////////////////////////////////////////////////////////////// - -int -ASNDerCheckOID(unsigned char *pbTokenData, SPNEGO_MECH_OID nMechOID, - long nBoundaryLength, long *pnTokenLength) -{ - int nReturn = 0L; - long nLength = 0L; - - // Verify that we have an OID token - if ((nReturn = ASNDerCheckToken(pbTokenData, OID, 0L, nBoundaryLength, - &nLength, pnTokenLength)) == SPNEGO_E_SUCCESS) { - // Add the data length to the Token Length - *pnTokenLength += nLength; - - // Token Lengths plus the actual length must match the length in our OID list element. - // If it doesn't, we're done - if (*pnTokenLength == g_stcMechOIDList[nMechOID].iLen) { - // Memcompare the token and the expected field - if (memcmp(pbTokenData, g_stcMechOIDList[nMechOID].ucOid, - *pnTokenLength) != 0) { - LOG(("ASNDerCheckOID memcmp failed\n")); - nReturn = SPNEGO_E_UNEXPECTED_OID; - } - } else { - LOG(("ASNDerCheckOID token length failed\n")); - nReturn = SPNEGO_E_UNEXPECTED_OID; - } - - } // IF OID Token CHecks - - LOG(("ASNDerCheckOID returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerCalcNumLengthBytes -// -// Parameters: -// [in] nLength - Length to calculate length bytes for. -// -// Returns: -// int Number of bytes necessary to represent length -// -// Comments : -// Helper function to calculate the number of length bytes necessary to -// represent a length value. For our purposes, a 32-bit value should be -// enough to describea length. -// -//////////////////////////////////////////////////////////////////////////// - -int -ASNDerCalcNumLengthBytes(long nLength) -{ - if (nLength <= 0x7F) { - // A single byte will be sufficient for describing this length. - // The byte will simply contain the length - return 1; - } else if (nLength <= 0xFF) { - // Two bytes are necessary, one to say how many following bytes - // describe the length, and one to give the length - return 2; - } else if (nLength <= 0xFFFF) { - // Three bytes are necessary, one to say how many following bytes - // describe the length, and two to give the length - return 3; - } else if (nLength <= 0xFFFFFF) { - // Four bytes are necessary, one to say how many following bytes - // describe the length, and three to give the length - return 4; - } else { - // Five bytes are necessary, one to say how many following bytes - // describe the length, and four to give the length - return 5; - } -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerCalcTokenLength -// -// Parameters: -// [in] nLength - Length to calculate length bytes for. -// [in] nDataLength - Actual Data length value. -// -// Returns: -// long Number of bytes necessary to represent a token, length and data -// -// Comments : -// Helper function to calculate a token and value size, based on a -// supplied length value, and any binary data that will need to be -// written out. -// -//////////////////////////////////////////////////////////////////////////// - -long -ASNDerCalcTokenLength(long nLength, long nDataLength) -{ - // Add a byte to the length size to account for a single byte to - // hold the token type. - long nTotalLength = ASNDerCalcNumLengthBytes(nLength) + 1; - - return nTotalLength + nDataLength; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerCalcElementLength -// -// Parameters: -// [in] nDataLength - Length of data. -// [out] pnInternalLength - Filled out with length of element -// without sequence info. -// -// Returns: -// long Number of bytes necessary to represent an element -// -// Comments : -// Helper function to calculate an element length. An element consists -// of a sequence token, a type token and then the data. -// -//////////////////////////////////////////////////////////////////////////// - -long -ASNDerCalcElementLength(long nDataLength, long *pnInternalLength) -{ - // First the type token and the actual data - long nTotalLength = ASNDerCalcTokenLength(nDataLength, nDataLength); - - // Internal length is the length without the element sequence token - if (NULL != pnInternalLength) { - *pnInternalLength = nTotalLength; - } - // Next add in the element's sequence token (remember that its - // length is the total length of the type token and data) - nTotalLength += ASNDerCalcTokenLength(nTotalLength, 0L); - - return nTotalLength; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerCalcMechListLength -// -// Parameters: -// [in] mechoid - Mech OID to put in list. -// [out] pnInternalLength - Filled out with length of element -// without the primary sequence token. -// -// Returns: -// long Number of bytes necessary to represent a mechList -// -// Comments : -// Helper function to calculate a MechList length. A mechlist consists -// of a NegTokenInit sequence token, a sequence token for the MechList -// and finally a list of OIDs. In our case, we only really have one -// OID. -// -//////////////////////////////////////////////////////////////////////////// - -long -ASNDerCalcMechListLength(SPNEGO_MECH_OID mechoid, long *pnInternalLength) -{ - // First the OID - long nTotalLength = g_stcMechOIDList[mechoid].iLen; - - // Next add in a sequence token - nTotalLength += ASNDerCalcTokenLength(nTotalLength, 0L); - - // Internal length is the length without the element sequence token - if (NULL != pnInternalLength) { - *pnInternalLength = nTotalLength; - } - // Finally add in the element's sequence token - nTotalLength += ASNDerCalcTokenLength(nTotalLength, 0L); - - return nTotalLength; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerWriteLength -// -// Parameters: -// [out] pbData - Buffer to write into. -// [in] nLength - Length to write out. -// -// Returns: -// int Number of bytes written out -// -// Comments : -// Helper function to write out a length value following DER rules . -// -//////////////////////////////////////////////////////////////////////////// - -int -ASNDerWriteLength(unsigned char *pbData, long nLength) -{ - int nNumBytesRequired = ASNDerCalcNumLengthBytes(nLength); - int nNumLengthBytes = nNumBytesRequired - 1; - - - if (nNumBytesRequired > 1) { - - // Write out the number of bytes following which will be used - *pbData = (unsigned char) (LEN_XTND | nNumLengthBytes); - - // Point to where we'll actually write the length - pbData++; - -#if defined(__LITTLE_ENDIAN__) || !defined(WORDS_BIGENDIAN) - - // There may be a cleaner way to do this, but for now, this seems to be - // an easy way to do the transformation - switch (nNumLengthBytes) { - case 1: { - // Cast the length to a single byte, since we know that it - // is 0x7F or less (or we wouldn't only need a single byte). - - *pbData = (unsigned char) nLength; - break; - } - - case 2: { - *pbData = *(((unsigned char *) &nLength) + 1); - *(pbData + 1) = *(((unsigned char *) &nLength)); - break; - } - - case 3: { - *pbData = *(((unsigned char *) &nLength) + 3); - *(pbData + 1) = *(((unsigned char *) &nLength) + 2); - *(pbData + 2) = *(((unsigned char *) &nLength)); - break; - } - - case 4: { - *pbData = *(((unsigned char *) &nLength) + 3); - *(pbData + 1) = *(((unsigned char *) &nLength) + 2); - *(pbData + 2) = *(((unsigned char *) &nLength) + 1); - *(pbData + 3) = *(((unsigned char *) &nLength)); - break; - } - - } // SWITCH ( nNumLengthBytes ) - -#else - // We are Big-Endian, so the length can be copied in from the source - // as is. Ensure that we adjust for the number of bytes we actually - // copy. - - memcpy(pbData, - ((unsigned char *) &nLength) + (4 - nNumLengthBytes), - nNumLengthBytes); -#endif - - } // IF > 1 byte for length - else { - // Cast the length to a single byte, since we know that it - // is 0x7F or less (or we wouldn't only need a single byte). - - *pbData = (unsigned char) nLength; - } - - return nNumBytesRequired; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerWriteToken -// -// Parameters: -// [out] pbData - Buffer to write into. -// [in] ucType - Token Type -// [in] pbTokenValue - Actual Value -// [in] nLength - Length of Data. -// -// Returns: -// int Number of bytes written out -// -// Comments : -// Helper function to write out a token and any associated data. If -// pbTokenValue is non-NULL, then it is written out in addition to the -// token identifier and the length bytes. -// -//////////////////////////////////////////////////////////////////////////// - -int -ASNDerWriteToken(unsigned char *pbData, unsigned char ucType, - unsigned char *pbTokenValue, long nLength) -{ - int nTotalBytesWrittenOut = 0L; - int nNumLengthBytesWritten = 0L; - - // Write out the type - *pbData = ucType; - - // Wrote 1 byte, and move data pointer - nTotalBytesWrittenOut++; - pbData++; - - // Now write out the length and adjust the number of bytes written out - nNumLengthBytesWritten = ASNDerWriteLength(pbData, nLength); - - nTotalBytesWrittenOut += nNumLengthBytesWritten; - pbData += nNumLengthBytesWritten; - - // Write out the token value if we got one. The assumption is that the - // nLength value indicates how many bytes are in pbTokenValue. - - if (NULL != pbTokenValue) { - memcpy(pbData, pbTokenValue, nLength); - nTotalBytesWrittenOut += nLength; - } - - return nTotalBytesWrittenOut; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerWriteOID -// -// Parameters: -// [out] pbData - Buffer to write into. -// [in] eMechOID - OID to write out. -// -// Returns: -// int Number of bytes written out -// -// Comments : -// Helper function to write out an OID. For these we have the raw bytes -// listed in a global structure. The caller simply indicates which OID -// should be written and we will splat out the data. -// -//////////////////////////////////////////////////////////////////////////// - -int -ASNDerWriteOID(unsigned char *pbData, SPNEGO_MECH_OID eMechOID) -{ - - memcpy(pbData, g_stcMechOIDList[eMechOID].ucOid, - g_stcMechOIDList[eMechOID].iLen); - - return g_stcMechOIDList[eMechOID].iLen; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerWriteMechList -// -// Parameters: -// [out] pbData - Buffer to write into. -// [in] eMechOID - OID to put in MechList. -// -// Returns: -// int Number of bytes written out -// -// Comments : -// Helper function to write out a MechList. A MechList consists of the -// Init Token Sequence, a sequence token and then the list of OIDs. In -// our case the OID is from a global array of known OIDs. -// -//////////////////////////////////////////////////////////////////////////// - -long -ASNDerWriteMechList(unsigned char *pbData, SPNEGO_MECH_OID mechoid) -{ - // First get the length - long nInternalLength = 0L; - long nMechListLength = ASNDerCalcMechListLength(mechoid, &nInternalLength); - long nTempLength = 0L; - - nTempLength = ASNDerWriteToken(pbData, SPNEGO_NEGINIT_ELEMENT_MECHTYPES, - NULL, nInternalLength); - - // Adjust the data pointer - pbData += nTempLength; - - // Now write the Sequence token and the OID (the OID is a BLOB in the global - // structure. - - nTempLength = ASNDerWriteToken(pbData, SPNEGO_CONSTRUCTED_SEQUENCE, - g_stcMechOIDList[mechoid].ucOid, g_stcMechOIDList[mechoid].iLen); - - return nMechListLength; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ASNDerWriteElement -// -// Parameters: -// [out] pbData - Buffer to write into. -// [in] ucElementSequence - Sequence Token -// [in] ucType - Token Type -// [in] pbTokenValue - Actual Value -// [in] nLength - Length of Data. -// -// Returns: -// int Number of bytes written out -// -// Comments : -// Helper function to write out a SPNEGO Token element. An element -// consists of a sequence token, a type token and the associated data. -// -//////////////////////////////////////////////////////////////////////////// - -int -ASNDerWriteElement(unsigned char *pbData, unsigned char ucElementSequence, - unsigned char ucType, unsigned char *pbTokenValue, long nLength) -{ - // First get the length - long nInternalLength = 0L; - long nElementLength = ASNDerCalcElementLength(nLength, &nInternalLength); - long nTempLength = 0L; - - // Write out the sequence byte and the length of the type and data - nTempLength = - ASNDerWriteToken(pbData, ucElementSequence, NULL, nInternalLength); - - // Adjust the data pointer - pbData += nTempLength; - - // Now write the type and the data. - nTempLength = ASNDerWriteToken(pbData, ucType, pbTokenValue, nLength); - - return nElementLength; -} diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/derparse.h b/helpers/negotiate_auth/kerberos/spnegohelp/derparse.h deleted file mode 100644 index 185baf5142..0000000000 --- a/helpers/negotiate_auth/kerberos/spnegohelp/derparse.h +++ /dev/null @@ -1,206 +0,0 @@ -// Copyright (C) 2002 Microsoft Corporation -// All rights reserved. -// -// THIS CODE AND INFORMATION IS PROVIDED "AS IS" -// WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -// OR IMPLIED, INCLUDING BUT NOT LIMITED -// TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY -// AND/OR FITNESS FOR A PARTICULAR PURPOSE. -// -// Date - 10/08/2002 -// Author - Sanj Surati - -///////////////////////////////////////////////////////////// -// -// DERPARSE.H -// -// SPNEGO Token Handler Header File -// -// Contains the definitions required to properly parse the -// SPNEGO DER encoding. -// -///////////////////////////////////////////////////////////// - -#ifndef __DERPARSE_H__ -#define __DERPARSE_H__ - -// C++ Specific -#if defined(__cplusplus) -extern "C" { -#endif - - /* Identifier Types */ -#define IDENTIFIER_MASK 0xC0 // Bits 7 and 8 -#define IDENTIFIER_UNIVERSAL 0x00 // 00 = universal -#define IDENTIFIER_APPLICATION 0x40 // 01 = application -#define IDENTIFIER_CONTEXT_SPECIFIC 0x80 // 10 = context specific -#define IDENTIFIER_PRIVATE 0xC0 // 11 = Private - - /* Encoding type */ - -#define FORM_MASK 0x20 /* Bit 6 */ -#define PRIMITIVE 0x00 /* 0 = primitive */ -#define CONSTRUCTED 0x20 /* 1 = constructed */ - - /* Universal tags */ - -#define TAG_MASK 0x1F /* Bits 5 - 1 */ -#define BOOLEAN 0x01 /* 1: TRUE or FALSE */ -#define INTEGER 0x02 /* 2: Arbitrary precision integer */ -#define BITSTRING 0x03 /* 2: Sequence of bits */ -#define OCTETSTRING 0x04 /* 4: Sequence of bytes */ -#define NULLTAG 0x05 /* 5: NULL */ -#define OID 0x06 /* 6: Object Identifier (numeric sequence) */ -#define OBJDESCRIPTOR 0x07 /* 7: Object Descriptor (human readable) */ -#define EXTERNAL 0x08 /* 8: External / Instance Of */ -#define REAL 0x09 /* 9: Real (Mantissa * Base^Exponent) */ -#define ENUMERATED 0x0A /* 10: Enumerated */ -#define EMBEDDED_PDV 0x0B /* 11: Embedded Presentation Data Value */ -#define SEQUENCE 0x10 /* 16: Constructed Sequence / Sequence Of */ -#define SET 0x11 /* 17: Constructed Set / Set Of */ -#define NUMERICSTR 0x12 /* 18: Numeric String (digits only) */ -#define PRINTABLESTR 0x13 /* 19: Printable String */ -#define T61STR 0x14 /* 20: T61 String (Teletex) */ -#define VIDEOTEXSTR 0x15 /* 21: Videotex String */ -#define IA5STR 0x16 /* 22: IA5 String */ -#define UTCTIME 0x17 /* 23: UTC Time */ -#define GENERALIZEDTIME 0x18 /* 24: Generalized Time */ -#define GRAPHICSTR 0x19 /* 25: Graphic String */ -#define VISIBLESTR 0x1A /* 26: Visible String (ISO 646) */ -#define GENERALSTR 0x1B /* 27: General String */ -#define UNIVERSALSTR 0x1C /* 28: Universal String */ -#define BMPSTR 0x1E /* 30: Basic Multilingual Plane String */ - - /* Length encoding */ - -#define LEN_XTND 0x80 /* Indefinite or long form */ -#define LEN_MASK 0x7f /* Bits 7 - 1 */ - -// -// SPNEGO Token Parsing Constants -// - - -// Fixed Length of NegTokenInit ReqFlags field -#define SPNEGO_NEGINIT_MAXLEN_REQFLAGS 2 - -// Difference in bits for ReqFlags token -#define SPNEGO_NEGINIT_REQFLAGS_BITDIFF 1 - -// Fixed Length of NegTokenTarg NegResult field -#define SPNEGO_NEGTARG_MAXLEN_NEGRESULT 1 - -// Application Specific Construct - Always at the start of a NegTokenInit -#define SPNEGO_NEGINIT_APP_CONSTRUCT ( IDENTIFIER_APPLICATION | CONSTRUCTED ) // 0x60 - -// Constructed Sequence token - after the actual token identifier token -#define SPNEGO_CONSTRUCTED_SEQUENCE ( SEQUENCE | CONSTRUCTED ) - -// MechList Type Identifier -#define SPNEGO_MECHLIST_TYPE ( SEQUENCE | CONSTRUCTED | OID ) - -// -// NegTokenInit - Token Identifier and Elements -// - -// NegTokenInit - 0xa0 -#define SPNEGO_NEGINIT_TOKEN_IDENTIFIER ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_TOKEN_INIT ) - -// Structure elements for NegTokenInit -#define SPNEGO_NEGINIT_MECHTYPES 0x0 // MechTypes is element 0 -#define SPNEGO_NEGINIT_REQFLAGS 0x1 // ReqFlags is element 1 -#define SPNEGO_NEGINIT_MECHTOKEN 0x2 // MechToken is element 2 -#define SPNEGO_NEGINIT_MECHLISTMIC 0x3 // MechListMIC is element 3 - -// MechTypes element is 0xa0 -#define SPNEGO_NEGINIT_ELEMENT_MECHTYPES ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_NEGINIT_MECHTYPES ) - -// ReqFlags element is 0xa1 -#define SPNEGO_NEGINIT_ELEMENT_REQFLAGS ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_NEGINIT_REQFLAGS ) - -// MechToken element is 0xa2 -#define SPNEGO_NEGINIT_ELEMENT_MECHTOKEN ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_NEGINIT_MECHTOKEN ) - -// MechListMIC element is 0xa3 -#define SPNEGO_NEGINIT_ELEMENT_MECHLISTMIC ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_NEGINIT_MECHLISTMIC ) - -// -// NegTokenTarg - Token Identifier and Elements -// - -// NegTokenTarg - 0xa1 -#define SPNEGO_NEGTARG_TOKEN_IDENTIFIER ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_TOKEN_TARG ) - -// Structure elements for NegTokenTarg -#define SPNEGO_NEGTARG_NEGRESULT 0x0 // NegResult is element 0 -#define SPNEGO_NEGTARG_SUPPORTEDMECH 0x1 // SupportedMech is element 1 -#define SPNEGO_NEGTARG_RESPONSETOKEN 0x2 // ResponseToken is element 2 -#define SPNEGO_NEGTARG_MECHLISTMIC 0x3 // MechListMIC is element 3 - -// NegResult element is 0xa0 -#define SPNEGO_NEGTARG_ELEMENT_NEGRESULT ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_NEGTARG_NEGRESULT ) - -// SupportedMech element is 0xa1 -#define SPNEGO_NEGTARG_ELEMENT_SUPPORTEDMECH ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_NEGTARG_SUPPORTEDMECH ) - -// ResponseToken element is 0xa2 -#define SPNEGO_NEGTARG_ELEMENT_RESPONSETOKEN ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_NEGTARG_RESPONSETOKEN ) - -// MechListMIC element is 0xa3 -#define SPNEGO_NEGTARG_ELEMENT_MECHLISTMIC ( IDENTIFIER_CONTEXT_SPECIFIC | CONSTRUCTED | \ - SPNEGO_NEGTARG_MECHLISTMIC ) - -// -// Defines a GSS Mechanism OID. We keep a single static array -// of these which we'll use for validation/searches/parsing. -// - - typedef struct _mechOID { - unsigned char *ucOid; // Byte representation of OID - int iLen; // Length of the OID, length and identifier - int iActualDataLen; // Length of the actual OID - SPNEGO_MECH_OID eMechanismOID; // Which OID is this? - } MECH_OID; - - -// -// ASN Der functions -// - - int ASNDerGetLength(unsigned char *pbLengthData, long nBoundaryLength, - long *pnLength, long *pnNumLengthBytes); - int ASNDerCheckToken(unsigned char *pbTokenData, unsigned char nToken, - long nCheckLength, long nBoundaryLength, long *pnLength, - long *pnTokenLength); - int ASNDerCheckOID(unsigned char *pbTokenData, SPNEGO_MECH_OID nMechOID, - long nBoundaryLength, long *pnTokenLength); - int ASNDerCalcNumLengthBytes(long nLength); - long ASNDerCalcTokenLength(long nLength, long nDataLength); - long ASNDerCalcElementLength(long nDataLength, long *pnInternalLength); - long ASNDerCalcMechListLength(SPNEGO_MECH_OID mechoid, - long *pnInternalLength); - int ASNDerWriteLength(unsigned char *pbData, long nLength); - int ASNDerWriteToken(unsigned char *pbData, unsigned char ucType, - unsigned char *pbTokenValue, long nLength); - int ASNDerWriteOID(unsigned char *pbData, SPNEGO_MECH_OID eMechOID); - long ASNDerWriteMechList(unsigned char *pbData, SPNEGO_MECH_OID mechoid); - int ASNDerWriteElement(unsigned char *pbData, - unsigned char ucElementSequence, unsigned char ucType, - unsigned char *pbTokenValue, long nLength); - - - // C++ Specific -#if defined(__cplusplus) -} -#endif - -#endif diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/spnego.cc b/helpers/negotiate_auth/kerberos/spnegohelp/spnego.cc deleted file mode 100644 index 07fa846a68..0000000000 --- a/helpers/negotiate_auth/kerberos/spnegohelp/spnego.cc +++ /dev/null @@ -1,762 +0,0 @@ -// Copyright (C) 2002 Microsoft Corporation -// All rights reserved. -// -// THIS CODE AND INFORMATION IS PROVIDED "AS IS" -// WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -// OR IMPLIED, INCLUDING BUT NOT LIMITED -// TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY -// AND/OR FITNESS FOR A PARTICULAR PURPOSE. -// -// Date - 10/08/2002 -// Author - Sanj Surati - -///////////////////////////////////////////////////////////// -// -// SPNEGO.C -// -// SPNEGO Token Handler Source File -// -// Contains implementation of SPNEGO Token Handling API -// as defined in SPNEGO.H. -// -///////////////////////////////////////////////////////////// - -#include -#include -#include -#include "spnego.h" -#include "derparse.h" -#include "spnegoparse.h" - -// -// Defined in DERPARSE.C -// - -extern MECH_OID g_stcMechOIDList[]; - - -/**********************************************************************/ -/** **/ -/** **/ -/** **/ -/** **/ -/** SPNEGO Token Handler API implementation **/ -/** **/ -/** **/ -/** **/ -/** **/ -/**********************************************************************/ - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoInitFromBinary -// -// Parameters: -// [in] pbTokenData - Binary Token Data -// [in] ulLength - Length of binary Token Data -// [out] phSpnegoToken - SPNEGO_TOKEN_HANDLE pointer -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Initializes a SPNEGO_TOKEN_HANDLE from the supplied -// binary data. Data is copied locally. Returned data structure -// must be freed by calling spnegoFreeData(). -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoInitFromBinary(unsigned char *pbTokenData, unsigned long ulLength, - SPNEGO_TOKEN_HANDLE * phSpnegoToken) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - SPNEGO_TOKEN **ppSpnegoToken = (SPNEGO_TOKEN **) phSpnegoToken; - - // Pass off to a handler function that allows tighter control over how the token structure - // is handled. In this case, we want the token data copied and we want the associated buffer - // freed. - nReturn = InitTokenFromBinary(SPNEGO_TOKEN_INTERNAL_COPYDATA, - SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA, pbTokenData, - ulLength, ppSpnegoToken); - - LOG(("spnegoInitFromBinary returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoCreateNegTokenInit -// -// Parameters: -// [in] MechType - MechType to specify in MechTypeList element -// [in] ucContextFlags - Context Flags element value -// [in] pbMechToken - Pointer to binary MechToken Data -// [in] ulMechTokenLen - Length of MechToken Data -// [in] pbMechListMIC - Pointer to binary MechListMIC Data -// [in] ulMechListMICLen - Length of MechListMIC Data -// [out] phSpnegoToken - SPNEGO_TOKEN_HANDLE pointer -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Initializes a SPNEGO_TOKEN_HANDLE for a NegTokenInit type -// from the supplied parameters. ucContextFlags may be 0 or must be -// a valid flag combination. MechToken data can be NULL - if not, it -// must correspond to the MechType. MechListMIC can also be NULL. -// Returned data structure must be freed by calling spnegoFreeData(). -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoCreateNegTokenInit(SPNEGO_MECH_OID MechType, - unsigned char ucContextFlags, unsigned char *pbMechToken, - unsigned long ulMechTokenLen, unsigned char *pbMechListMIC, - unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE * phSpnegoToken) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - long nTokenLength = 0L; - long nInternalTokenLength = 0L; - unsigned char *pbTokenData = NULL; - SPNEGO_TOKEN **ppSpnegoToken = (SPNEGO_TOKEN **) phSpnegoToken; - - if (NULL != ppSpnegoToken && - IsValidMechOid(MechType) && IsValidContextFlags(ucContextFlags)) { - // Get the actual token size - - if ((nReturn = - CalculateMinSpnegoInitTokenSize(ulMechTokenLen, - ulMechListMICLen, MechType, (ucContextFlags != 0L), - &nTokenLength, &nInternalTokenLength)) - == SPNEGO_E_SUCCESS) { - // Allocate a buffer to hold the data. - pbTokenData = static_cast(calloc(1, nTokenLength)); - - if (NULL != pbTokenData) { - - // Now write the token - if ((nReturn = CreateSpnegoInitToken(MechType, - ucContextFlags, pbMechToken, - ulMechTokenLen, pbMechListMIC, - ulMechListMICLen, pbTokenData, - nTokenLength, nInternalTokenLength)) - == SPNEGO_E_SUCCESS) { - - // This will copy our allocated pointer, and ensure that the sructure cleans - // up the data later - nReturn = InitTokenFromBinary(SPNEGO_TOKEN_INTERNAL_COPYPTR, - SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA, - pbTokenData, nTokenLength, ppSpnegoToken); - - } - // Cleanup on failure - if (SPNEGO_E_SUCCESS != nReturn) { - free(pbTokenData); - } - - } // IF alloc succeeded - else { - nReturn = SPNEGO_E_OUT_OF_MEMORY; - } - - } // If calculated token size - - } // IF Valid Parameters - - LOG(("spnegoCreateNegTokenInit returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoCreateNegTokenTarg -// -// Parameters: -// [in] MechType - MechType to specify in supported MechType element -// [in] spnegoNegResult - NegResult value -// [in] pbMechToken - Pointer to response MechToken Data -// [in] ulMechTokenLen - Length of MechToken Data -// [in] pbMechListMIC - Pointer to binary MechListMIC Data -// [in] ulMechListMICLen - Length of MechListMIC Data -// [out] phSpnegoToken - SPNEGO_TOKEN_HANDLE pointer -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Initializes a SPNEGO_TOKEN_HANDLE for a NegTokenTarg type -// from the supplied parameters. MechToken data can be NULL - if not, -// it must correspond to the MechType. MechListMIC can also be NULL. -// Returned data structure must be freed by calling spnegoFreeData(). -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoCreateNegTokenTarg(SPNEGO_MECH_OID MechType, - SPNEGO_NEGRESULT spnegoNegResult, unsigned char *pbMechToken, - unsigned long ulMechTokenLen, unsigned char *pbMechListMIC, - unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE * phSpnegoToken) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - long nTokenLength = 0L; - long nInternalTokenLength = 0L; - unsigned char *pbTokenData = NULL; - SPNEGO_TOKEN **ppSpnegoToken = (SPNEGO_TOKEN **) phSpnegoToken; - - // - // spnego_mech_oid_NotUsed and spnego_negresult_NotUsed - // are okay here, however a valid MechOid is required - // if spnego_negresult_success or spnego_negresult_incomplete - // is specified. - // - - if (NULL != ppSpnegoToken && - (IsValidMechOid(MechType) || - spnego_mech_oid_NotUsed == MechType) && - (IsValidNegResult(spnegoNegResult) || - spnego_negresult_NotUsed == spnegoNegResult) && - !(!IsValidMechOid(MechType) && - (spnego_negresult_success == spnegoNegResult || - spnego_negresult_incomplete == spnegoNegResult))) { - - // Get the actual token size - - if ((nReturn = - CalculateMinSpnegoTargTokenSize(MechType, spnegoNegResult, - ulMechTokenLen, ulMechListMICLen, &nTokenLength, - &nInternalTokenLength)) - == SPNEGO_E_SUCCESS) { - // Allocate a buffer to hold the data. - pbTokenData = static_cast(calloc(1, nTokenLength)); - - if (NULL != pbTokenData) { - - // Now write the token - if ((nReturn = CreateSpnegoTargToken(MechType, - spnegoNegResult, pbMechToken, - ulMechTokenLen, pbMechListMIC, - ulMechListMICLen, pbTokenData, - nTokenLength, nInternalTokenLength)) - == SPNEGO_E_SUCCESS) { - - // This will copy our allocated pointer, and ensure that the sructure cleans - // up the data later - nReturn = InitTokenFromBinary(SPNEGO_TOKEN_INTERNAL_COPYPTR, - SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA, - pbTokenData, nTokenLength, ppSpnegoToken); - - } - // Cleanup on failure - if (SPNEGO_E_SUCCESS != nReturn) { - free(pbTokenData); - } - - } // IF alloc succeeded - else { - nReturn = SPNEGO_E_OUT_OF_MEMORY; - } - - } // If calculated token size - - } // IF Valid Parameters - - LOG(("spnegoCreateNegTokenTarg returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoTokenGetBinary -// -// Parameters: -// [in] hSpnegoToken - Initialized SPNEGO_TOKEN_HANDLE -// [out] pbTokenData - Buffer to copy token into -// [in/out] pulDataLen - Length of pbTokenData buffer, filled out -// with actual size used upon function return. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Copies binary SPNEGO token data from hSpnegoToken into the user -// supplied buffer. If pbTokenData is NULL, or the value in pulDataLen -// is too small, the function will return SPNEGO_E_BUFFER_TOO_SMALL and -// fill out pulDataLen with the minimum required buffer size. -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoTokenGetBinary(SPNEGO_TOKEN_HANDLE hSpnegoToken, - unsigned char *pbTokenData, unsigned long *pulDataLen) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - SPNEGO_TOKEN *pSpnegoToken = (SPNEGO_TOKEN *) hSpnegoToken; - - // Check parameters - pbTokenData is optional - if (IsValidSpnegoToken(pSpnegoToken) && NULL != pulDataLen) { - - // Check for Buffer too small conditions - if (NULL == pbTokenData || pSpnegoToken->ulBinaryDataLen > *pulDataLen) { - *pulDataLen = pSpnegoToken->ulBinaryDataLen; - nReturn = SPNEGO_E_BUFFER_TOO_SMALL; - } else { - memcpy(pbTokenData, pSpnegoToken->pbBinaryData, - pSpnegoToken->ulBinaryDataLen); - *pulDataLen = pSpnegoToken->ulBinaryDataLen; - nReturn = SPNEGO_E_SUCCESS; - } - - } // IF parameters OK - - LOG(("spnegoTokenGetBinary returned %d\n", nReturn)); - return nReturn;; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoFreeData -// -// Parameters: -// [in] hSpnegoToken - Initialized SPNEGO_TOKEN_HANDLE -// -// Returns: -// void -// -// Comments : -// Frees up resources consumed by hSpnegoToken. The supplied data -// pointer is invalidated by this function. -// -//////////////////////////////////////////////////////////////////////////// - -void -spnegoFreeData(SPNEGO_TOKEN_HANDLE hSpnegoToken) -{ - FreeSpnegoToken((SPNEGO_TOKEN *) hSpnegoToken); - return; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoGetTokenType -// -// Parameters: -// [in] hSpnegoToken - Initialized SPNEGO_TOKEN_HANDLE -// [out] piTokenType - Filled out with token type value. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// The function will analyze hSpnegoToken and return the appropriate -// type in piTokenType. -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoGetTokenType(SPNEGO_TOKEN_HANDLE hSpnegoToken, int *piTokenType) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - SPNEGO_TOKEN *pSpnegoToken = (SPNEGO_TOKEN *) hSpnegoToken; - - // Check parameters - if (IsValidSpnegoToken(pSpnegoToken) && NULL != piTokenType && pSpnegoToken) { - - // Check that the type in the structure makes sense - if (SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType || - SPNEGO_TOKEN_TARG == pSpnegoToken->ucTokenType) { - *piTokenType = pSpnegoToken->ucTokenType; - nReturn = SPNEGO_E_SUCCESS; - } - - } // IF parameters OK - - LOG(("spnegoGetTokenType returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoIsMechTypeAvailable -// -// Parameters: -// [in] hSpnegoToken - Initialized SPNEGO_TOKEN_HANDLE -// [in] MechOID - MechOID to search MechTypeList for -// [out] piMechTypeIndex - Filled out with index in MechTypeList -// element if MechOID is found. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// hSpnegoToken must reference a token of type NegTokenInit. The -// function will search the MechTypeList element for an OID corresponding -// to the specified MechOID. If one is found, the index (0 based) will -// be passed into the piMechTypeIndex parameter. -// -//////////////////////////////////////////////////////////////////////////// - -// Returns the Initial Mech Type in the MechList element in the NegInitToken. -int -spnegoIsMechTypeAvailable(SPNEGO_TOKEN_HANDLE hSpnegoToken, - SPNEGO_MECH_OID MechOID, int *piMechTypeIndex) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - SPNEGO_TOKEN *pSpnegoToken = (SPNEGO_TOKEN *) hSpnegoToken; - - // Check parameters - if (IsValidSpnegoToken(pSpnegoToken) && - NULL != piMechTypeIndex && - IsValidMechOid(MechOID) && - SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType) { - - // Check if MechList is available - if (pSpnegoToken->aElementArray[SPNEGO_INIT_MECHTYPES_ELEMENT]. - iElementPresent == SPNEGO_TOKEN_ELEMENT_AVAILABLE) { - // Locate the MechOID in the list element - nReturn = - FindMechOIDInMechList(&pSpnegoToken-> - aElementArray[SPNEGO_INIT_MECHTYPES_ELEMENT], MechOID, - piMechTypeIndex); - } else { - nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE; - } - - } // IF parameters OK - - LOG(("spnegoIsMechTypeAvailable returned %d\n", nReturn)); - return nReturn;; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoGetContextFlags -// -// Parameters: -// [in] hSpnegoToken - Initialized SPNEGO_TOKEN_HANDLE -// [out] pucContextFlags - Filled out with ContextFlags value. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// hSpnegoToken must reference a token of type NegTokenInit. The -// function will copy data from the ContextFlags element into the -// location pucContextFlags points to. Note that the function will -// fail if the actual ContextFlags data appears invalid. -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoGetContextFlags(SPNEGO_TOKEN_HANDLE hSpnegoToken, - unsigned char *pucContextFlags) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - SPNEGO_TOKEN *pSpnegoToken = (SPNEGO_TOKEN *) hSpnegoToken; - - // Check parameters - if (IsValidSpnegoToken(pSpnegoToken) && - NULL != pucContextFlags && - SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType) { - - // Check if ContextFlags is available - if (pSpnegoToken->aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT]. - iElementPresent == SPNEGO_TOKEN_ELEMENT_AVAILABLE) { - // The length should be two, the value should show a 1 bit difference in the difference byte, and - // the value must be valid - if (pSpnegoToken->aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT]. - nDatalength == SPNEGO_NEGINIT_MAXLEN_REQFLAGS - && pSpnegoToken->aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT]. - pbData[0] == SPNEGO_NEGINIT_REQFLAGS_BITDIFF - && IsValidContextFlags(pSpnegoToken-> - aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT].pbData[1])) { - *pucContextFlags = - pSpnegoToken->aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT]. - pbData[1]; - nReturn = SPNEGO_E_SUCCESS; - } else { - nReturn = SPNEGO_E_INVALID_ELEMENT; - } - - } else { - nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE; - } - - } // IF parameters OK - - LOG(("spnegoGetContextFlags returned %d\n", nReturn)); - return nReturn;; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoGetNegotiationResult -// -// Parameters: -// [in] hSpnegoToken - Initialized SPNEGO_TOKEN_HANDLE -// [out] pnegResult - Filled out with NegResult value. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// hSpnegoToken must reference a token of type NegTokenTarg. The -// function will copy data from the NegResult element into the -// location pointed to by pnegResult. Note that the function will -// fail if the actual NegResult data appears invalid. -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoGetNegotiationResult(SPNEGO_TOKEN_HANDLE hSpnegoToken, - SPNEGO_NEGRESULT * pnegResult) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - SPNEGO_TOKEN *pSpnegoToken = (SPNEGO_TOKEN *) hSpnegoToken; - - // Check parameters - if (IsValidSpnegoToken(pSpnegoToken) && - NULL != pnegResult && SPNEGO_TOKEN_TARG == pSpnegoToken->ucTokenType) { - - // Check if NegResult is available - if (pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].iElementPresent == SPNEGO_TOKEN_ELEMENT_AVAILABLE) { - // Must be 1 byte long and a valid value - if (pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].nDatalength == SPNEGO_NEGTARG_MAXLEN_NEGRESULT - && IsValidNegResult(static_cast(*pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].pbData))) { - *pnegResult = static_cast(*pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].pbData); - nReturn = SPNEGO_E_SUCCESS; - } else { - nReturn = SPNEGO_E_INVALID_ELEMENT; - } - } else { - nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE; - } - - } // IF parameters OK - - LOG(("spnegoGetNegotiationResult returned %d\n", nReturn)); - return nReturn;; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoGetSupportedMechType -// -// Parameters: -// [in] hSpnegoToken - Initialized SPNEGO_TOKEN_HANDLE -// [out] pMechOID - Filled out with Supported MechType value. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// hSpnegoToken must reference a token of type NegTokenTarg. The -// function will check the Supported MechType element, and if it -// corresponds to a supported MechType ( spnego_mech_oid_Kerberos_V5_Legacy -// or spnego_mech_oid_Kerberos_V5 ), will set the location pointed -// to by pMechOID equal to the appropriate value. -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoGetSupportedMechType(SPNEGO_TOKEN_HANDLE hSpnegoToken, - SPNEGO_MECH_OID * pMechOID) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - int nCtr = 0L; - long nLength = 0L; - SPNEGO_TOKEN *pSpnegoToken = (SPNEGO_TOKEN *) hSpnegoToken; - - // Check parameters - if (IsValidSpnegoToken(pSpnegoToken) && - NULL != pMechOID && SPNEGO_TOKEN_TARG == pSpnegoToken->ucTokenType) { - - // Check if MechList is available - if (pSpnegoToken->aElementArray[SPNEGO_TARG_SUPPMECH_ELEMENT]. - iElementPresent == SPNEGO_TOKEN_ELEMENT_AVAILABLE) { - - for (nCtr = 0; - nReturn != SPNEGO_E_SUCCESS && - g_stcMechOIDList[nCtr].eMechanismOID != spnego_mech_oid_NotUsed; - nCtr++) { - - if ((nReturn = - ASNDerCheckOID(pSpnegoToken-> - aElementArray[SPNEGO_TARG_SUPPMECH_ELEMENT].pbData, - static_cast(nCtr), - pSpnegoToken-> - aElementArray[SPNEGO_TARG_SUPPMECH_ELEMENT]. - nDatalength, &nLength)) == SPNEGO_E_SUCCESS) { - *pMechOID = static_cast(nCtr); - } - - } // For enum MechOIDs - - } else { - nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE; - } - - } // IF parameters OK - - LOG(("spnegoGetSupportedMechType returned %d\n", nReturn)); - return nReturn;; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoTokenGetMechToken -// -// Parameters: -// [in] hSpnegoToken - Initialized SPNEGO_TOKEN_HANDLE -// [out] pbTokenData - Buffer to copy MechToken into -// [in/out] pulDataLen - Length of pbTokenData buffer, filled out -// with actual size used upon function return. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// hSpnegoToken can point to either NegTokenInit or a NegTokenTarg token. -// The function will copy the MechToken (the initial MechToken if -// NegTokenInit, the response MechToken if NegTokenTarg) from the -// underlying token into the buffer pointed to by pbTokenData. If -// pbTokenData is NULL, or the value in pulDataLen is too small, the -// function will return SPNEGO_E_BUFFER_TOO_SMALL and fill out pulDataLen -// with the minimum required buffer size. The token can then be passed -// to a GSS-API function for processing. -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoGetMechToken(SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char *pbTokenData, - unsigned long *pulDataLen) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - SPNEGO_TOKEN *pSpnegoToken = (SPNEGO_TOKEN *) hSpnegoToken; - SPNEGO_ELEMENT *pSpnegoElement = NULL; - - // Check parameters - if (IsValidSpnegoToken(pSpnegoToken) && NULL != pulDataLen) { - - // Point at the proper Element - if (SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType) { - pSpnegoElement = - &pSpnegoToken->aElementArray[SPNEGO_INIT_MECHTOKEN_ELEMENT]; - } else { - pSpnegoElement = - &pSpnegoToken->aElementArray[SPNEGO_TARG_RESPTOKEN_ELEMENT]; - } - - // Check if MechType is available - if (SPNEGO_TOKEN_ELEMENT_AVAILABLE == pSpnegoElement->iElementPresent) { - // Check for Buffer too small conditions - if (NULL == pbTokenData || - pSpnegoElement->nDatalength > *pulDataLen) { - *pulDataLen = pSpnegoElement->nDatalength; - nReturn = SPNEGO_E_BUFFER_TOO_SMALL; - } else { - // Copy Memory - memcpy(pbTokenData, pSpnegoElement->pbData, - pSpnegoElement->nDatalength); - *pulDataLen = pSpnegoElement->nDatalength; - nReturn = SPNEGO_E_SUCCESS; - } - } else { - nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE; - } - - } // IF parameters OK - - LOG(("spnegoGetMechToken returned %d\n", nReturn)); - return nReturn;; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// spnegoTokenGetMechListMIC -// -// Parameters: -// [in] hSpnegoToken - Initialized SPNEGO_TOKEN_HANDLE -// [out] pbTokenData - Buffer to copy MechListMIC data into -// [in/out] pulDataLen - Length of pbTokenData buffer, filled out -// with actual size used upon function return. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// hSpnegoToken can point to either NegTokenInit or a NegTokenTarg token. -// The function will copy the MechListMIC data from the underlying token -// into the buffer pointed to by pbTokenData. If pbTokenData is NULL, -// or the value in pulDataLen is too small, the function will return -// SPNEGO_E_BUFFER_TOO_SMALL and fill out pulDataLen with the minimum -// required buffer size. -// -//////////////////////////////////////////////////////////////////////////// - -int -spnegoGetMechListMIC(SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char *pbMICData, - unsigned long *pulDataLen) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - SPNEGO_TOKEN *pSpnegoToken = (SPNEGO_TOKEN *) hSpnegoToken; - SPNEGO_ELEMENT *pSpnegoElement = NULL; - - // Check parameters - if (IsValidSpnegoToken(pSpnegoToken) && NULL != pulDataLen) { - - // Point at the proper Element - if (SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType) { - pSpnegoElement = - &pSpnegoToken->aElementArray[SPNEGO_INIT_MECHLISTMIC_ELEMENT]; - } else { - pSpnegoElement = - &pSpnegoToken->aElementArray[SPNEGO_TARG_MECHLISTMIC_ELEMENT]; - } - - // Check if MechType is available - if (SPNEGO_TOKEN_ELEMENT_AVAILABLE == pSpnegoElement->iElementPresent) { - // Check for Buffer too small conditions - if (NULL == pbMICData || pSpnegoElement->nDatalength > *pulDataLen) { - *pulDataLen = pSpnegoElement->nDatalength; - nReturn = SPNEGO_E_BUFFER_TOO_SMALL; - } else { - // Copy Memory - memcpy(pbMICData, pSpnegoElement->pbData, - pSpnegoElement->nDatalength); - *pulDataLen = pSpnegoElement->nDatalength; - nReturn = SPNEGO_E_SUCCESS; - } - } else { - nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE; - } - - } // IF parameters OK - - LOG(("spnegoGetMechListMIC returned %d\n", nReturn)); - return nReturn;; -} diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/spnego.h b/helpers/negotiate_auth/kerberos/spnegohelp/spnego.h deleted file mode 100644 index e034ecb2de..0000000000 --- a/helpers/negotiate_auth/kerberos/spnegohelp/spnego.h +++ /dev/null @@ -1,251 +0,0 @@ -// Copyright (C) 2002 Microsoft Corporation -// All rights reserved. -// -// THIS CODE AND INFORMATION IS PROVIDED "AS IS" -// WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -// OR IMPLIED, INCLUDING BUT NOT LIMITED -// TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY -// AND/OR FITNESS FOR A PARTICULAR PURPOSE. -// -// Date - 10/08/2002 -// Author - Sanj Surati - -///////////////////////////////////////////////////////////// -// -// SPNEGO.H -// -// SPNEGO Token Handler Header File -// -// Contains the definitions required to interpret and create -// SPNEGO tokens so that Kerberos GSS tokens can be -// Unpackaged/packaged. -// -///////////////////////////////////////////////////////////// - -#ifndef __SPNEGO_H__ -#define __SPNEGO_H__ - -// C++ Specific -#if defined(__cplusplus) -extern "C" { -#endif - -// Type Definitions - -// -// Users of SPNEGO Token Handler API will request -// these as well as free them, -// - typedef void *SPNEGO_TOKEN_HANDLE; - -// -// Defines the element types that are found -// in each of the tokens. -// - - typedef enum spnego_element_type - { - spnego_element_min, // Lower bound - - // Init token elements - spnego_init_mechtypes, - spnego_init_reqFlags, - spnego_init_mechToken, - spnego_init_mechListMIC, - - // Targ token elements - spnego_targ_negResult, - spnego_targ_supportedMech, - spnego_targ_responseToken, - spnego_targ_mechListMIC, - - spnego_element_max // Upper bound - } SPNEGO_ELEMENT_TYPE; - -// -// Token Element Availability. Elements in both -// token types are optional. Since there are only -// 4 elements in each Token, we will allocate space -// to hold the information, but we need a way to -// indicate whether or not an element is available -// - -#define SPNEGO_TOKEN_ELEMENT_UNAVAILABLE 0 -#define SPNEGO_TOKEN_ELEMENT_AVAILABLE 1 - -// -// Token type values. SPNEGO has 2 token types: -// NegTokenInit and NegTokenTarg -// - -#define SPNEGO_TOKEN_INIT 0 -#define SPNEGO_TOKEN_TARG 1 - -// -// GSS Mechanism OID enumeration. We only really handle -// 3 different OIDs. These are stored in an array structure -// defined in the parsing code. -// - - typedef enum spnego_mech_oid - { - // Init token elements - spnego_mech_oid_Kerberos_V5_Legacy, // Really V5, but OID off by 1 bit - spnego_mech_oid_Kerberos_V5, - spnego_mech_oid_Spnego, - spnego_mech_oid_NotUsed = -1 - } SPNEGO_MECH_OID; - -// -// Defines the negResult values. -// - - typedef enum spnego_negResult - { - spnego_negresult_success, - spnego_negresult_incomplete, - spnego_negresult_rejected, - spnego_negresult_NotUsed = -1 - } SPNEGO_NEGRESULT; - -// -// Context Flags in NegTokenInit -// - -// -// ContextFlags values MUST be zero or a combination -// of the below -// - -#define SPNEGO_NEGINIT_CONTEXT_DELEG_FLAG 0x80 -#define SPNEGO_NEGINIT_CONTEXT_MUTUAL_FLAG 0x40 -#define SPNEGO_NEGINIT_CONTEXT_REPLAY_FLAG 0x20 -#define SPNEGO_NEGINIT_CONTEXT_SEQUENCE_FLAG 0x10 -#define SPNEGO_NEGINIT_CONTEXT_ANON_FLAG 0x8 -#define SPNEGO_NEGINIT_CONTEXT_CONF_FLAG 0x4 -#define SPNEGO_NEGINIT_CONTEXT_INTEG_FLAG 0x2 - -// -// Mask to retrieve valid values. -// - -#define SPNEGO_NEGINIT_CONTEXT_MASK 0xFE // Logical combination of above flags - -// -// SPNEGO API return codes. -// - -// API function was successful -#define SPNEGO_E_SUCCESS 0 - -// The supplied Token was invalid -#define SPNEGO_E_INVALID_TOKEN -1 - -// An invalid length was encountered -#define SPNEGO_E_INVALID_LENGTH -2 - -// The Token Parse failed -#define SPNEGO_E_PARSE_FAILED -3 - -// The requested value was not found -#define SPNEGO_E_NOT_FOUND -4 - -// The requested element is not available -#define SPNEGO_E_ELEMENT_UNAVAILABLE -5 - -// Out of Memory -#define SPNEGO_E_OUT_OF_MEMORY -6 - -// Not Implemented -#define SPNEGO_E_NOT_IMPLEMENTED -7 - -// Invalid Parameter -#define SPNEGO_E_INVALID_PARAMETER -8 - -// Token Handler encountered an unexpected OID -#define SPNEGO_E_UNEXPECTED_OID -9 - -// The requested token was not found -#define SPNEGO_E_TOKEN_NOT_FOUND -10 - -// An unexpected type was encountered in the encoding -#define SPNEGO_E_UNEXPECTED_TYPE -11 - -// The buffer was too small -#define SPNEGO_E_BUFFER_TOO_SMALL -12 - -// A Token Element was invalid (e.g. improper length or value) -#define SPNEGO_E_INVALID_ELEMENT -13 - - /* Miscelaneous API Functions */ - -// Frees opaque data - void spnegoFreeData(SPNEGO_TOKEN_HANDLE hSpnegoToken); - -// Initializes SPNEGO_TOKEN structure from DER encoded binary data - int spnegoInitFromBinary(unsigned char *pbTokenData, unsigned long ulLength, - SPNEGO_TOKEN_HANDLE * phSpnegoToken); - -// Initializes SPNEGO_TOKEN structure for a NegTokenInit type using the -// supplied parameters - int spnegoCreateNegTokenInit(SPNEGO_MECH_OID MechType, - unsigned char ucContextFlags, unsigned char *pbMechToken, - unsigned long ulMechTokenLen, unsigned char *pbMechTokenMIC, - unsigned long ulMechTokenMIC, SPNEGO_TOKEN_HANDLE * phSpnegoToken); - -// Initializes SPNEGO_TOKEN structure for a NegTokenTarg type using the -// supplied parameters - int spnegoCreateNegTokenTarg(SPNEGO_MECH_OID MechType, - SPNEGO_NEGRESULT spnegoNegResult, unsigned char *pbMechToken, - unsigned long ulMechTokenLen, unsigned char *pbMechListMIC, - unsigned long ulMechListMICLen, SPNEGO_TOKEN_HANDLE * phSpnegoToken); - -// Copies binary representation of SPNEGO Data into user supplied buffer - int spnegoTokenGetBinary(SPNEGO_TOKEN_HANDLE hSpnegoToken, - unsigned char *pbTokenData, unsigned long *pulDataLen); - -// Returns SPNEGO Token Type - int spnegoGetTokenType(SPNEGO_TOKEN_HANDLE hSpnegoToken, int *piTokenType); - - /* Reading an Init Token */ - -// Returns the Initial Mech Type in the MechList element in the NegInitToken. - int spnegoIsMechTypeAvailable(SPNEGO_TOKEN_HANDLE hSpnegoToken, - SPNEGO_MECH_OID MechOID, int *piMechTypeIndex); - -// Returns the value from the context flags element in the NegInitToken as an unsigned long - int spnegoGetContextFlags(SPNEGO_TOKEN_HANDLE hSpnegoToken, - unsigned char *pucContextFlags); - - /* Reading a Response Token */ - -// Returns the value from the negResult element (Status code of GSS call - 0,1,2) - int spnegoGetNegotiationResult(SPNEGO_TOKEN_HANDLE hSpnegoToken, - SPNEGO_NEGRESULT * pnegResult); - -// Returns the Supported Mech Type from the NegTokenTarg. - int spnegoGetSupportedMechType(SPNEGO_TOKEN_HANDLE hSpnegoToken, - SPNEGO_MECH_OID * pMechOID); - - /* Reading either Token Type */ - -// Returns the actual Mechanism data from the token (this is what is passed into GSS-API functions - int spnegoGetMechToken(SPNEGO_TOKEN_HANDLE hSpnegoToken, - unsigned char *pbTokenData, unsigned long *pulDataLen); - -// Returns the Message Integrity BLOB in the token - int spnegoGetMechListMIC(SPNEGO_TOKEN_HANDLE hSpnegoToken, - unsigned char *pbMICData, unsigned long *pulDataLen); - -// C++ Specific -#if defined(__cplusplus) -} -#endif -#ifdef DEBUG -#include -#define PRERR(...) fprintf(stderr, __VA_ARGS__) -#define LOG(x) PRERR x -#else -#define LOG(x) -#endif -#endif diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.cc b/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.cc deleted file mode 100644 index 49add97d3e..0000000000 --- a/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.cc +++ /dev/null @@ -1,231 +0,0 @@ -/* ----------------------------------------------------------------------------- - * spnegohelp.c defines RFC 2478 SPNEGO GSS-API mechanism APIs. - * - * Author: Frank Balluffi - * - * Copyright (C) 2002-2003 All rights reserved. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. - * - * ----------------------------------------------------------------------------- - */ - -#include "spnegohelp.h" -#include "spnego.h" - -#include - -int -makeNegTokenTarg(const unsigned char *kerberosToken, - size_t kerberosTokenLength, - const unsigned char **negTokenTarg, size_t * negTokenTargLength) -{ - SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL; - int rc1 = 1; - int rc2 = SPNEGO_E_SUCCESS; - - /* Check arguments. */ - - if (!kerberosToken || !negTokenTarg || !negTokenTargLength) - return 10; - - /* Does IIS reply with 1.2.840.48018.1.2.2 or 1.2.840.113554.1.2.2? */ - - /* Does IIS always reply with accept_completed? */ - - /* IIS does not include a MIC. */ - - rc2 = spnegoCreateNegTokenTarg(spnego_mech_oid_Kerberos_V5_Legacy, - spnego_negresult_success, - (unsigned char *) kerberosToken, - kerberosTokenLength, NULL, 0, &hSpnegoToken); - - if (rc2 != SPNEGO_E_SUCCESS) { - rc1 = abs(rc2) + 100; - goto cleanup; - } - - /* Get NegTokenTarg length. */ - - rc2 = spnegoTokenGetBinary(hSpnegoToken, - NULL, (unsigned long *) negTokenTargLength); - - if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL) { - rc1 = abs(rc2) + 200; - goto cleanup; - } - - *negTokenTarg = static_cast(malloc(*negTokenTargLength)); - - if (!*negTokenTarg) { - rc1 = abs(rc2) + 300; - goto cleanup; - } - - /* Get NegTokenTarg data. */ - - rc2 = spnegoTokenGetBinary(hSpnegoToken, - (unsigned char *) *negTokenTarg, (unsigned long *) negTokenTargLength); - - - if (rc2 != SPNEGO_E_SUCCESS) { - rc1 = abs(rc2) + 400; - goto error; - } - - rc1 = 0; - - goto cleanup; - -error: - - if (*negTokenTarg) { - free((unsigned char *) *negTokenTarg); - *negTokenTarg = NULL; - *negTokenTargLength = 0; - } - -cleanup: - - if (hSpnegoToken) - spnegoFreeData(hSpnegoToken); - - LOG(("makeNegTokenTarg returned %d\n", rc1)); - return rc1; -} - -int -parseNegTokenInit(const unsigned char *negTokenInit, - size_t negTokenInitLength, - const unsigned char **kerberosToken, size_t * kerberosTokenLength) -{ - SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL; - int pindex = -1; - int rc1 = 1; - int rc2 = SPNEGO_E_SUCCESS; - unsigned char reqFlags = 0; - int tokenType = 0; - - /* Check arguments. */ - - if (!negTokenInit || !kerberosToken || !kerberosTokenLength) - return 10; - - /* Decode SPNEGO token. */ - - rc2 = spnegoInitFromBinary((unsigned char *) negTokenInit, - negTokenInitLength, &hSpnegoToken); - - if (rc2 != SPNEGO_E_SUCCESS) { - rc1 = abs(rc2) + 100; - goto cleanup; - } - - /* Check for negTokenInit choice. */ - - rc2 = spnegoGetTokenType(hSpnegoToken, &tokenType); - - if (rc2 != SPNEGO_E_SUCCESS) { - rc1 = abs(rc2) + 200; - goto cleanup; - } - - if (tokenType != SPNEGO_TOKEN_INIT) { - rc1 = abs(rc2) + 300; - goto cleanup; - } - - /* - * Check that first mechType is 1.2.840.113554.1.2.2 or 1.2.840.48018.1.2.2. - */ - - /* - * IE seems to reply with 1.2.840.48018.1.2.2 and then 1.2.840.113554.1.2.2. - */ - - rc2 = spnegoIsMechTypeAvailable(hSpnegoToken, - spnego_mech_oid_Kerberos_V5_Legacy, &pindex); - - if (rc2 != SPNEGO_E_SUCCESS || pindex != 0) { - rc2 = spnegoIsMechTypeAvailable(hSpnegoToken, - spnego_mech_oid_Kerberos_V5, &pindex); - - if (rc2 != SPNEGO_E_SUCCESS || pindex != 0) { - rc1 = abs(rc2) + 400; - goto cleanup; - } - } - - /* Check for no reqFlags. */ - - /* Does IE ever send reqFlags? */ - - rc2 = spnegoGetContextFlags(hSpnegoToken, &reqFlags); - - if (rc2 == SPNEGO_E_SUCCESS) { - rc1 = abs(rc2) + 500; - goto cleanup; - } - - /* Get mechanism token length. */ - - rc2 = spnegoGetMechToken(hSpnegoToken, - NULL, (unsigned long *) kerberosTokenLength); - - if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL) { - rc1 = abs(rc2) + 600; - goto cleanup; - } - - *kerberosToken = static_cast(malloc(*kerberosTokenLength)); - - if (!*kerberosToken) { - rc1 = abs(rc2) + 700; - goto cleanup; - } - - /* Get mechanism token data. */ - - rc2 = spnegoGetMechToken(hSpnegoToken, - (unsigned char *) *kerberosToken, - (unsigned long *) kerberosTokenLength); - - if (rc2 != SPNEGO_E_SUCCESS) { - rc1 = abs(rc2) + 800; - goto error; - } - - /* According to Microsoft, IE does not send a MIC. */ - - rc1 = 0; - - goto cleanup; - -error: - - if (*kerberosToken) { - free((unsigned char *) *kerberosToken); - *kerberosToken = NULL; - *kerberosTokenLength = 0; - } - -cleanup: - - if (hSpnegoToken) - spnegoFreeData(hSpnegoToken); - - LOG(("parseNegTokenInit returned %d\n", rc1)); - return rc1; -} diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.h b/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.h deleted file mode 100644 index 81af6537e5..0000000000 --- a/helpers/negotiate_auth/kerberos/spnegohelp/spnegohelp.h +++ /dev/null @@ -1,56 +0,0 @@ -/* ----------------------------------------------------------------------------- - * spnegohelp.c declares RFC 2478 SPNEGO GSS-API mechanism APIs. - * - * Author: Frank Balluffi - * - * Copyright (C) 2002-2003. All rights reserved. - * ----------------------------------------------------------------------------- - */ - -#ifndef SPNEGOHELP_H -#define SPNEGOHELP_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include - - /* ----------------------------------------------------------------------------- - * makeNegTokenTarg makes an RFC 2478 SPNEGO NegTokenTarg (token) from an - * RFC 1964 Kerberos GSS-API token. - * - * If makeNegTokenTarg is successful, call free (*negTokenTarg) to free the - * memory allocated by parseNegTokenInit. - * - * Returns 0 if successful, 1 otherwise. - * ----------------------------------------------------------------------------- - */ - - int makeNegTokenTarg(const unsigned char *kerberosToken, - size_t kerberosTokenLength, - const unsigned char **negTokenTarg, size_t * negTokenTargLength); - - /* ----------------------------------------------------------------------------- - * parseNegTokenInit parses an RFC 2478 SPNEGO NegTokenInit (token) to extract - * an RFC 1964 Kerberos GSS-API token. - * - * If the NegTokenInit does cotain a Kerberos GSS-API token, parseNegTokenInit - * returns an error. - * - * If parseNegTokenInit is successful, call free (*kerberosToken) to - * free the memory allocated by parseNegTokenInit. - * - * Returns 0 if successful, 1 otherwise. - * ----------------------------------------------------------------------------- - */ - - int parseNegTokenInit(const unsigned char *negTokenInit, - size_t negTokenInitLength, - const unsigned char **kerberosToken, size_t * kerberosTokenLength); - -#ifdef __cplusplus -} -#endif - -#endif /* SPNEGOHELP_H */ diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/spnegoparse.cc b/helpers/negotiate_auth/kerberos/spnegohelp/spnegoparse.cc deleted file mode 100644 index 3966e74e0a..0000000000 --- a/helpers/negotiate_auth/kerberos/spnegohelp/spnegoparse.cc +++ /dev/null @@ -1,1834 +0,0 @@ -// Copyright (C) 2002 Microsoft Corporation -// All rights reserved. -// -// THIS CODE AND INFORMATION IS PROVIDED "AS IS" -// WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -// OR IMPLIED, INCLUDING BUT NOT LIMITED -// TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY -// AND/OR FITNESS FOR A PARTICULAR PURPOSE. -// -// Date - 10/08/2002 -// Author - Sanj Surati - -///////////////////////////////////////////////////////////// -// -// SPNEGOPARSE.C -// -// SPNEGO Token Handler Source File -// -// Contains implementation of SPNEGO Token parsing functions. -// -///////////////////////////////////////////////////////////// - -#include -#include -#include -#include "spnego.h" -#include "derparse.h" -#include "spnegoparse.h" - -// -// Defined in DERPARSE.C -// - -extern MECH_OID g_stcMechOIDList[]; - -/**********************************************************************/ -/** **/ -/** **/ -/** **/ -/** **/ -/** Local SPNEGO Helper definitions **/ -/** **/ -/** **/ -/** **/ -/** **/ -/**********************************************************************/ - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// CalculateMinSpnegoInitTokenSize -// -// Parameters: -// [in] nMechTokenLength - Length of the MechToken Element -// [in] nMechListMICLength - Length of the MechListMIC Element -// [in] mechOID - OID for MechList -// [in] nReqFlagsAvailable - Is ContextFlags element available -// [out] pnTokenSize - Filled out with total size of token -// [out] pnInternalTokenLength - Filled out with length minus length -// for initial token. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Calculates the required length for a SPNEGO NegTokenInit token based -// on the supplied variable length values and which elements are present. -// Note that because the lengths can be represented by an arbitrary -// number of bytes in DER encodings, we actually calculate the lengths -// backwards, so we always know how many bytes we will potentially be -// writing out. -// -//////////////////////////////////////////////////////////////////////////// - -int -CalculateMinSpnegoInitTokenSize(long nMechTokenLength, - long nMechListMICLength, SPNEGO_MECH_OID mechOid, - int nReqFlagsAvailable, long *pnTokenSize, long *pnInternalTokenLength) -{ - int nReturn = SPNEGO_E_INVALID_LENGTH; - - // Start at 0. - long nTotalLength = 0; - long nTempLength = 0L; - - // We will calculate this by walking the token backwards - - // Start with MIC Element - if (nMechListMICLength > 0L) { - nTempLength = ASNDerCalcElementLength(nMechListMICLength, NULL); - - // Check for rollover error - if (nTempLength < nMechListMICLength) { - goto xEndTokenInitLength; - } - - nTotalLength += nTempLength; - } - // Next is the MechToken - if (nMechTokenLength > 0L) { - nTempLength += ASNDerCalcElementLength(nMechTokenLength, NULL); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenInitLength; - } - - nTotalLength = nTempLength; - } - // Next is the ReqFlags - if (nReqFlagsAvailable) { - nTempLength += - ASNDerCalcElementLength(SPNEGO_NEGINIT_MAXLEN_REQFLAGS, NULL); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenInitLength; - } - - nTotalLength = nTempLength; - } - // Next is the MechList - This is REQUIRED - nTempLength += ASNDerCalcMechListLength(mechOid, NULL); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenInitLength; - } - - nTotalLength = nTempLength; - - // Following four fields are the basic header tokens - - // Sequence Token - nTempLength += ASNDerCalcTokenLength(nTotalLength, 0L); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenInitLength; - } - - nTotalLength = nTempLength; - - // Neg Token Identifier Token - nTempLength += ASNDerCalcTokenLength(nTotalLength, 0L); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenInitLength; - } - - nTotalLength = nTempLength; - - // SPNEGO OID Token - nTempLength += g_stcMechOIDList[spnego_mech_oid_Spnego].iLen; - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenInitLength; - } - - nTotalLength = nTempLength; - - // App Constructed Token - nTempLength += ASNDerCalcTokenLength(nTotalLength, 0L); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenInitLength; - } - // The internal length doesn't include the number of bytes - // for the initial token - *pnInternalTokenLength = nTotalLength; - nTotalLength = nTempLength; - - // We're done - *pnTokenSize = nTotalLength; - nReturn = SPNEGO_E_SUCCESS; - -xEndTokenInitLength: - - LOG(("CalculateMinSpnegoInitTokenSize returned %d\n", nReturn)); - return nReturn; - -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// CreateSpnegoInitToken -// -// Parameters: -// [in] MechType - OID in MechList -// [in] ucContextFlags - ContextFlags value -// [in] pbMechToken - Mech Token Binary Data -// [in] ulMechTokenLen - Length of Mech Token -// [in] pbMechListMIC - MechListMIC Binary Data -// [in] ulMechListMICn - Length of MechListMIC -// [out] pbTokenData - Buffer to write token into. -// [in] nTokenLength - Length of pbTokenData buffer -// [in] nInternalTokenLength - Length of full token without leading -// token bytes. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Uses DER to fill out pbTokenData with a SPNEGO NegTokenInit Token -// Note that because the lengths can be represented by an arbitrary -// number of bytes in DER encodings, we actually calculate the lengths -// backwards, so we always know how many bytes we will potentially be -// writing out. -// -//////////////////////////////////////////////////////////////////////////// - -int -CreateSpnegoInitToken(SPNEGO_MECH_OID MechType, - unsigned char ucContextFlags, unsigned char *pbMechToken, - unsigned long ulMechTokenLen, unsigned char *pbMechListMIC, - unsigned long ulMechListMICLen, unsigned char *pbTokenData, - long nTokenLength, long nInternalTokenLength) -{ - int nReturn = SPNEGO_E_INVALID_LENGTH; - - // Start at 0. - long nTempLength = 0L; - long nTotalBytesWritten = 0L; - long nInternalLength = 0L; - - unsigned char *pbWriteTokenData = pbTokenData + nTokenLength; - - // Temporary buffer to hold the REQ Flags as BIT String Data - unsigned char abTempReqFlags[SPNEGO_NEGINIT_MAXLEN_REQFLAGS]; - - - // We will write the token out backwards to properly handle the cases - // where the length bytes become adjustable - - // Start with MIC Element - if (ulMechListMICLen > 0L) { - nTempLength = - ASNDerCalcElementLength(ulMechListMICLen, &nInternalLength); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteElement(pbWriteTokenData, - SPNEGO_NEGINIT_ELEMENT_MECHLISTMIC, OCTETSTRING, pbMechListMIC, - ulMechListMICLen); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenInit; - } - - } // IF MechListMIC is present - - // Next is the MechToken - if (ulMechTokenLen > 0L) { - nTempLength = ASNDerCalcElementLength(ulMechTokenLen, &nInternalLength); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteElement(pbWriteTokenData, - SPNEGO_NEGINIT_ELEMENT_MECHTOKEN, OCTETSTRING, pbMechToken, - ulMechTokenLen); - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenInit; - } - - } // IF MechToken Length is present - - // Next is the ReqFlags - if (ucContextFlags > 0L) { - - nTempLength = - ASNDerCalcElementLength(SPNEGO_NEGINIT_MAXLEN_REQFLAGS, - &nInternalLength); - - // We need a byte that indicates how many bits difference between the number - // of bits used in final octet (we only have one) and the max (8) - - abTempReqFlags[0] = SPNEGO_NEGINIT_REQFLAGS_BITDIFF; - abTempReqFlags[1] = ucContextFlags; - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteElement(pbWriteTokenData, - SPNEGO_NEGINIT_ELEMENT_REQFLAGS, BITSTRING, abTempReqFlags, - SPNEGO_NEGINIT_MAXLEN_REQFLAGS); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenInit; - } - - } // IF ContextFlags - - // Next is the MechList - This is REQUIRED - nTempLength = ASNDerCalcMechListLength(MechType, &nInternalLength); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = ASNDerWriteMechList(pbWriteTokenData, MechType); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenInit; - } - // The next tokens we're writing out reflect the total number of bytes - // we have actually written out. - - // Sequence Token - nTempLength = ASNDerCalcTokenLength(nTotalBytesWritten, 0L); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteToken(pbWriteTokenData, SPNEGO_CONSTRUCTED_SEQUENCE, NULL, - nTotalBytesWritten); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenInit; - } - // Neg Init Token Identifier Token - nTempLength = ASNDerCalcTokenLength(nTotalBytesWritten, 0L); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteToken(pbWriteTokenData, SPNEGO_NEGINIT_TOKEN_IDENTIFIER, - NULL, nTotalBytesWritten); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenInit; - } - // SPNEGO OID Token - nTempLength = g_stcMechOIDList[spnego_mech_oid_Spnego].iLen; - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = ASNDerWriteOID(pbWriteTokenData, spnego_mech_oid_Spnego); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenInit; - } - // App Constructed Token - nTempLength = ASNDerCalcTokenLength(nTotalBytesWritten, 0L); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteToken(pbWriteTokenData, SPNEGO_NEGINIT_APP_CONSTRUCT, NULL, - nTotalBytesWritten); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - - // Don't adjust the internal token length here, it doesn't account - // the initial bytes written out (we really don't need to keep - // a running count here, but for debugging, it helps to be able - // to see the total number of bytes written out as well as the - // number of bytes left to write). - - if (nTotalBytesWritten == nTokenLength && nInternalTokenLength == 0 && - pbWriteTokenData == pbTokenData) { - nReturn = SPNEGO_E_SUCCESS; - } - -xEndWriteNegTokenInit: - - LOG(("CreateSpnegoInitToken returned %d\n", nReturn)); - return nReturn; - -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// CalculateMinSpnegoTargTokenSize -// -// Parameters: -// [in] MechType - Supported MechType -// [in] spnegoNegResult - Neg Result -// [in] nMechTokenLength - Length of the MechToken Element -// [in] nMechListMICLength - Length of the MechListMIC Element -// [out] pnTokenSize - Filled out with total size of token -// [out] pnInternalTokenLength - Filled out with length minus length -// for initial token. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Calculates the required length for a SPNEGO NegTokenTarg token based -// on the supplied variable length values and which elements are present. -// Note that because the lengths can be represented by an arbitrary -// number of bytes in DER encodings, we actually calculate the lengths -// backwards, so we always know how many bytes we will potentially be -// writing out. -// -//////////////////////////////////////////////////////////////////////////// - -int -CalculateMinSpnegoTargTokenSize(SPNEGO_MECH_OID MechType, - SPNEGO_NEGRESULT spnegoNegResult, long nMechTokenLen, - long nMechListMICLen, long *pnTokenSize, long *pnInternalTokenLength) -{ - int nReturn = SPNEGO_E_INVALID_LENGTH; - - // Start at 0. - long nTotalLength = 0; - long nTempLength = 0L; - - // We will calculate this by walking the token backwards - - // Start with MIC Element - if (nMechListMICLen > 0L) { - nTempLength = ASNDerCalcElementLength(nMechListMICLen, NULL); - - // Check for rollover error - if (nTempLength < nMechListMICLen) { - goto xEndTokenTargLength; - } - - nTotalLength += nTempLength; - } - // Next is the MechToken - if (nMechTokenLen > 0L) { - nTempLength += ASNDerCalcElementLength(nMechTokenLen, NULL); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenTargLength; - } - - nTotalLength = nTempLength; - } - // Supported MechType - if (spnego_mech_oid_NotUsed != MechType) { - // Supported MechOID element - we use the token function since - // we already know the size of the OID token and value - nTempLength += - ASNDerCalcElementLength(g_stcMechOIDList[MechType].iActualDataLen, - NULL); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenTargLength; - } - - nTotalLength = nTempLength; - - } // IF MechType is available - - // NegResult Element - if (spnego_negresult_NotUsed != spnegoNegResult) { - nTempLength += - ASNDerCalcElementLength(SPNEGO_NEGTARG_MAXLEN_NEGRESULT, NULL); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenTargLength; - } - - nTotalLength = nTempLength; - - } // IF negResult is available - - // Following two fields are the basic header tokens - - // Sequence Token - nTempLength += ASNDerCalcTokenLength(nTotalLength, 0L); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenTargLength; - } - - nTotalLength = nTempLength; - - // Neg Token Identifier Token - nTempLength += ASNDerCalcTokenLength(nTotalLength, 0L); - - // Check for rollover error - if (nTempLength < nTotalLength) { - goto xEndTokenTargLength; - } - // The internal length doesn't include the number of bytes - // for the initial token - *pnInternalTokenLength = nTotalLength; - nTotalLength = nTempLength; - - // We're done - *pnTokenSize = nTotalLength; - nReturn = SPNEGO_E_SUCCESS; - -xEndTokenTargLength: - - LOG(("CalculateMinSpnegoTargTokenSize returned %d\n", nReturn)); - return nReturn; - -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// CreateSpnegoTargToken -// -// Parameters: -// [in] MechType - Supported MechType -// [in] eNegResult - NegResult value -// [in] pbMechToken - Mech Token Binary Data -// [in] ulMechTokenLen - Length of Mech Token -// [in] pbMechListMIC - MechListMIC Binary Data -// [in] ulMechListMICn - Length of MechListMIC -// [out] pbTokenData - Buffer to write token into. -// [in] nTokenLength - Length of pbTokenData buffer -// [in] nInternalTokenLength - Length of full token without leading -// token bytes. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Uses DER to fill out pbTokenData with a SPNEGO NegTokenTarg Token -// Note that because the lengths can be represented by an arbitrary -// number of bytes in DER encodings, we actually calculate the lengths -// backwards, so we always know how many bytes we will potentially be -// writing out. -// -//////////////////////////////////////////////////////////////////////////// - -int -CreateSpnegoTargToken(SPNEGO_MECH_OID MechType, - SPNEGO_NEGRESULT eNegResult, unsigned char *pbMechToken, - unsigned long ulMechTokenLen, unsigned char *pbMechListMIC, - unsigned long ulMechListMICLen, unsigned char *pbTokenData, - long nTokenLength, long nInternalTokenLength) -{ - int nReturn = SPNEGO_E_INVALID_LENGTH; - - // Start at 0. - long nTempLength = 0L; - long nTotalBytesWritten = 0L; - long nInternalLength = 0L; - - unsigned char ucTemp = 0; - - // We will write the token out backwards to properly handle the cases - // where the length bytes become adjustable, so the write location - // is initialized to point *just* past the end of the buffer. - - unsigned char *pbWriteTokenData = pbTokenData + nTokenLength; - - - // Start with MIC Element - if (ulMechListMICLen > 0L) { - nTempLength = - ASNDerCalcElementLength(ulMechListMICLen, &nInternalLength); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteElement(pbWriteTokenData, - SPNEGO_NEGTARG_ELEMENT_MECHLISTMIC, OCTETSTRING, pbMechListMIC, - ulMechListMICLen); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenTarg; - } - - } // IF MechListMIC is present - - // Next is the MechToken - if (ulMechTokenLen > 0L) { - nTempLength = ASNDerCalcElementLength(ulMechTokenLen, &nInternalLength); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteElement(pbWriteTokenData, - SPNEGO_NEGTARG_ELEMENT_RESPONSETOKEN, OCTETSTRING, pbMechToken, - ulMechTokenLen); - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenTarg; - } - - } // IF MechToken Length is present - - // Supported Mech Type - if (spnego_mech_oid_NotUsed != MechType) { - - nTempLength = - ASNDerCalcElementLength(g_stcMechOIDList[MechType].iActualDataLen, - &nInternalLength); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteToken(pbWriteTokenData, - SPNEGO_NEGTARG_ELEMENT_SUPPORTEDMECH, - g_stcMechOIDList[MechType].ucOid, g_stcMechOIDList[MechType].iLen); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenTarg; - } - - } // IF MechType is present - - // Neg Result - // NegResult Element - if (spnego_negresult_NotUsed != eNegResult) { - ucTemp = (unsigned char) eNegResult; - - nTempLength = - ASNDerCalcElementLength(SPNEGO_NEGTARG_MAXLEN_NEGRESULT, - &nInternalLength); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteElement(pbWriteTokenData, - SPNEGO_NEGTARG_ELEMENT_NEGRESULT, ENUMERATED, &ucTemp, - SPNEGO_NEGTARG_MAXLEN_NEGRESULT); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenTarg; - } - - } // If eNegResult is available - - // The next tokens we're writing out reflect the total number of bytes - // we have actually written out. - - // Sequence Token - nTempLength = ASNDerCalcTokenLength(nTotalBytesWritten, 0L); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteToken(pbWriteTokenData, SPNEGO_CONSTRUCTED_SEQUENCE, NULL, - nTotalBytesWritten); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - nInternalTokenLength -= nTempLength; - - if (nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0) { - goto xEndWriteNegTokenTarg; - } - // Neg Targ Token Identifier Token - nTempLength = ASNDerCalcTokenLength(nTotalBytesWritten, 0L); - - // Decrease the pbWriteTokenData, now we know the length and - // write it out. - pbWriteTokenData -= nTempLength; - nTempLength = - ASNDerWriteToken(pbWriteTokenData, SPNEGO_NEGTARG_TOKEN_IDENTIFIER, - NULL, nTotalBytesWritten); - - // Adjust Values and sanity check - nTotalBytesWritten += nTempLength; - - // Don't adjust the internal token length here, it doesn't account - // the initial bytes written out (we really don't need to keep - // a running count here, but for debugging, it helps to be able - // to see the total number of bytes written out as well as the - // number of bytes left to write). - - if (nTotalBytesWritten == nTokenLength && nInternalTokenLength == 0 && - pbWriteTokenData == pbTokenData) { - nReturn = SPNEGO_E_SUCCESS; - } - - -xEndWriteNegTokenTarg: - - LOG(("CreateSpnegoTargToken returned %d\n", nReturn)); - return nReturn; - - -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// AllocEmptySpnegoToken -// -// Parameters: -// [in] ucCopyData - Flag to copy data or pointer. -// [in] ulFlags - Flags for SPNEGO_TOKEN data member. -// [in] pbTokenData - Binary token data. -// [in] ulTokenSize - Size of pbTokenData. -// -// Returns: -// SPNEGO_TOKEN* Success - Pointer to initialized SPNEGO_TOKEN struct -// Failure - NULL -// -// Comments : -// Allocates a SPNEGO_TOKEN data structure and initializes it. Based on -// the value of ucCopyData, if non-zero, we copy the data into a buffer -// we allocate in this function, otherwise, we copy the data pointer -// direcly. -// -//////////////////////////////////////////////////////////////////////////// - -SPNEGO_TOKEN * -AllocEmptySpnegoToken(unsigned char ucCopyData, unsigned long ulFlags, - unsigned char *pbTokenData, unsigned long ulTokenSize) -{ - SPNEGO_TOKEN *pSpnegoToken = - (SPNEGO_TOKEN *) calloc(1, sizeof(SPNEGO_TOKEN)); - - if (NULL != pSpnegoToken) { - // Set the token size - pSpnegoToken->nStructSize = SPNEGO_TOKEN_SIZE; - - // Initialize the element array - InitSpnegoTokenElementArray(pSpnegoToken); - - // Assign the flags value - pSpnegoToken->ulFlags = ulFlags; - - // - // IF ucCopyData is TRUE, we will allocate a buffer and copy data into it. - // Otherwise, we will just copy the pointer and the length. This is so we - // can cut out additional allocations for performance reasons - // - - if (SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA == ucCopyData) { - // Alloc the internal buffer. Cleanup on failure. - pSpnegoToken->pbBinaryData = - (unsigned char *) calloc(ulTokenSize, sizeof(unsigned char)); - - if (NULL != pSpnegoToken->pbBinaryData) { - // We must ALWAYS free this buffer - pSpnegoToken->ulFlags |= SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA; - - // Copy the data locally - memcpy(pSpnegoToken->pbBinaryData, pbTokenData, ulTokenSize); - pSpnegoToken->ulBinaryDataLen = ulTokenSize; - } else { - free(pSpnegoToken); - pSpnegoToken = NULL; - } - - } // IF ucCopyData - else { - // Copy the pointer and the length directly - ulFlags will control whether or not - // we are allowed to free the value - - pSpnegoToken->pbBinaryData = pbTokenData; - pSpnegoToken->ulBinaryDataLen = ulTokenSize; - } - - } - - return pSpnegoToken; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// FreeSpnegoToken -// -// Parameters: -// [in] pSpnegoToken - Points to SPNEGO_TOKEN to free. -// -// Returns: -// void -// -// Comments : -// If non-NULL, interprets pSpnegoToken, freeing any internal allocations -// and finally the actual structure. -// -//////////////////////////////////////////////////////////////////////////// - -void -FreeSpnegoToken(SPNEGO_TOKEN * pSpnegoToken) -{ - if (NULL != pSpnegoToken) { - - // Cleanup internal allocation per the flags - if (pSpnegoToken->ulFlags & SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA && - NULL != pSpnegoToken->pbBinaryData) { - free(pSpnegoToken->pbBinaryData); - pSpnegoToken->pbBinaryData = NULL; - } - - free(pSpnegoToken); - } -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// InitSpnegoTokenElementArray -// -// Parameters: -// [in] pSpnegoToken - Points to SPNEGO_TOKEN structure. -// -// Returns: -// void -// -// Comments : -// Initializes the element array data member of a SPNEGO_TOKEN data -// structure. -// -//////////////////////////////////////////////////////////////////////////// - -void -InitSpnegoTokenElementArray(SPNEGO_TOKEN * pSpnegoToken) -{ - int nCtr; - - // Set the number of elemnts - pSpnegoToken->nNumElements = MAX_NUM_TOKEN_ELEMENTS; - - // - // Initially, all elements are unavailable - // - - for (nCtr = 0; nCtr < MAX_NUM_TOKEN_ELEMENTS; nCtr++) { - // Set the element size as well - pSpnegoToken->aElementArray[nCtr].nStructSize = SPNEGO_ELEMENT_SIZE; - pSpnegoToken->aElementArray[nCtr].iElementPresent = - SPNEGO_TOKEN_ELEMENT_UNAVAILABLE; - } - -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// InitSpnegoTokenType -// -// Parameters: -// [in] pSpnegoToken - Points to SPNEGO_TOKEN structure. -// [out] pnTokenLength - Filled out with total token length -// [out] pnRemainingTokenLength - Filled out with remaining length -// after header is parsed -// [out] ppbFirstElement - Filled out with pointer to first -// element after header info. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Walks the underlying binary data for a SPNEGO_TOKEN data structure -// and determines the type of the underlying token based on token header -// information. -// -//////////////////////////////////////////////////////////////////////////// - -int -InitSpnegoTokenType(SPNEGO_TOKEN * pSpnegoToken, long *pnTokenLength, - long *pnRemainingTokenLength, unsigned char **ppbFirstElement) -{ - int nReturn = SPNEGO_E_INVALID_TOKEN; - long nActualTokenLength = 0L; - long nBoundaryLength = pSpnegoToken->ulBinaryDataLen; - unsigned char *pbTokenData = pSpnegoToken->pbBinaryData; - - // - // First byte MUST be either an APP_CONSTRUCT or the NEGTARG_TOKEN_TARG - // - - if (SPNEGO_NEGINIT_APP_CONSTRUCT == *pbTokenData) { - // Validate the above token - this will tell us the actual length of the token - // per the encoding (minus the actual token bytes) - if ((nReturn = - ASNDerCheckToken(pbTokenData, SPNEGO_NEGINIT_APP_CONSTRUCT, 0L, - nBoundaryLength, pnTokenLength, &nActualTokenLength)) - == SPNEGO_E_SUCCESS) { - // Initialize the remaining token length value. This will be used - // to tell the caller how much token there is left once we've parsed - // the header (they could calculate it from the other values, but this - // is a bit friendlier) - *pnRemainingTokenLength = *pnTokenLength; - - // Make adjustments to next token - pbTokenData += nActualTokenLength; - nBoundaryLength -= nActualTokenLength; - - // The next token should be an OID - if ((nReturn = - ASNDerCheckOID(pbTokenData, spnego_mech_oid_Spnego, - nBoundaryLength, - &nActualTokenLength)) == SPNEGO_E_SUCCESS) { - // Make adjustments to next token - pbTokenData += nActualTokenLength; - nBoundaryLength -= nActualTokenLength; - *pnRemainingTokenLength -= nActualTokenLength; - - // The next token should specify the NegTokenInit - if ((nReturn = - ASNDerCheckToken(pbTokenData, - SPNEGO_NEGINIT_TOKEN_IDENTIFIER, - *pnRemainingTokenLength, nBoundaryLength, - pnTokenLength, &nActualTokenLength)) - == SPNEGO_E_SUCCESS) { - // Make adjustments to next token - pbTokenData += nActualTokenLength; - nBoundaryLength -= nActualTokenLength; - *pnRemainingTokenLength -= nActualTokenLength; - - // The next token should specify the start of a sequence - if ((nReturn = - ASNDerCheckToken(pbTokenData, - SPNEGO_CONSTRUCTED_SEQUENCE, - *pnRemainingTokenLength, nBoundaryLength, - pnTokenLength, &nActualTokenLength)) - == SPNEGO_E_SUCCESS) { - // NegTokenInit header is now checked out! - - // Make adjustments to next token - *pnRemainingTokenLength -= nActualTokenLength; - - // Store pointer to first element - *ppbFirstElement = pbTokenData + nActualTokenLength; - pSpnegoToken->ucTokenType = SPNEGO_TOKEN_INIT; - } // IF Check Sequence Token - - } // IF Check NegTokenInit token - - - } // IF Check for SPNEGO OID - - - } // IF check app construct token - - } else if (SPNEGO_NEGTARG_TOKEN_IDENTIFIER == *pbTokenData) { - - // The next token should specify the NegTokenInit - if ((nReturn = - ASNDerCheckToken(pbTokenData, SPNEGO_NEGTARG_TOKEN_IDENTIFIER, - *pnRemainingTokenLength, nBoundaryLength, pnTokenLength, - &nActualTokenLength)) - == SPNEGO_E_SUCCESS) { - // Initialize the remaining token length value. This will be used - // to tell the caller how much token there is left once we've parsed - // the header (they could calculate it from the other values, but this - // is a bit friendlier) - *pnRemainingTokenLength = *pnTokenLength; - - // Make adjustments to next token - pbTokenData += nActualTokenLength; - nBoundaryLength -= nActualTokenLength; - - // The next token should specify the start of a sequence - if ((nReturn = - ASNDerCheckToken(pbTokenData, SPNEGO_CONSTRUCTED_SEQUENCE, - *pnRemainingTokenLength, nBoundaryLength, pnTokenLength, - &nActualTokenLength)) - == SPNEGO_E_SUCCESS) { - // NegTokenInit header is now checked out! - - // Make adjustments to next token - *pnRemainingTokenLength -= nActualTokenLength; - - // Store pointer to first element - *ppbFirstElement = pbTokenData + nActualTokenLength; - pSpnegoToken->ucTokenType = SPNEGO_TOKEN_TARG; - } // IF Check Sequence Token - - } // IF Check NegTokenInit token - - } // ELSE IF it's a NegTokenTarg - - LOG(("InitSpnegoTokenType returned %d\n", nReturn)); - return nReturn; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// GetSpnegoInitTokenMechList -// -// Parameters: -// [in] pbTokenData - Points to binary MechList element -// in NegTokenInit. -// [in] nMechListLength - Length of the MechList -// [out] pSpnegoElement - Filled out with MechList Element -// data. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Checks that pbTokenData is pointing at something that at least -// *looks* like a MechList and then fills out the supplied -// SPNEGO_ELEMENT structure. -// -//////////////////////////////////////////////////////////////////////////// - -int -GetSpnegoInitTokenMechList(unsigned char *pbTokenData, int nMechListLength, - SPNEGO_ELEMENT * pSpnegoElement) -{ - int nReturn = SPNEGO_E_INVALID_TOKEN; - long nLength = 0L; - long nActualTokenLength = 0L; - - // Actual MechList is prepended by a Constructed Sequence Token - if ((nReturn = ASNDerCheckToken(pbTokenData, SPNEGO_CONSTRUCTED_SEQUENCE, - nMechListLength, nMechListLength, - &nLength, &nActualTokenLength)) - == SPNEGO_E_SUCCESS) { - // Adjust for this token - nMechListLength -= nActualTokenLength; - pbTokenData += nActualTokenLength; - - // Perform simple validation of the actual MechList (i.e. ensure that - // the OIDs in the MechList are reasonable). - - if ((nReturn = - ValidateMechList(pbTokenData, nLength)) == SPNEGO_E_SUCCESS) { - // Initialize the element now - pSpnegoElement->eElementType = spnego_init_mechtypes; - pSpnegoElement->iElementPresent = SPNEGO_TOKEN_ELEMENT_AVAILABLE; - pSpnegoElement->type = SPNEGO_MECHLIST_TYPE; - pSpnegoElement->nDatalength = nLength; - pSpnegoElement->pbData = pbTokenData; - } - - } // IF Check Token - - LOG(("GetSpnegoInitTokenMechList returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// InitSpnegoTokenElementFromBasicType -// -// Parameters: -// [in] pbTokenData - Points to binary element data in -// a SPNEGO token. -// [in] nElementLength - Length of the element -// [in] ucExpectedType - Expected DER type. -// [in] spnegoElementType - Which element is this? -// [out] pSpnegoElement - Filled out with element data. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Checks that pbTokenData is pointing at the specified DER type. If so, -// then we verify that lengths are proper and then fill out the -// SPNEGO_ELEMENT data structure. -// -//////////////////////////////////////////////////////////////////////////// - -int -InitSpnegoTokenElementFromBasicType(unsigned char *pbTokenData, - int nElementLength, unsigned char ucExpectedType, - SPNEGO_ELEMENT_TYPE spnegoElementType, SPNEGO_ELEMENT * pSpnegoElement) -{ - int nReturn = SPNEGO_E_UNEXPECTED_TYPE; - long nLength = 0L; - long nActualTokenLength = 0L; - - // The type BYTE must match our token data or something is badly wrong - if (*pbTokenData == ucExpectedType) { - - // Check that we are pointing at the specified type - if ((nReturn = ASNDerCheckToken(pbTokenData, ucExpectedType, - nElementLength, nElementLength, - &nLength, &nActualTokenLength)) - == SPNEGO_E_SUCCESS) { - // Adjust for this token - nElementLength -= nActualTokenLength; - pbTokenData += nActualTokenLength; - - // Initialize the element now - pSpnegoElement->eElementType = spnegoElementType; - pSpnegoElement->iElementPresent = SPNEGO_TOKEN_ELEMENT_AVAILABLE; - pSpnegoElement->type = ucExpectedType; - pSpnegoElement->nDatalength = nLength; - pSpnegoElement->pbData = pbTokenData; - } - - } // IF type makes sense - - LOG(("InitSpnegoTokenElementFromBasicType returned %d\n", nReturn)); - return nReturn; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// InitSpnegoTokenElementFromOID -// -// Parameters: -// [in] pbTokenData - Points to binary element data in -// a SPNEGO token. -// [in] nElementLength - Length of the element -// [in] spnegoElementType - Which element is this? -// [out] pSpnegoElement - Filled out with element data. -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Initializes a SpnegoElement from an OID - normally, this would have -// used the Basic Type function above, but since we do binary compares -// on the OIDs against the DER information as well as the OID, we need -// to account for that. -// -//////////////////////////////////////////////////////////////////////////// - -int -InitSpnegoTokenElementFromOID(unsigned char *pbTokenData, int nElementLength, - SPNEGO_ELEMENT_TYPE spnegoElementType, SPNEGO_ELEMENT * pSpnegoElement) -{ - int nReturn = SPNEGO_E_UNEXPECTED_TYPE; - long nLength = 0L; - long nActualTokenLength = 0L; - - // The type BYTE must match our token data or something is badly wrong - if (*pbTokenData == OID) { - - // Check that we are pointing at an OID type - if ((nReturn = ASNDerCheckToken(pbTokenData, OID, - nElementLength, nElementLength, - &nLength, &nActualTokenLength)) - == SPNEGO_E_SUCCESS) { - // Don't adjust any values for this function - - // Initialize the element now - pSpnegoElement->eElementType = spnegoElementType; - pSpnegoElement->iElementPresent = SPNEGO_TOKEN_ELEMENT_AVAILABLE; - pSpnegoElement->type = OID; - pSpnegoElement->nDatalength = nElementLength; - pSpnegoElement->pbData = pbTokenData; - } - - } // IF type makes sense - - LOG(("InitSpnegoTokenElementFromBasicType returned %d\n", nReturn)); - return nReturn; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// InitSpnegoTokenElements -// -// Parameters: -// [in] pSpnegoToken - Points to SPNEGO_TOKEN struct -// [in] pbTokenData - Points to initial binary element -// data in a SPNEGO token. -// [in] nRemainingTokenLength - Length remaining past header -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Interprets the data at pbTokenData based on the TokenType in -// pSpnegoToken. Since some elements are optional (technically all are -// but the token becomes quite useless if this is so), we check if -// an element exists before filling out the element in the array. -// -//////////////////////////////////////////////////////////////////////////// - -int -InitSpnegoTokenElements(SPNEGO_TOKEN * pSpnegoToken, unsigned char *pbTokenData, - long nRemainingTokenLength) -{ - // - // The following arrays contain the token identifiers for the elements - // comprising the actual token. All values are optional, and there are - // no defaults. - // - - static unsigned char abNegTokenInitElements[] = { SPNEGO_NEGINIT_ELEMENT_MECHTYPES, SPNEGO_NEGINIT_ELEMENT_REQFLAGS, - SPNEGO_NEGINIT_ELEMENT_MECHTOKEN, SPNEGO_NEGINIT_ELEMENT_MECHLISTMIC - }; - - static unsigned char abNegTokenTargElements[] = { SPNEGO_NEGTARG_ELEMENT_NEGRESULT, - SPNEGO_NEGTARG_ELEMENT_SUPPORTEDMECH, - SPNEGO_NEGTARG_ELEMENT_RESPONSETOKEN, SPNEGO_NEGTARG_ELEMENT_MECHLISTMIC - }; - - int nReturn = SPNEGO_E_SUCCESS; - int nCtr = 0L; - long nElementLength = 0L; - long nActualTokenLength = 0L; - unsigned char *pbElements = NULL; - - // Point to the correct array - switch (pSpnegoToken->ucTokenType) { - case SPNEGO_TOKEN_INIT: { - pbElements = abNegTokenInitElements; - } - break; - - case SPNEGO_TOKEN_TARG: { - pbElements = abNegTokenTargElements; - } - break; - - } // SWITCH tokentype - - // - // Enumerate the element arrays and look for the tokens at our current location - // - - for (nCtr = 0L; - SPNEGO_E_SUCCESS == nReturn && - nCtr < MAX_NUM_TOKEN_ELEMENTS && nRemainingTokenLength > 0L; nCtr++) { - - // Check if the token exists - if ((nReturn = ASNDerCheckToken(pbTokenData, pbElements[nCtr], - 0L, nRemainingTokenLength, - &nElementLength, &nActualTokenLength)) - == SPNEGO_E_SUCCESS) { - - // Token data should skip over the sequence token and then - // call the appropriate function to initialize the element - pbTokenData += nActualTokenLength; - - // Lengths in the elements should NOT go beyond the element - // length - - // Different tokens mean different elements - if (SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType) { - - // Handle each element as appropriate - switch (pbElements[nCtr]) { - - case SPNEGO_NEGINIT_ELEMENT_MECHTYPES: { - // - // This is a Mech List that specifies which OIDs the - // originator of the Init Token supports. - // - - nReturn = - GetSpnegoInitTokenMechList(pbTokenData, - nElementLength, &pSpnegoToken->aElementArray[nCtr]); - - } - break; - - case SPNEGO_NEGINIT_ELEMENT_REQFLAGS: { - // - // This is a BITSTRING which specifies the flags that the receiver - // pass to the gss_accept_sec_context() function. - // - - nReturn = - InitSpnegoTokenElementFromBasicType(pbTokenData, - nElementLength, BITSTRING, spnego_init_reqFlags, - &pSpnegoToken->aElementArray[nCtr]); - } - break; - - case SPNEGO_NEGINIT_ELEMENT_MECHTOKEN: { - // - // This is an OCTETSTRING which contains a GSSAPI token corresponding - // to the first OID in the MechList. - // - - nReturn = - InitSpnegoTokenElementFromBasicType(pbTokenData, - nElementLength, OCTETSTRING, spnego_init_mechToken, - &pSpnegoToken->aElementArray[nCtr]); - } - break; - - case SPNEGO_NEGINIT_ELEMENT_MECHLISTMIC: { - // - // This is an OCTETSTRING which contains a message integrity BLOB. - // - - nReturn = - InitSpnegoTokenElementFromBasicType(pbTokenData, - nElementLength, OCTETSTRING, - spnego_init_mechListMIC, - &pSpnegoToken->aElementArray[nCtr]); - } - break; - - } // SWITCH Element - } else { - - switch (pbElements[nCtr]) { - - case SPNEGO_NEGTARG_ELEMENT_NEGRESULT: { - // - // This is an ENUMERATION which specifies result of the last GSS - // token negotiation call. - // - - nReturn = - InitSpnegoTokenElementFromBasicType(pbTokenData, - nElementLength, ENUMERATED, spnego_targ_negResult, - &pSpnegoToken->aElementArray[nCtr]); - } - break; - - case SPNEGO_NEGTARG_ELEMENT_SUPPORTEDMECH: { - // - // This is an OID which specifies a supported mechanism. - // - - nReturn = - InitSpnegoTokenElementFromOID(pbTokenData, - nElementLength, spnego_targ_mechListMIC, - &pSpnegoToken->aElementArray[nCtr]); - } - break; - - case SPNEGO_NEGTARG_ELEMENT_RESPONSETOKEN: { - // - // This is an OCTETSTRING which specifies results of the last GSS - // token negotiation call. - // - - nReturn = - InitSpnegoTokenElementFromBasicType(pbTokenData, - nElementLength, OCTETSTRING, - spnego_targ_responseToken, - &pSpnegoToken->aElementArray[nCtr]); - } - break; - - case SPNEGO_NEGTARG_ELEMENT_MECHLISTMIC: { - // - // This is an OCTETSTRING which specifies a message integrity BLOB. - // - - nReturn = - InitSpnegoTokenElementFromBasicType(pbTokenData, - nElementLength, OCTETSTRING, - spnego_targ_mechListMIC, - &pSpnegoToken->aElementArray[nCtr]); - } - break; - - } // SWITCH Element - - } // ELSE !NegTokenInit - - // Account for the entire token and following data - nRemainingTokenLength -= (nActualTokenLength + nElementLength); - - // Token data should skip past the element length now - pbTokenData += nElementLength; - - } // IF Token found - else if (SPNEGO_E_TOKEN_NOT_FOUND == nReturn) { - // For now, this is a benign error (remember, all elements are optional, so - // if we don't find one, it's okay). - - nReturn = SPNEGO_E_SUCCESS; - } - - } // FOR enum elements - - // - // We should always run down to 0 remaining bytes in the token. If not, we've got - // a bad token. - // - - if (SPNEGO_E_SUCCESS == nReturn && nRemainingTokenLength != 0L) { - nReturn = SPNEGO_E_INVALID_TOKEN; - } - - LOG(("InitSpnegoTokenElements returned %d\n", nReturn)); - return nReturn; -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// FindMechOIDInMechList -// -// Parameters: -// [in] pSpnegoElement - SPNEGO_ELEMENT for MechList -// [in] MechOID - OID we're looking for. -// [out] piMechTypeIndex - Index in the list where OID was -// found -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Walks the MechList for MechOID. When it is found, the index in the -// list is written to piMechTypeIndex. -// -//////////////////////////////////////////////////////////////////////////// - -int -FindMechOIDInMechList(SPNEGO_ELEMENT * pSpnegoElement, SPNEGO_MECH_OID MechOID, - int *piMechTypeIndex) -{ - int nReturn = SPNEGO_E_NOT_FOUND; - int nCtr = 0; - long nLength = 0L; - long nBoundaryLength = pSpnegoElement->nDatalength; - unsigned char *pbMechListData = pSpnegoElement->pbData; - - while (SPNEGO_E_SUCCESS != nReturn && nBoundaryLength > 0L) { - - // Use the helper function to check the OID - if ((nReturn = - ASNDerCheckOID(pbMechListData, MechOID, nBoundaryLength, - &nLength)) - == SPNEGO_E_SUCCESS) { - *piMechTypeIndex = nCtr; - } - // Adjust for the current OID - pbMechListData += nLength; - nBoundaryLength -= nLength; - nCtr++; - - } // WHILE enuming OIDs - - LOG(("FindMechOIDInMechList returned %d\n", nReturn)); - return nReturn; - -} - - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// ValidateMechList -// -// Parameters: -// [in] pbMechListData - Pointer to binary MechList data -// [in] nBoundaryLength - Length we must not exceed -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Checks the data at pbMechListData to see if it looks like a MechList. -// As part of this, we walk the list and ensure that none of the OIDs -// have a length that takes us outside of nBoundaryLength. -// -//////////////////////////////////////////////////////////////////////////// - -int -ValidateMechList(unsigned char *pbMechListData, long nBoundaryLength) -{ - int nReturn = SPNEGO_E_SUCCESS; - long nLength = 0L; - long nTokenLength = 0L; - - while (SPNEGO_E_SUCCESS == nReturn && nBoundaryLength > 0L) { - // Verify that we have something that at least *looks* like an OID - in other - // words it has an OID identifier and specifies a length that doesn't go beyond - // the size of the list. - nReturn = ASNDerCheckToken(pbMechListData, OID, 0L, nBoundaryLength, - &nLength, &nTokenLength); - - // Adjust for the current OID - pbMechListData += (nLength + nTokenLength); - nBoundaryLength -= (nLength + nTokenLength); - - } // WHILE enuming OIDs - - LOG(("ValidateMechList returned %d\n", nReturn)); - return nReturn; - -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// IsValidMechOid -// -// Parameters: -// [in] mechOid - mechOID id enumeration -// -// Returns: -// int Success - 1 -// Failure - 0 -// -// Comments : -// Checks for a valid mechOid value. -// -//////////////////////////////////////////////////////////////////////////// - -int -IsValidMechOid(SPNEGO_MECH_OID mechOid) -{ - LOG(("IsValidMechOid returned %d\n", - mechOid >= spnego_mech_oid_Kerberos_V5_Legacy - && mechOid <= spnego_mech_oid_Spnego)); - return (mechOid >= spnego_mech_oid_Kerberos_V5_Legacy - && mechOid <= spnego_mech_oid_Spnego); -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// IsValidContextFlags -// -// Parameters: -// [in] ucContextFlags - ContextFlags value -// -// Returns: -// int Success - 1 -// Failure - 0 -// -// Comments : -// Checks for a valid ContextFlags value. -// -//////////////////////////////////////////////////////////////////////////// - -int -IsValidContextFlags(unsigned char ucContextFlags) -{ - // Mask out our valid bits. If there is anything leftover, this - // is not a valid value for Context Flags - LOG(("IsValidContextFlags returned %d\n", - ((ucContextFlags & ~SPNEGO_NEGINIT_CONTEXT_MASK) == 0))); - return ((ucContextFlags & ~SPNEGO_NEGINIT_CONTEXT_MASK) == 0); -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// IsValidNegResult -// -// Parameters: -// [in] negResult - NegResult value -// -// Returns: -// int Success - 1 -// Failure - 0 -// -// Comments : -// Checks for a valid NegResult value. -// -//////////////////////////////////////////////////////////////////////////// - -int -IsValidNegResult(SPNEGO_NEGRESULT negResult) -{ - LOG(("IsValidNegResult returned %d\n", negResult >= spnego_negresult_success - && negResult <= spnego_negresult_rejected)); - return (negResult >= spnego_negresult_success - && negResult <= spnego_negresult_rejected); -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// IsValidSpnegoToken -// -// Parameters: -// [in] pSpnegoToken - Points to SPNEGO_TOKEN data structure -// -// Returns: -// int Success - 1 -// Failure - 0 -// -// Comments : -// Performs simple heuristic on location pointed to by pSpnegoToken. -// -//////////////////////////////////////////////////////////////////////////// - -int -IsValidSpnegoToken(SPNEGO_TOKEN * pSpnegoToken) -{ - int nReturn = 0; - - // Parameter should be non-NULL - if (NULL != pSpnegoToken) { - // Length should be at least the size defined in the header - if (pSpnegoToken->nStructSize >= SPNEGO_TOKEN_SIZE) { - // Number of elements should be >= our maximum - if it's greater, that's - // okay, since we'll only be accessing the elements up to MAX_NUM_TOKEN_ELEMENTS - if (pSpnegoToken->nNumElements >= MAX_NUM_TOKEN_ELEMENTS) { - // Check for proper token type - if (SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType || - SPNEGO_TOKEN_TARG == pSpnegoToken->ucTokenType) { - nReturn = 1; - } - } - - } // IF struct size makes sense - - } // IF non-NULL spnego Token - - LOG(("IsValidSpnegoToken returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// IsValidSpnegoElement -// -// Parameters: -// [in] pSpnegoToken - Points to SPNEGO_TOKEN data structure -// [in] spnegoElement - spnegoElement Type from enumeration -// -// Returns: -// int Success - 1 -// Failure - 0 -// -// Comments : -// Checks that spnegoElement has a valid value and is appropriate for -// the SPNEGO token encapsulated by pSpnegoToken. -// -//////////////////////////////////////////////////////////////////////////// - -int -IsValidSpnegoElement(SPNEGO_TOKEN * pSpnegoToken, - SPNEGO_ELEMENT_TYPE spnegoElement) -{ - int nReturn = 0; - - // Check boundaries - if (spnegoElement > spnego_element_min && - spnegoElement < spnego_element_max) { - - // Check for appropriateness to token type - if (SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType) { - nReturn = (spnegoElement >= spnego_init_mechtypes && - spnegoElement <= spnego_init_mechListMIC); - } else { - nReturn = (spnegoElement >= spnego_targ_negResult && - spnegoElement <= spnego_targ_mechListMIC); - } - - } // IF boundary conditions are met - - LOG(("IsValidSpnegoElement returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// CalculateElementArrayIndex -// -// Parameters: -// [in] pSpnegoToken - Points to SPNEGO_TOKEN data structure -// [in] spnegoElement - spnegoElement Type from enumeration -// -// Returns: -// int index in the SPNEGO_TOKEN element array that the element can -// can be found -// -// Comments : -// Based on the Token Type, calculates the index in the element array -// at which the specified element can be found. -// -//////////////////////////////////////////////////////////////////////////// - -int -CalculateElementArrayIndex(SPNEGO_TOKEN * pSpnegoToken, - SPNEGO_ELEMENT_TYPE spnegoElement) -{ - int nReturn = 0; - - // Offset is difference between value and initial element identifier - // (these differ based on ucTokenType) - - if (SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType) { - nReturn = spnegoElement - spnego_init_mechtypes; - } else { - nReturn = spnegoElement - spnego_targ_negResult; - } - - LOG(("CalculateElementArrayIndex returned %d\n", nReturn)); - return nReturn; -} - -///////////////////////////////////////////////////////////////////////////// -// -// Function: -// InitTokenFromBinary -// -// Parameters: -// [in] ucCopyData - Flag indicating if data should be copied -// [in] ulFlags - Flags value for structure -// [in] pnTokenData - Binary Token Data -// [in] ulLength - Length of the data -// [out] ppSpnegoToken - Pointer to call allocated SPNEGO Token -// data structure -// -// Returns: -// int Success - SPNEGO_E_SUCCESS -// Failure - SPNEGO API Error code -// -// Comments : -// Allocates a SPNEGO_TOKEN data structure and fills it out as -// appropriate based in the flags passed into the function. -// -//////////////////////////////////////////////////////////////////////////// - - -// Initializes SPNEGO_TOKEN structure from DER encoded binary data -int -InitTokenFromBinary(unsigned char ucCopyData, unsigned long ulFlags, - unsigned char *pbTokenData, unsigned long ulLength, - SPNEGO_TOKEN ** ppSpnegoToken) -{ - int nReturn = SPNEGO_E_INVALID_PARAMETER; - SPNEGO_TOKEN *pSpnegoToken = NULL; - unsigned char *pbFirstElement = NULL; - long nTokenLength = 0L; - long nRemainingTokenLength = 0L; - - // Basic Parameter Validation - - if (NULL != pbTokenData && NULL != ppSpnegoToken && 0L != ulLength) { - - // - // Allocate the empty token, then initialize the data structure. - // - - pSpnegoToken = - AllocEmptySpnegoToken(ucCopyData, ulFlags, pbTokenData, ulLength); - - if (NULL != pSpnegoToken) { - - // Copy the binary data locally - - - // Initialize the token type - if ((nReturn = InitSpnegoTokenType(pSpnegoToken, &nTokenLength, - &nRemainingTokenLength, &pbFirstElement)) - == SPNEGO_E_SUCCESS) { - - // Initialize the element array - if ((nReturn = - InitSpnegoTokenElements(pSpnegoToken, pbFirstElement, - nRemainingTokenLength)) - == SPNEGO_E_SUCCESS) { - *ppSpnegoToken = pSpnegoToken; - } - - } // IF Init Token Type - - // Cleanup on error condition - if (SPNEGO_E_SUCCESS != nReturn) { - spnegoFreeData(pSpnegoToken); - } - - } else { - nReturn = SPNEGO_E_OUT_OF_MEMORY; - } - - } // IF Valid parameters - - - LOG(("InitTokenFromBinary returned %d\n", nReturn)); - return nReturn; -} diff --git a/helpers/negotiate_auth/kerberos/spnegohelp/spnegoparse.h b/helpers/negotiate_auth/kerberos/spnegohelp/spnegoparse.h deleted file mode 100644 index 7ea3eca307..0000000000 --- a/helpers/negotiate_auth/kerberos/spnegohelp/spnegoparse.h +++ /dev/null @@ -1,166 +0,0 @@ -// Copyright (C) 2002 Microsoft Corporation -// All rights reserved. -// -// THIS CODE AND INFORMATION IS PROVIDED "AS IS" -// WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -// OR IMPLIED, INCLUDING BUT NOT LIMITED -// TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY -// AND/OR FITNESS FOR A PARTICULAR PURPOSE. -// -// Date - 10/08/2002 -// Author - Sanj Surati - -///////////////////////////////////////////////////////////// -// -// SPNEGOPARSE.H -// -// SPNEGO Token Parser Header File -// -// Contains the definitions required to properly parse a -// SPNEGO token using ASN.1 DER helpers. -// -///////////////////////////////////////////////////////////// - -#ifndef __SPNEGOPARSE_H__ -#define __SPNEGOPARSE_H__ - -// C++ Specific -#if defined(__cplusplus) -extern "C" { -#endif - -// Indicates if we copy data when creating a SPNEGO_TOKEN structure or not -#define SPNEGO_TOKEN_INTERNAL_COPYPTR 0 -#define SPNEGO_TOKEN_INTERNAL_COPYDATA 0x1 - -// Internal flag dictates whether or not we will free the binary data when -// the SPNEG_TOKEN structure is destroyed -#define SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA 0x1 - - // -// Each SPNEGO Token Type can be broken down into a -// maximum of 4 separate elements. -// - -#define MAX_NUM_TOKEN_ELEMENTS 4 - -// -// Element offsets in the array -// - -// INIT elements -#define SPNEGO_INIT_MECHTYPES_ELEMENT 0 -#define SPNEGO_INIT_REQFLAGS_ELEMENT 1 -#define SPNEGO_INIT_MECHTOKEN_ELEMENT 2 -#define SPNEGO_INIT_MECHLISTMIC_ELEMENT 3 - -// Response elements -#define SPNEGO_TARG_NEGRESULT_ELEMENT 0 -#define SPNEGO_TARG_SUPPMECH_ELEMENT 1 -#define SPNEGO_TARG_RESPTOKEN_ELEMENT 2 -#define SPNEGO_TARG_MECHLISTMIC_ELEMENT 3 - -// -// Defines an individual SPNEGO Token Element. -// - - typedef struct SpnegoElement { - size_t nStructSize; // Size of the element structure - int iElementPresent; // Is the field present? Must be either - // SPNEGO_TOKEN_ELEMENT_UNAVAILABLE or - // SPNEGO_TOKEN_ELEMENT_AVAILABLE - - SPNEGO_ELEMENT_TYPE eElementType; // The Element Type - - unsigned char type; // Data Type - - unsigned char *pbData; // Points to actual Data - - unsigned long nDatalength; // Actual Data Length - - } SPNEGO_ELEMENT; - -// Structure size in case we later choose to extend the structure -#define SPNEGO_ELEMENT_SIZE sizeof(SPNEGO_ELEMENT) - -// -// Packages a SPNEGO Token Encoding. There are two types of -// encodings: NegTokenInit and NegTokenTarg. Each encoding can -// contain up to four distinct, optional elements. -// - - typedef struct SpnegoToken { - size_t nStructSize; // Size of the Token structure - unsigned long ulFlags; // Internal Structure Flags - Reserved! - int ucTokenType; // Token Type - Must be - // SPNEGO_TOKEN_INIT or - // SPNEGO_TOKEN_TARG - - unsigned char *pbBinaryData; // Points to binary token data - - unsigned long ulBinaryDataLen; // Length of the actual binary data - int nNumElements; // Number of elements - SPNEGO_ELEMENT aElementArray[MAX_NUM_TOKEN_ELEMENTS]; // Holds the elements for the token - } SPNEGO_TOKEN; - -// Structure size in case we later choose to extend the structure -#define SPNEGO_TOKEN_SIZE sizeof(SPNEGO_TOKEN) - -// -// Function definitions -// - - SPNEGO_TOKEN *AllocEmptySpnegoToken(unsigned char ucCopyData, - unsigned long ulFlags, unsigned char *pbTokenData, - unsigned long ulTokenSize); - void FreeSpnegoToken(SPNEGO_TOKEN * pSpnegoToken); - void InitSpnegoTokenElementArray(SPNEGO_TOKEN * pSpnegoToken); - int InitSpnegoTokenType(SPNEGO_TOKEN * pSpnegoToken, long *pnTokenLength, - long *pnRemainingTokenLength, unsigned char **ppbFirstElement); - int InitSpnegoTokenElements(SPNEGO_TOKEN * pSpnegoToken, - unsigned char *pbTokenData, long nRemainingTokenLength); - int GetSpnegoInitTokenMechList(unsigned char *pbTokenData, - int nMechListLength, SPNEGO_ELEMENT * pSpnegoElement); - int InitSpnegoTokenElementFromBasicType(unsigned char *pbTokenData, - int nElementLength, unsigned char ucExpectedType, - SPNEGO_ELEMENT_TYPE spnegoElementType, SPNEGO_ELEMENT * pSpnegoElement); - int InitSpnegoTokenElementFromOID(unsigned char *pbTokenData, - int nElementLength, SPNEGO_ELEMENT_TYPE spnegoElementType, - SPNEGO_ELEMENT * pSpnegoElement); - int FindMechOIDInMechList(SPNEGO_ELEMENT * pSpnegoElement, - SPNEGO_MECH_OID MechOID, int *piMechTypeIndex); - int ValidateMechList(unsigned char *pbMechListData, long nBoundaryLength); - int CalculateMinSpnegoInitTokenSize(long nMechTokenLength, - long nMechListMICLength, SPNEGO_MECH_OID mechOid, - int nReqFlagsAvailable, long *plTokenSize, long *plInternalLength); - int CalculateMinSpnegoTargTokenSize(SPNEGO_MECH_OID MechType, - SPNEGO_NEGRESULT spnegoNegResult, long nMechTokenLen, - long nMechTokenMIC, long *pnTokenSize, long *pnInternalTokenLength); - int CreateSpnegoInitToken(SPNEGO_MECH_OID MechType, - unsigned char ucContextFlags, unsigned char *pbMechToken, - unsigned long ulMechTokenLen, unsigned char *pbMechListMIC, - unsigned long ulMechListMICLen, unsigned char *pbTokenData, - long nTokenLength, long nInternalTokenLength); - int CreateSpnegoTargToken(SPNEGO_MECH_OID MechType, - SPNEGO_NEGRESULT eNegResult, unsigned char *pbMechToken, - unsigned long ulMechTokenLen, unsigned char *pbMechListMIC, - unsigned long ulMechListMICLen, unsigned char *pbTokenData, - long nTokenLength, long nInternalTokenLength); - int IsValidMechOid(SPNEGO_MECH_OID mechOid); - int IsValidContextFlags(unsigned char ucContextFlags); - int IsValidNegResult(SPNEGO_NEGRESULT negResult); - int IsValidSpnegoToken(SPNEGO_TOKEN * pSpnegoToken); - int IsValidSpnegoElement(SPNEGO_TOKEN * pSpnegoToken, - SPNEGO_ELEMENT_TYPE spnegoElement); - int CalculateElementArrayIndex(SPNEGO_TOKEN * pSpnegoToken, - SPNEGO_ELEMENT_TYPE spnegoElement); - int InitTokenFromBinary(unsigned char ucCopyData, unsigned long ulFlags, - unsigned char *pbTokenData, unsigned long ulLength, - SPNEGO_TOKEN ** ppSpnegoToken); - - // C++ Specific -#if defined(__cplusplus) -} -#endif - -#endif -- 2.47.3