#ifdef GSSAPI
#include <dst/gssapi.h>
#ifdef WIN32
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_krb5.h>
#include <krb5/krb5.h>
#else /* ifdef WIN32 */
+#include ISC_PLATFORM_GSSAPIHEADER
+#ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER
+#include ISC_PLATFORM_GSSAPI_KRB5_HEADER
+#endif /* ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER */
#include ISC_PLATFORM_KRB5HEADER
#endif /* ifdef WIN32 */
#endif /* ifdef GSSAPI */
typedef struct nsu_gssinfo {
dns_message_t *msg;
isc_sockaddr_t *addr;
- gss_ctx_id_t context;
+ dns_gss_ctx_id_t context;
} nsu_gssinfo_t;
static void
start_gssrequest(dns_name_t *master);
static void
send_gssrequest(isc_sockaddr_t *destaddr, dns_message_t *msg,
- dns_request_t **request, gss_ctx_id_t context);
+ dns_request_t **request, dns_gss_ctx_id_t context);
static void
recvgss(isc_task_t *task, isc_event_t *event);
#endif /* GSSAPI */
static void
start_gssrequest(dns_name_t *master) {
- gss_ctx_id_t context;
+ dns_gss_ctx_id_t context;
isc_buffer_t buf;
isc_result_t result;
uint32_t val = 0;
static void
send_gssrequest(isc_sockaddr_t *destaddr, dns_message_t *msg,
- dns_request_t **request, gss_ctx_id_t context) {
+ dns_request_t **request, dns_gss_ctx_id_t context) {
isc_result_t result;
nsu_gssinfo_t *reqinfo;
unsigned int options = 0;
nsu_gssinfo_t *reqinfo;
dns_message_t *tsigquery = NULL;
isc_sockaddr_t *addr;
- gss_ctx_id_t context;
+ dns_gss_ctx_id_t context;
isc_buffer_t buf;
dns_name_t *servname;
dns_fixedname_t fname;
static dns_tsig_keyring_t *ring;
static dns_tsigkey_t *tsigkey = NULL;
-static gss_ctx_id_t gssctx;
-static gss_ctx_id_t *gssctxp = &gssctx;
+static dns_gss_ctx_id_t gssctx;
+static dns_gss_ctx_id_t *gssctxp = &gssctx;
#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
return (result);
}
-gss_ctx_id_t
+dns_gss_ctx_id_t
dst_key_getgssctx(const dst_key_t *key) {
REQUIRE(key != NULL);
}
isc_result_t
-dst_key_fromgssapi(const dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx,
- dst_key_t **keyp, isc_region_t *intoken) {
+dst_key_fromgssapi(const dns_name_t *name, dns_gss_ctx_id_t gssctx,
+ isc_mem_t *mctx, dst_key_t **keyp, isc_region_t *intoken) {
dst_key_t *key;
isc_result_t result;
#include <dst/dst.h>
+#ifdef GSSAPI
+#ifdef WIN32
+/*
+ * MSVC does not like macros in #include lines.
+ */
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_krb5.h>
+#else /* ifdef WIN32 */
+#include ISC_PLATFORM_GSSAPIHEADER
+#ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER
+#include ISC_PLATFORM_GSSAPI_KRB5_HEADER
+#endif /* ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER */
+#endif /* ifdef WIN32 */
+#ifndef GSS_SPNEGO_MECHANISM
+#define GSS_SPNEGO_MECHANISM ((void *)0)
+#endif /* ifndef GSS_SPNEGO_MECHANISM */
+#endif /* ifdef GSSAPI */
+
ISC_LANG_BEGINDECLS
#define KEY_MAGIC ISC_MAGIC('D', 'S', 'T', 'K')
char *label; /*%< engine label (HSM) */
union {
void *generic;
- gss_ctx_id_t gssctx;
+ dns_gss_ctx_id_t gssctx;
DH *dh;
#if USE_OPENSSL
EVP_PKEY *pkey;
isc_buffer_remainingregion(b, &r);
REGION_TO_GBUFFER(r, gssbuffer);
major = gss_import_sec_context(&minor, &gssbuffer,
- &key->keydata.gssctx);
+ (gss_ctx_id_t *)&key->keydata.gssctx);
if (major != GSS_S_COMPLETE) {
isc_buffer_free(&b);
return (ISC_R_FAILURE);
isc_region_t r;
isc_result_t result;
- major = gss_export_sec_context(&minor, &key->keydata.gssctx,
- &gssbuffer);
+ major = gss_export_sec_context(
+ &minor, (gss_ctx_id_t *)&key->keydata.gssctx, &gssbuffer);
if (major != GSS_S_COMPLETE) {
fprintf(stderr, "gss_export_sec_context -> %u, %u\n", major,
minor);
}
static void
-log_cred(const gss_cred_id_t cred) {
+log_cred(const dns_gss_cred_id_t cred) {
OM_uint32 gret, minor, lifetime;
gss_name_t gname;
gss_buffer_desc gbuffer;
const char *usage_text;
char buf[1024];
- gret = gss_inquire_cred(&minor, cred, &gname, &lifetime, &usage, NULL);
+ gret = gss_inquire_cred(&minor, (gss_cred_id_t)cred, &gname, &lifetime,
+ &usage, NULL);
if (gret != GSS_S_COMPLETE) {
gss_log(3, "failed gss_inquire_cred: %s",
gss_error_tostring(gret, minor, buf, sizeof(buf)));
isc_result_t
dst_gssapi_acquirecred(const dns_name_t *name, bool initiate,
- gss_cred_id_t *cred) {
+ dns_gss_cred_id_t *cred) {
#ifdef GSSAPI
isc_result_t result;
isc_buffer_t namebuf;
}
gret = gss_acquire_cred(&minor, gname, GSS_C_INDEFINITE, &mech_oid_set,
- usage, cred, NULL, &lifetime);
+ usage, (gss_cred_id_t *)cred, NULL, &lifetime);
if (gret != GSS_S_COMPLETE) {
gss_log(3, "failed to acquire %s credentials for %s: %s",
}
isc_result_t
-dst_gssapi_releasecred(gss_cred_id_t *cred) {
+dst_gssapi_releasecred(dns_gss_cred_id_t *cred) {
#ifdef GSSAPI
OM_uint32 gret, minor;
char buf[1024];
REQUIRE(cred != NULL && *cred != NULL);
- gret = gss_release_cred(&minor, cred);
+ gret = gss_release_cred(&minor, (gss_cred_id_t *)cred);
if (gret != GSS_S_COMPLETE) {
/* Log the error, but still free the credential's memory */
gss_log(3, "failed releasing credential: %s",
isc_result_t
dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
- isc_buffer_t *outtoken, gss_ctx_id_t *gssctx,
+ isc_buffer_t *outtoken, dns_gss_ctx_id_t *gssctx,
isc_mem_t *mctx, char **err_message) {
#ifdef GSSAPI
isc_region_t r;
*/
flags = GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG;
- gret = gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, gssctx, gname,
- GSS_SPNEGO_MECHANISM, flags, 0, NULL,
- gintokenp, NULL, &gouttoken, &ret_flags,
- NULL);
+ gret = gss_init_sec_context(
+ &minor, GSS_C_NO_CREDENTIAL, (gss_ctx_id_t *)gssctx, gname,
+ GSS_SPNEGO_MECHANISM, flags, 0, NULL, gintokenp, NULL,
+ &gouttoken, &ret_flags, NULL);
if (gret != GSS_S_COMPLETE && gret != GSS_S_CONTINUE_NEEDED) {
gss_err_message(mctx, gret, minor, err_message);
}
isc_result_t
-dst_gssapi_acceptctx(gss_cred_id_t cred, const char *gssapi_keytab,
+dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
isc_region_t *intoken, isc_buffer_t **outtoken,
- gss_ctx_id_t *ctxout, dns_name_t *principal,
+ dns_gss_ctx_id_t *ctxout, dns_name_t *principal,
isc_mem_t *mctx) {
#ifdef GSSAPI
isc_region_t r;
}
isc_result_t
-dst_gssapi_deletectx(isc_mem_t *mctx, gss_ctx_id_t *gssctx) {
+dst_gssapi_deletectx(isc_mem_t *mctx, dns_gss_ctx_id_t *gssctx) {
#ifdef GSSAPI
OM_uint32 gret, minor;
char buf[1024];
REQUIRE(gssctx != NULL && *gssctx != NULL);
/* Delete the context from the GSS provider */
- gret = gss_delete_sec_context(&minor, gssctx, GSS_C_NO_BUFFER);
+ gret = gss_delete_sec_context(&minor, (gss_ctx_id_t *)gssctx,
+ GSS_C_NO_BUFFER);
if (gret != GSS_S_COMPLETE) {
/* Log the error, but still free the context's memory */
gss_log(3, "Failure deleting security context %s",
#define DNS_TKEYMODE_DELETE 5
struct dns_tkeyctx {
- dst_key_t * dhkey;
- dns_name_t * domain;
- gss_cred_id_t gsscred;
- isc_mem_t * mctx;
- char * gssapi_keytab;
+ dst_key_t * dhkey;
+ dns_name_t * domain;
+ dns_gss_cred_id_t gsscred;
+ isc_mem_t * mctx;
+ char * gssapi_keytab;
};
isc_result_t
isc_result_t
dns_tkey_buildgssquery(dns_message_t *msg, const dns_name_t *name,
const dns_name_t *gname, isc_buffer_t *intoken,
- uint32_t lifetime, gss_ctx_id_t *context, bool win2k,
+ uint32_t lifetime, dns_gss_ctx_id_t *context, bool win2k,
isc_mem_t *mctx, char **err_message);
/*%<
* Builds a query containing a TKEY that will generate a GSSAPI context.
isc_result_t
dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg,
- const dns_name_t *gname, gss_ctx_id_t *context,
+ const dns_name_t *gname, dns_gss_ctx_id_t *context,
isc_buffer_t *outtoken, dns_tsigkey_t **outkey,
dns_tsig_keyring_t *ring, char **err_message);
/*%<
isc_result_t
dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
- const dns_name_t *server, gss_ctx_id_t *context,
+ const dns_name_t *server, dns_gss_ctx_id_t *context,
dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring,
bool win2k, char **err_message);
*\li If successful, key will contain a valid private key.
*/
-gss_ctx_id_t
+dns_gss_ctx_id_t
dst_key_getgssctx(const dst_key_t *key);
/*%<
* Returns the opaque key data.
*/
isc_result_t
-dst_key_fromgssapi(const dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx,
- dst_key_t **keyp, isc_region_t *intoken);
+dst_key_fromgssapi(const dns_name_t *name, dns_gss_ctx_id_t gssctx,
+ isc_mem_t *mctx, dst_key_t **keyp, isc_region_t *intoken);
/*%<
* Converts a GSSAPI opaque context id into a DST key.
*
#include <dns/types.h>
-#ifdef GSSAPI
-#ifdef WIN32
-/*
- * MSVC does not like macros in #include lines.
- */
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_krb5.h>
-#else /* ifdef WIN32 */
-#include ISC_PLATFORM_GSSAPIHEADER
-#ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER
-#include ISC_PLATFORM_GSSAPI_KRB5_HEADER
-#endif /* ifdef ISC_PLATFORM_GSSAPI_KRB5_HEADER */
-#endif /* ifdef WIN32 */
-#ifndef GSS_SPNEGO_MECHANISM
-#define GSS_SPNEGO_MECHANISM ((void *)0)
-#endif /* ifndef GSS_SPNEGO_MECHANISM */
-#endif /* ifdef GSSAPI */
+typedef void *dns_gss_cred_id_t;
+typedef void *dns_gss_ctx_id_t;
ISC_LANG_BEGINDECLS
isc_result_t
dst_gssapi_acquirecred(const dns_name_t *name, bool initiate,
- gss_cred_id_t *cred);
+ dns_gss_cred_id_t *cred);
/*
* Acquires GSS credentials.
*
*/
isc_result_t
-dst_gssapi_releasecred(gss_cred_id_t *cred);
+dst_gssapi_releasecred(dns_gss_cred_id_t *cred);
/*
* Releases GSS credentials. Calling this function does release the
* memory allocated for the credential in dst_gssapi_acquirecred()
isc_result_t
dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
- isc_buffer_t *outtoken, gss_ctx_id_t *gssctx,
+ isc_buffer_t *outtoken, dns_gss_ctx_id_t *gssctx,
isc_mem_t *mctx, char **err_message);
/*
* Initiates a GSS context.
* there isn't one
* 'outtoken' is a buffer to receive the token generated by
* gss_init_sec_context() to be sent to the acceptor
- * 'context' is a pointer to a valid gss_ctx_id_t
+ * 'context' is a pointer to a valid dns_gss_ctx_id_t
* (which may have the value GSS_C_NO_CONTEXT)
*
* Returns:
*/
isc_result_t
-dst_gssapi_acceptctx(gss_cred_id_t cred, const char *gssapi_keytab,
+dst_gssapi_acceptctx(dns_gss_cred_id_t cred, const char *gssapi_keytab,
isc_region_t *intoken, isc_buffer_t **outtoken,
- gss_ctx_id_t *context, dns_name_t *principal,
+ dns_gss_ctx_id_t *context, dns_name_t *principal,
isc_mem_t *mctx);
/*
* Accepts a GSS context.
* initiator
* 'context' is a valid pointer to receive the generated context handle.
* On the initial call, it should be a pointer to NULL, which
- * will be allocated as a gss_ctx_id_t. Subsequent calls
+ * will be allocated as a dns_gss_ctx_id_t. Subsequent calls
* should pass in the handle generated on the first call.
* Call dst_gssapi_releasecred to delete the context and free
* the memory.
*/
isc_result_t
-dst_gssapi_deletectx(isc_mem_t *mctx, gss_ctx_id_t *gssctx);
+dst_gssapi_deletectx(isc_mem_t *mctx, dns_gss_ctx_id_t *gssctx);
/*
* Destroys a GSS context. This function deletes the context from the GSS
* provider and then frees the memory used by the context pointer.
isc_stdtime_t now;
isc_region_t intoken;
isc_buffer_t *outtoken = NULL;
- gss_ctx_id_t gss_ctx = NULL;
+ dns_gss_ctx_id_t gss_ctx = NULL;
/*
* You have to define either a gss credential (principal) to
isc_result_t
dns_tkey_buildgssquery(dns_message_t *msg, const dns_name_t *name,
const dns_name_t *gname, isc_buffer_t *intoken,
- uint32_t lifetime, gss_ctx_id_t *context, bool win2k,
+ uint32_t lifetime, dns_gss_ctx_id_t *context, bool win2k,
isc_mem_t *mctx, char **err_message) {
dns_rdata_tkey_t tkey;
isc_result_t result;
isc_result_t
dns_tkey_processgssresponse(dns_message_t *qmsg, dns_message_t *rmsg,
- const dns_name_t *gname, gss_ctx_id_t *context,
+ const dns_name_t *gname, dns_gss_ctx_id_t *context,
isc_buffer_t *outtoken, dns_tsigkey_t **outkey,
dns_tsig_keyring_t *ring, char **err_message) {
dns_rdata_t rtkeyrdata = DNS_RDATA_INIT, qtkeyrdata = DNS_RDATA_INIT;
isc_result_t
dns_tkey_gssnegotiate(dns_message_t *qmsg, dns_message_t *rmsg,
- const dns_name_t *server, gss_ctx_id_t *context,
+ const dns_name_t *server, dns_gss_ctx_id_t *context,
dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring,
bool win2k, char **err_message) {
dns_rdata_t rtkeyrdata = DNS_RDATA_INIT, qtkeyrdata = DNS_RDATA_INIT;
projects / thirdparty / bind9.git / commitdiff
