diff options
Diffstat (limited to 'third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c')
-rw-r--r-- | third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c | 186 |
1 files changed, 186 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c b/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c new file mode 100644 index 00000000000..d790d08e1d6 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c @@ -0,0 +1,186 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "netlogon.h" +#include <gssapi_spi.h> + +OM_uint32 +_netlogon_acquire_cred(OM_uint32 * min_stat, + gss_const_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t * output_cred_handle, + gss_OID_set * actual_mechs, + OM_uint32 * time_rec) +{ + OM_uint32 ret; + gssnetlogon_cred cred; + + /* only initiator support so far */ + if (cred_usage != GSS_C_INITIATE) + return GSS_S_FAILURE; + + if (desired_name == GSS_C_NO_NAME) + return GSS_S_BAD_NAME; + + cred = (gssnetlogon_cred)calloc(1, sizeof(*cred)); + if (cred == NULL) { + *min_stat = ENOMEM; + return GSS_S_FAILURE; + } + cred->SignatureAlgorithm = NL_SIGN_ALG_HMAC_MD5; + cred->SealAlgorithm = NL_SEAL_ALG_RC4; + + ret = _netlogon_duplicate_name(min_stat, desired_name, + (gss_name_t *)&cred->Name); + if (GSS_ERROR(ret)) { + free(cred); + return ret; + } + + *output_cred_handle = (gss_cred_id_t)cred; + if (actual_mechs != NULL) + *actual_mechs = GSS_C_NO_OID_SET; + if (time_rec != NULL) + *time_rec = GSS_C_INDEFINITE; + + return GSS_S_COMPLETE; +} + +OM_uint32 +_netlogon_acquire_cred_ex(gss_status_id_t status, + gss_const_name_t desired_name, + OM_uint32 flags, + OM_uint32 time_req, + gss_cred_usage_t cred_usage, + gss_auth_identity_t identity, + void *ctx, + void (*complete)(void *, OM_uint32, gss_status_id_t, gss_cred_id_t, OM_uint32)) +{ + return GSS_S_UNAVAILABLE; +} + +/* + * value contains 16 byte session key + */ +static OM_uint32 +_netlogon_set_session_key(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_buffer_t value) +{ + gssnetlogon_cred cred; + + if (*cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + cred = (gssnetlogon_cred)*cred_handle; + + if (value->length != sizeof(cred->SessionKey)) { + *minor_status = ERANGE; + return GSS_S_FAILURE; + } + + memcpy(cred->SessionKey, value->value, value->length); + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +/* + * value contains 16 bit little endian encoded seal algorithm + */ +static OM_uint32 +_netlogon_set_sign_algorithm(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_buffer_t value) +{ + gssnetlogon_cred cred; + uint16_t alg; + const uint8_t *p; + + if (*cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + cred = (gssnetlogon_cred)*cred_handle; + + if (value->length != 2) { + *minor_status = ERANGE; + return GSS_S_FAILURE; + } + + p = (const uint8_t *)value->value; + alg = (p[0] << 0) | (p[1] << 8); + + if (alg != NL_SIGN_ALG_HMAC_MD5 && alg != NL_SIGN_ALG_SHA256) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + cred->SignatureAlgorithm = alg; + if (alg == NL_SIGN_ALG_SHA256) + cred->SealAlgorithm = NL_SEAL_ALG_AES128; + else + cred->SealAlgorithm = NL_SEAL_ALG_RC4; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +_netlogon_set_cred_option + (OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + if (value == GSS_C_NO_BUFFER) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (gss_oid_equal(desired_object, GSS_NETLOGON_SET_SESSION_KEY_X)) + return _netlogon_set_session_key(minor_status, cred_handle, value); + else if (gss_oid_equal(desired_object, GSS_NETLOGON_SET_SIGN_ALGORITHM_X)) + return _netlogon_set_sign_algorithm(minor_status, cred_handle, value); + + *minor_status = EINVAL; + return GSS_S_FAILURE; +} + |