summaryrefslogtreecommitdiff
path: root/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c')
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c186
1 files changed, 186 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c b/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c
new file mode 100644
index 00000000000..d790d08e1d6
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c
@@ -0,0 +1,186 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+#include <gssapi_spi.h>
+
+OM_uint32
+_netlogon_acquire_cred(OM_uint32 * min_stat,
+ gss_const_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t * output_cred_handle,
+ gss_OID_set * actual_mechs,
+ OM_uint32 * time_rec)
+{
+ OM_uint32 ret;
+ gssnetlogon_cred cred;
+
+ /* only initiator support so far */
+ if (cred_usage != GSS_C_INITIATE)
+ return GSS_S_FAILURE;
+
+ if (desired_name == GSS_C_NO_NAME)
+ return GSS_S_BAD_NAME;
+
+ cred = (gssnetlogon_cred)calloc(1, sizeof(*cred));
+ if (cred == NULL) {
+ *min_stat = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ cred->SignatureAlgorithm = NL_SIGN_ALG_HMAC_MD5;
+ cred->SealAlgorithm = NL_SEAL_ALG_RC4;
+
+ ret = _netlogon_duplicate_name(min_stat, desired_name,
+ (gss_name_t *)&cred->Name);
+ if (GSS_ERROR(ret)) {
+ free(cred);
+ return ret;
+ }
+
+ *output_cred_handle = (gss_cred_id_t)cred;
+ if (actual_mechs != NULL)
+ *actual_mechs = GSS_C_NO_OID_SET;
+ if (time_rec != NULL)
+ *time_rec = GSS_C_INDEFINITE;
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_netlogon_acquire_cred_ex(gss_status_id_t status,
+ gss_const_name_t desired_name,
+ OM_uint32 flags,
+ OM_uint32 time_req,
+ gss_cred_usage_t cred_usage,
+ gss_auth_identity_t identity,
+ void *ctx,
+ void (*complete)(void *, OM_uint32, gss_status_id_t, gss_cred_id_t, OM_uint32))
+{
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ * value contains 16 byte session key
+ */
+static OM_uint32
+_netlogon_set_session_key(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_buffer_t value)
+{
+ gssnetlogon_cred cred;
+
+ if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ cred = (gssnetlogon_cred)*cred_handle;
+
+ if (value->length != sizeof(cred->SessionKey)) {
+ *minor_status = ERANGE;
+ return GSS_S_FAILURE;
+ }
+
+ memcpy(cred->SessionKey, value->value, value->length);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * value contains 16 bit little endian encoded seal algorithm
+ */
+static OM_uint32
+_netlogon_set_sign_algorithm(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_buffer_t value)
+{
+ gssnetlogon_cred cred;
+ uint16_t alg;
+ const uint8_t *p;
+
+ if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ cred = (gssnetlogon_cred)*cred_handle;
+
+ if (value->length != 2) {
+ *minor_status = ERANGE;
+ return GSS_S_FAILURE;
+ }
+
+ p = (const uint8_t *)value->value;
+ alg = (p[0] << 0) | (p[1] << 8);
+
+ if (alg != NL_SIGN_ALG_HMAC_MD5 && alg != NL_SIGN_ALG_SHA256) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ cred->SignatureAlgorithm = alg;
+ if (alg == NL_SIGN_ALG_SHA256)
+ cred->SealAlgorithm = NL_SEAL_ALG_AES128;
+ else
+ cred->SealAlgorithm = NL_SEAL_ALG_RC4;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_netlogon_set_cred_option
+ (OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ if (value == GSS_C_NO_BUFFER) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ if (gss_oid_equal(desired_object, GSS_NETLOGON_SET_SESSION_KEY_X))
+ return _netlogon_set_session_key(minor_status, cred_handle, value);
+ else if (gss_oid_equal(desired_object, GSS_NETLOGON_SET_SIGN_ALGORITHM_X))
+ return _netlogon_set_sign_algorithm(minor_status, cred_handle, value);
+
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+}
+
View Lorry Controller Status