Lines Matching refs:text
186 #define sasl_gss_log(x,y,z) sasl_gss_seterror_(text,y,z,1)
187 #define sasl_gss_seterror(x,y,z) sasl_gss_seterror_(text,y,z,0)
189 sasl_gss_seterror_(const context_t *text, OM_uint32 maj, OM_uint32 min,
203 const sasl_utils_t *utils = text->utils;
222 GSS_C_GSS_CODE, text->mech_oid,
230 utils->log(text->utils->conn, SASL_LOG_FAIL,
284 GSS_C_MECH_CODE, text->mech_oid,
292 utils->log(text->utils->conn, SASL_LOG_FAIL,
342 utils->log(text->utils->conn, SASL_LOG_FAIL, out);
356 context_t *text = (context_t *)context;
366 ret = _plug_iovec_to_buf(text->utils, invec, numiov, &text->enc_in_buf);
368 inblob = text->enc_in_buf;
375 if (text->state != SASL_GSSAPI_STATE_AUTHENTICATED) return SASL_NOTDONE;
391 text->gss_ctx,
400 sasl_gss_seterror(text->utils, maj_stat, min_stat);
412 ret = _plug_buf_alloc(text->utils, &(text->encode_buf),
413 &(text->encode_buf_len), output_token->length + 4);
424 memcpy(text->encode_buf, &len, 4);
425 memcpy(text->encode_buf + 4, output_token->value, output_token->length);
432 *output = text->encode_buf;
464 context_t *text = (context_t *) context;
471 if (text->state != SASL_GSSAPI_STATE_AUTHENTICATED) {
473 SETERROR(text->utils, gettext("GSSAPI Failure"));
475 SETERROR(text->utils, "GSSAPI Failure");
481 if (text->needsize > 0) {
483 int tocopy = myMIN(text->needsize, *inputlen);
485 memcpy(text->sizebuf + 4 - text->needsize, *input, tocopy);
486 text->needsize -= tocopy;
490 if (text->needsize == 0) {
492 memcpy(&text->size, text->sizebuf, 4);
493 text->size = ntohl(text->size);
494 text->cursize = 0;
497 if (text->size > 0xFFFFFF) {
498 text->utils->log(text->utils->conn, SASL_LOG_ERR,
501 if (text->size > 0xFFFFFF || text->size <= 0) {
502 SETERROR(text->utils, "Illegal size in sasl_gss_decode_once");
507 if (text->bufsize < text->size + 5) {
508 result = _plug_buf_alloc(text->utils, &text->buffer,
509 &(text->bufsize), text->size+5);
522 diff = text->size - text->cursize;
526 memcpy(text->buffer + text->cursize, *input, *inputlen);
527 text->cursize += *inputlen;
533 memcpy(text->buffer + text->cursize, *input, diff);
539 real_input_token.value = text->buffer;
540 real_input_token.length = text->size;
552 text->gss_ctx,
560 sasl_gss_seterror(text->utils, maj_stat, min_stat);
574 result = _plug_buf_alloc(text->utils, &text->decode_once_buf,
575 &text->decode_once_buf_len,
584 *output = text->decode_once_buf;
595 text->size = -1;
597 text->needsize = 4;
606 context_t *text = (context_t *) context;
609 ret = _plug_decode(text->utils, context, input, inputlen,
610 &text->decode_buf, &text->decode_buf_len, outputlen,
613 *output = text->decode_buf;
644 static void sasl_gss_free_context_contents(context_t *text)
648 if (!text) return;
650 if (text->gss_ctx != GSS_C_NO_CONTEXT) {
651 maj_stat = gss_delete_sec_context (&min_stat,&text->gss_ctx,GSS_C_NO_BUFFER);
652 text->gss_ctx = GSS_C_NO_CONTEXT;
655 if (text->client_name != GSS_C_NO_NAME) {
656 maj_stat = gss_release_name(&min_stat,&text->client_name);
657 text->client_name = GSS_C_NO_NAME;
660 if (text->server_name != GSS_C_NO_NAME) {
661 maj_stat = gss_release_name(&min_stat,&text->server_name);
662 text->server_name = GSS_C_NO_NAME;
665 if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
666 maj_stat = gss_release_cred(&min_stat, &text->server_creds);
667 text->server_creds = GSS_C_NO_CREDENTIAL;
671 if ( text->client_creds != GSS_C_NO_CREDENTIAL) {
672 maj_stat = gss_release_cred(&min_stat, &text->client_creds);
673 text->client_creds = GSS_C_NO_CREDENTIAL;
682 if (text->out_buf) {
683 text->utils->free(text->out_buf);
684 text->out_buf = NULL;
687 if (text->encode_buf) {
688 text->utils->free(text->encode_buf);
689 text->encode_buf = NULL;
692 if (text->decode_buf) {
693 text->utils->free(text->decode_buf);
694 text->decode_buf = NULL;
697 if (text->decode_once_buf) {
698 text->utils->free(text->decode_once_buf);
699 text->decode_once_buf = NULL;
702 if (text->enc_in_buf) {
703 if(text->enc_in_buf->data) text->utils->free(text->enc_in_buf->data);
704 text->utils->free(text->enc_in_buf);
705 text->enc_in_buf = NULL;
708 if (text->buffer) {
709 text->utils->free(text->buffer);
710 text->buffer = NULL;
713 if (text->authid) { /* works for both client and server */
714 text->utils->free(text->authid);
715 text->authid = NULL;
738 add_mech_to_set(context_t *text, gss_OID_set *desired_mechs)
745 sasl_gss_seterror(text->utils, maj_stat, min_stat);
746 sasl_gss_free_context_contents(text);
750 maj_stat = gss_add_oid_set_member(&min_stat, text->mech_oid, desired_mechs);
752 sasl_gss_seterror(text->utils, maj_stat, min_stat);
753 sasl_gss_free_context_contents(text);
790 context_t *text;
796 text = gss_new_context(params->utils);
800 if (text == NULL) {
807 text->gss_ctx = GSS_C_NO_CONTEXT;
808 text->client_name = GSS_C_NO_NAME;
809 text->server_name = GSS_C_NO_NAME;
810 text->server_creds = GSS_C_NO_CREDENTIAL;
811 text->state = SASL_GSSAPI_STATE_AUTHNEG;
813 *conn_context = text;
827 context_t *text = (context_t *)conn_context;
844 PARAMERROR(text->utils);
851 switch (text->state) {
854 if (text->server_name == GSS_C_NO_NAME) { /* only once */
858 MEMERROR(text->utils);
859 sasl_gss_free_context_contents(text);
872 &text->server_name);
878 sasl_gss_seterror(text->utils, maj_stat, min_stat);
879 sasl_gss_free_context_contents(text);
883 if ( text->server_creds != GSS_C_NO_CREDENTIAL) {
884 maj_stat = gss_release_cred(&min_stat, &text->server_creds);
885 text->server_creds = GSS_C_NO_CREDENTIAL;
889 if (text->mech_oid != GSS_C_NULL_OID) {
890 ret = add_mech_to_set(text, &desired_mechs);
897 text->server_name,
905 &text->server_creds,
917 sasl_gss_seterror(text->utils, maj_stat, min_stat);
918 sasl_gss_free_context_contents(text);
930 &(text->gss_ctx),
931 text->server_creds,
934 &text->client_name,
944 sasl_gss_log(text->utils, maj_stat, min_stat);
945 text->utils->seterror(text->utils->conn, SASL_NOLOG,
954 text->utils->seterror(text->utils->conn, SASL_NOLOG, "GSSAPI Failure: gss_accept_sec_context");
955 text->utils->log(NULL, SASL_LOG_DEBUG, "GSSAPI Failure: gss_accept_sec_context");
957 sasl_gss_free_context_contents(text);
965 ret = _plug_buf_alloc(text->utils, &(text->out_buf),
966 &(text->out_buf_len), *serveroutlen);
971 memcpy(text->out_buf, output_token->value, *serveroutlen);
972 *serverout = text->out_buf;
987 text->state = SASL_GSSAPI_STATE_SSFCAP;
1009 text->client_name,
1026 SETERROR(text->utils, gettext("GSSAPI Failure"));
1028 SETERROR(text->utils, "GSSAPI Failure");
1030 sasl_gss_free_context_contents(text);
1044 MEMERROR(text->utils);
1072 SETERROR(text->utils, "GSSAPI Failure");
1073 sasl_gss_free_context_contents(text);
1078 text->client_name,
1088 SETERROR(text->utils, "GSSAPI Failure");
1089 sasl_gss_free_context_contents(text);
1099 text->authid = strdup(name_without_realm.value);
1101 if (text->authid == NULL) {
1106 text->authid = strdup(name_token.value);
1108 if (text->authid == NULL) {
1116 &text->authid, NULL);
1135 text->limitssf = 0;
1137 text->limitssf = params->props.max_ssf - params->external_ssf;
1140 text->requiressf = 0;
1142 text->requiressf = params->props.min_ssf - params->external_ssf;
1156 if(text->requiressf != 0 && !params->props.maxbufsize) {
1167 if (text->requiressf == 0) {
1170 if (text->requiressf <= 1 && text->limitssf >= 1
1174 if (text->requiressf <= 56 && text->limitssf >= 56
1183 text->gss_ctx,
1191 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1194 sasl_gss_free_context_contents(text);
1203 ret = _plug_buf_alloc(text->utils, &(text->out_buf),
1204 &(text->out_buf_len), *serveroutlen);
1209 memcpy(text->out_buf, output_token->value, *serveroutlen);
1210 *serverout = text->out_buf;
1217 text->state = SASL_GSSAPI_STATE_SSFREQ;
1229 text->gss_ctx,
1236 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1237 sasl_gss_free_context_contents(text);
1244 if (layerchoice == 1 && text->requiressf == 0) { /* no encryption */
1248 } else if (layerchoice == 2 && text->requiressf <= 1 &&
1249 text->limitssf >= 1) { /* integrity */
1253 } else if (layerchoice == 4 && text->requiressf <= 56 &&
1254 text->limitssf >= 56) { /* privacy */
1261 text->utils->log(text->utils->conn, SASL_LOG_ERR,
1264 SETERROR(text->utils,
1271 sasl_gss_free_context_contents(text);
1284 sasl_gss_free_context_contents(text);
1289 text->authid,
1290 0, /* strlen(text->authid) */
1293 sasl_gss_free_context_contents(text);
1301 text->authid,
1302 0, /* strlen(text->authid) */
1307 sasl_gss_free_context_contents(text);
1312 text->utils->log(text->utils->conn, SASL_LOG_ERR,
1315 SETERROR(text->utils,
1319 sasl_gss_free_context_contents(text);
1333 text->gss_ctx,
1339 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1341 sasl_gss_free_context_contents(text);
1364 text->state = SASL_GSSAPI_STATE_AUTHENTICATED;
1373 params->utils->log(text->utils->conn, SASL_LOG_ERR,
1374 "Invalid GSSAPI server step %d", text->state);
1377 "Invalid GSSAPI server step %d\n", text->state);
1513 context_t *text;
1523 text = gss_new_context(params->utils);
1527 if (text == NULL) {
1534 text->state = SASL_GSSAPI_STATE_AUTHNEG;
1535 text->gss_ctx = GSS_C_NO_CONTEXT;
1536 text->client_name = GSS_C_NO_NAME;
1537 text->server_creds = GSS_C_NO_CREDENTIAL;
1542 text->use_authid = (use_authid != NULL) &&
1546 *conn_context = text;
1560 context_t *text = (context_t *)conn_context;
1579 switch (text->state) {
1584 if (text->user == NULL ||
1585 (text->use_authid && text->client_authid == NULL)) {
1589 if (text->use_authid && text->client_authid == NULL) {
1591 &text->client_authid,
1596 sasl_gss_free_context_contents(text);
1600 if (text->user == NULL) {
1601 user_result = _plug_get_userid(params->utils, &text->user,
1606 sasl_gss_free_context_contents(text);
1611 if (text->user == NULL) {
1614 user_result = _plug_get_userid(params->utils, &text->user,
1618 sasl_gss_free_context_contents(text);
1635 int result = _plug_make_prompts(params->utils, &text->h,
1638 convert_prompt(params->utils, &text->h,
1642 convert_prompt(params->utils, &text->h,
1683 if (text->server_name == GSS_C_NO_NAME) { /* only once */
1687 sasl_gss_free_context_contents(text);
1693 text->utils->log(text->utils->conn, SASL_LOG_ERR,
1696 SETERROR(text->utils, "GSSAPI Failure: no serverFQDN");
1711 &text->server_name);
1717 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1718 sasl_gss_free_context_contents(text);
1730 else if (text->gss_ctx != GSS_C_NO_CONTEXT ) {
1735 maj_stat = gss_delete_sec_context (&min_stat,&text->gss_ctx,GSS_C_NO_BUFFER);
1736 text->gss_ctx = GSS_C_NO_CONTEXT;
1751 if (text->use_authid && text->client_creds == GSS_C_NO_CREDENTIAL) {
1755 name_token.length = strlen(text->client_authid);
1756 name_token.value = (char *)text->client_authid;
1765 &text->client_name);
1767 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1768 sasl_gss_free_context_contents(text);
1772 if (text->mech_oid != GSS_C_NULL_OID) {
1773 ret = add_mech_to_set(text, &desired_mechs);
1779 text->client_name,
1783 &text->client_creds,
1793 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1794 sasl_gss_free_context_contents(text);
1802 text->client_creds,
1806 &text->gss_ctx,
1807 text->server_name,
1809 text->mech_oid,
1823 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1826 sasl_gss_free_context_contents(text);
1834 ret = _plug_buf_alloc(text->utils, &(text->out_buf),
1835 &(text->out_buf_len), *clientoutlen);
1840 memcpy(text->out_buf, output_token->value, *clientoutlen);
1841 *clientout = text->out_buf;
1849 text->gss_ctx,
1850 &text->client_name,
1859 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1860 sasl_gss_free_context_contents(text);
1866 text->client_name,
1874 SETERROR(text->utils, gettext("GSSAPI Failure"));
1876 SETERROR(text->utils, "GSSAPI Failure");
1878 sasl_gss_free_context_contents(text);
1882 if (text->user && text->user[0]) {
1884 text->user, 0,
1901 text->state = SASL_GSSAPI_STATE_SSFCAP;
1916 text->gss_ctx,
1923 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1924 sasl_gss_free_context_contents(text);
1978 sasl_gss_free_context_contents(text);
1991 text->gss_ctx,
1997 sasl_gss_seterror(text->utils, maj_stat, min_stat);
1999 sasl_gss_free_context_contents(text);
2027 if (text->user && text->user[0])
2036 sasl_gss_free_context_contents(text);
2061 text->gss_ctx,
2072 sasl_gss_seterror(text->utils, maj_stat, min_stat);
2075 sasl_gss_free_context_contents(text);
2083 ret = _plug_buf_alloc(text->utils, &(text->out_buf),
2084 &(text->out_buf_len), *clientoutlen);
2089 memcpy(text->out_buf, output_token->value, *clientoutlen);
2090 *clientout = text->out_buf;
2096 text->state = SASL_GSSAPI_STATE_AUTHENTICATED;
2106 "Invalid GSSAPI client step %d", text->state);
2109 "Invalid GSSAPI client step %d\n", text->state);