spnego.c revision 07a4f0eace3b7b919936a342f63545b1b35eefe9
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff/*
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * Copyright (C) 2006-2011 Internet Systems Consortium, Inc. ("ISC")
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff *
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * Permission to use, copy, modify, and/or distribute this software for any
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * purpose with or without fee is hereby granted, provided that the above
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * copyright notice and this permission notice appear in all copies.
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff *
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * PERFORMANCE OF THIS SOFTWARE.
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff */
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff/* $Id: spnego.c,v 1.20 2011/08/29 04:15:50 marka Exp $ */
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff/*! \file
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * \brief
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * Portable SPNEGO implementation.
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * This is part of a portable implementation of the SPNEGO protocol
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * (RFCs 2478 and 4178). This implementation uses the RFC 4178 ASN.1
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * module but is not a full implementation of the RFC 4178 protocol;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * at the moment, we only support GSS-TSIG with Kerberos
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * authentication, so we only need enough of the SPNEGO protocol to
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * support that.
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff *
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * The files that make up this portable SPNEGO implementation are:
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * \li spnego.c (this file)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * \li spnego.h (API SPNEGO exports to the rest of lib/dns)
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * \li spnego.asn1 (SPNEGO ASN.1 module)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff * \li spnego_asn1.c (routines generated from spngo.asn1)
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff * \li spnego_asn1.pl (perl script to generate spnego_asn1.c)
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff *
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff * Everything but the functions exported in spnego.h is static, to
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * avoid possible conflicts with other libraries (particularly Heimdal,
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * since much of this code comes from Heimdal by way of mod_auth_kerb).
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff *
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff * spnego_asn1.c is shipped as part of lib/dns because generating it
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * requires both Perl and the Heimdal ASN.1 compiler. See
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff * spnego_asn1.pl for further details. We've tried to eliminate all
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff * compiler warnings from the generated code, but you may see a few
439c0011e642fb1d26011116144af698125262dbMichael Graff * when using a compiler version we haven't tested yet.
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff */
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff/*
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff * Portions of this code were derived from mod_auth_kerb and Heimdal.
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff * These packages are available from:
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff *
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff * http://modauthkerb.sourceforge.net/
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff * http://www.pdc.kth.se/heimdal/
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff *
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff * and were released under the following licenses:
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff *
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff * ----------------------------------------------------------------
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff *
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * Copyright (c) 2004 Masarykova universita
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * (Masaryk University, Brno, Czech Republic)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * All rights reserved.
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff * Redistribution and use in source and binary forms, with or without
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff * modification, are permitted provided that the following conditions are met:
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * 1. Redistributions of source code must retain the above copyright notice,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * this list of conditions and the following disclaimer.
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff *
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * 2. Redistributions in binary form must reproduce the above copyright
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * notice, this list of conditions and the following disclaimer in the
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff * documentation and/or other materials provided with the distribution.
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff *
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * 3. Neither the name of the University nor the names of its contributors may
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * be used to endorse or promote products derived from this software
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * without specific prior written permission.
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff *
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
439c0011e642fb1d26011116144af698125262dbMichael Graff * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * POSSIBILITY OF SUCH DAMAGE.
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff *
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * ----------------------------------------------------------------
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff *
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * (Royal Institute of Technology, Stockholm, Sweden).
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * All rights reserved.
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff *
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff * Redistribution and use in source and binary forms, with or without
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff * modification, are permitted provided that the following conditions
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff * are met:
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff *
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff * 1. Redistributions of source code must retain the above copyright
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff * notice, this list of conditions and the following disclaimer.
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff *
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff * 2. Redistributions in binary form must reproduce the above copyright
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff * notice, this list of conditions and the following disclaimer in the
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff * documentation and/or other materials provided with the distribution.
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff *
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * 3. Neither the name of the Institute nor the names of its contributors
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * may be used to endorse or promote products derived from this software
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * without specific prior written permission.
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff *
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
439c0011e642fb1d26011116144af698125262dbMichael Graff * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * SUCH DAMAGE.
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff */
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff/*
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * XXXSRA We should omit this file entirely in Makefile.in via autoconf,
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * but this will keep it from generating errors until that's written.
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff */
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#ifdef GSSAPI
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff/*
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * XXXSRA Some of the following files are almost certainly unnecessary,
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * but using this list (borrowed from gssapictx.c) gets rid of some
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * whacky compilation errors when building with MSVC and should be
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff * harmless in any case.
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff */
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <config.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <stdlib.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <errno.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <isc/buffer.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <isc/dir.h>
439c0011e642fb1d26011116144af698125262dbMichael Graff#include <isc/entropy.h>
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff#include <isc/lex.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <isc/mem.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <isc/once.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <isc/random.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <isc/string.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <isc/time.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <isc/util.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <dns/fixedname.h>
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff#include <dns/name.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <dns/rdata.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <dns/rdataclass.h>
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff#include <dns/result.h>
439c0011e642fb1d26011116144af698125262dbMichael Graff#include <dns/types.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <dns/keyvalues.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <dns/log.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <dst/gssapi.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include <dst/result.h>
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff#include "dst_internal.h"
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff/*
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * The API we export
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff */
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff#include "spnego.h"
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff/* asn1_err.h */
439c0011e642fb1d26011116144af698125262dbMichael Graff/* Generated from ../../../lib/asn1/asn1_err.et */
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff#ifndef ERROR_TABLE_BASE_asn1
439c0011e642fb1d26011116144af698125262dbMichael Graff/* these may be brought in already via gssapi_krb5.h */
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Grafftypedef enum asn1_error_number {
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_BAD_TIMEFORMAT = 1859794432,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_MISSING_FIELD = 1859794433,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_MISPLACED_FIELD = 1859794434,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_TYPE_MISMATCH = 1859794435,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_OVERFLOW = 1859794436,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_OVERRUN = 1859794437,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_BAD_ID = 1859794438,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_BAD_LENGTH = 1859794439,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_BAD_FORMAT = 1859794440,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_PARSE_ERROR = 1859794441
439c0011e642fb1d26011116144af698125262dbMichael Graff} asn1_error_number;
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff#define ERROR_TABLE_BASE_asn1 1859794432
439c0011e642fb1d26011116144af698125262dbMichael Graff#endif
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff#define __asn1_common_definitions__
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Grafftypedef struct octet_string {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff size_t length;
439c0011e642fb1d26011116144af698125262dbMichael Graff void *data;
439c0011e642fb1d26011116144af698125262dbMichael Graff} octet_string;
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Grafftypedef char *general_string;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Grafftypedef char *utf8_string;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Grafftypedef struct oid {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff size_t length;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff unsigned *components;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff} oid;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff/* der.h */
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Grafftypedef enum {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff ASN1_C_UNIV = 0, ASN1_C_APPL = 1,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff ASN1_C_CONTEXT = 2, ASN1_C_PRIVATE = 3
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff} Der_class;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Grafftypedef enum {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff PRIM = 0, CONS = 1
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff} Der_type;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff/* Universal tags */
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffenum {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_Boolean = 1,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_Integer = 2,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_BitString = 3,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_OctetString = 4,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_Null = 5,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_OID = 6,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_Enumerated = 10,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_Sequence = 16,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_Set = 17,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_PrintableString = 19,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_IA5String = 22,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_UTCTime = 23,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_GeneralizedTime = 24,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_VisibleString = 26,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff UT_GeneralString = 27
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff};
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff#define ASN1_INDEFINITE 0xdce0deed
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_get_length(const unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff size_t * val, size_t * size);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_get_octet_string(const unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff octet_string * data, size_t * size);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_get_oid(const unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff oid * data, size_t * size);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_get_tag(const unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff Der_class * class, Der_type * type,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff int *tag, size_t * size);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_match_tag(const unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff Der_class class, Der_type type,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff int tag, size_t * size);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_match_tag_and_length(const unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff Der_class class, Der_type type, int tag,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff size_t * length_ret, size_t * size);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffdecode_oid(const unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff oid * k, size_t * size);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffdecode_enumerated(const unsigned char *p, size_t len, void *num, size_t *size);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffdecode_octet_string(const unsigned char *, size_t, octet_string *, size_t *);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_put_int(unsigned char *p, size_t len, int val, size_t *);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_put_length(unsigned char *p, size_t len, size_t val, size_t *);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_put_octet_string(unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff const octet_string * data, size_t *);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_put_oid(unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff const oid * data, size_t * size);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_put_tag(unsigned char *p, size_t len, Der_class class, Der_type type,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff int tag, size_t *);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_put_length_and_tag(unsigned char *, size_t, size_t,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff Der_class, Der_type, int, size_t *);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffencode_enumerated(unsigned char *p, size_t len, const void *data, size_t *);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffencode_octet_string(unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff const octet_string * k, size_t *);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffencode_oid(unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff const oid * k, size_t *);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic void
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Grafffree_octet_string(octet_string * k);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic void
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Grafffree_oid (oid * k);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic size_t
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Grafflength_len(size_t len);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Grafffix_dce(size_t reallen, size_t * len);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff/*
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff * Include stuff generated by the ASN.1 compiler.
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff */
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff#include "spnego_asn1.c"
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic unsigned char gss_krb5_mech_oid_bytes[] = {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff};
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic gss_OID_desc gss_krb5_mech_oid_desc = {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff sizeof(gss_krb5_mech_oid_bytes),
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff gss_krb5_mech_oid_bytes
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff};
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic gss_OID GSS_KRB5_MECH = &gss_krb5_mech_oid_desc;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic unsigned char gss_mskrb5_mech_oid_bytes[] = {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff 0x2a, 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff};
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic gss_OID_desc gss_mskrb5_mech_oid_desc = {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff sizeof(gss_mskrb5_mech_oid_bytes),
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff gss_mskrb5_mech_oid_bytes
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff};
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic gss_OID GSS_MSKRB5_MECH = &gss_mskrb5_mech_oid_desc;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic unsigned char gss_spnego_mech_oid_bytes[] = {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff};
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic gss_OID_desc gss_spnego_mech_oid_desc = {
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff sizeof(gss_spnego_mech_oid_bytes),
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff gss_spnego_mech_oid_bytes
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff};
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic gss_OID GSS_SPNEGO_MECH = &gss_spnego_mech_oid_desc;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff/* spnegokrb5_locl.h */
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic OM_uint32
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffgssapi_spnego_encapsulate(OM_uint32 *,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff unsigned char *,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff size_t,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff gss_buffer_t,
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff const gss_OID);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic OM_uint32
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graffgssapi_spnego_decapsulate(OM_uint32 *,
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff gss_buffer_t,
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff unsigned char **,
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff size_t *,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff const gss_OID);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff/* mod_auth_kerb.c */
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graffstatic int
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graffcmp_gss_type(gss_buffer_t token, gss_OID oid)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff{
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff unsigned char *p;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff size_t len;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff if (token->length == 0U)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff p = token->value;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff if (*p++ != 0x60)
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff len = *p++;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff if (len & 0x80) {
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff if ((len & 0x7f) > 4U)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff p += len & 0x7f;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff }
439c0011e642fb1d26011116144af698125262dbMichael Graff if (*p++ != 0x06)
439c0011e642fb1d26011116144af698125262dbMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff if (((OM_uint32) *p++) != oid->length)
439c0011e642fb1d26011116144af698125262dbMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff return (memcmp(p, oid->elements, oid->length));
439c0011e642fb1d26011116144af698125262dbMichael Graff}
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff/* accept_sec_context.c */
439c0011e642fb1d26011116144af698125262dbMichael Graff/*
439c0011e642fb1d26011116144af698125262dbMichael Graff * SPNEGO wrapper for Kerberos5 GSS-API kouril@ics.muni.cz, 2003 (mostly
439c0011e642fb1d26011116144af698125262dbMichael Graff * based on Heimdal code)
439c0011e642fb1d26011116144af698125262dbMichael Graff */
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graffstatic OM_uint32
439c0011e642fb1d26011116144af698125262dbMichael Graffcode_NegTokenArg(OM_uint32 * minor_status,
439c0011e642fb1d26011116144af698125262dbMichael Graff const NegTokenResp * resp,
439c0011e642fb1d26011116144af698125262dbMichael Graff unsigned char **outbuf,
439c0011e642fb1d26011116144af698125262dbMichael Graff size_t * outbuf_size)
439c0011e642fb1d26011116144af698125262dbMichael Graff{
439c0011e642fb1d26011116144af698125262dbMichael Graff OM_uint32 ret;
439c0011e642fb1d26011116144af698125262dbMichael Graff u_char *buf;
439c0011e642fb1d26011116144af698125262dbMichael Graff size_t buf_size, buf_len = 0;
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff buf_size = 1024;
439c0011e642fb1d26011116144af698125262dbMichael Graff buf = malloc(buf_size);
439c0011e642fb1d26011116144af698125262dbMichael Graff if (buf == NULL) {
439c0011e642fb1d26011116144af698125262dbMichael Graff *minor_status = ENOMEM;
439c0011e642fb1d26011116144af698125262dbMichael Graff return (GSS_S_FAILURE);
439c0011e642fb1d26011116144af698125262dbMichael Graff }
439c0011e642fb1d26011116144af698125262dbMichael Graff do {
439c0011e642fb1d26011116144af698125262dbMichael Graff ret = encode_NegTokenResp(buf + buf_size - 1,
439c0011e642fb1d26011116144af698125262dbMichael Graff buf_size,
439c0011e642fb1d26011116144af698125262dbMichael Graff resp, &buf_len);
439c0011e642fb1d26011116144af698125262dbMichael Graff if (ret == 0) {
439c0011e642fb1d26011116144af698125262dbMichael Graff size_t tmp;
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
439c0011e642fb1d26011116144af698125262dbMichael Graff buf_size - buf_len,
439c0011e642fb1d26011116144af698125262dbMichael Graff buf_len,
439c0011e642fb1d26011116144af698125262dbMichael Graff ASN1_C_CONTEXT,
439c0011e642fb1d26011116144af698125262dbMichael Graff CONS,
439c0011e642fb1d26011116144af698125262dbMichael Graff 1,
439c0011e642fb1d26011116144af698125262dbMichael Graff &tmp);
439c0011e642fb1d26011116144af698125262dbMichael Graff if (ret == 0)
439c0011e642fb1d26011116144af698125262dbMichael Graff buf_len += tmp;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff }
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (ret) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (ret == ASN1_OVERFLOW) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff u_char *tmp;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff buf_size *= 2;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff tmp = realloc(buf, buf_size);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (tmp == NULL) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *minor_status = ENOMEM;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff free(buf);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (GSS_S_FAILURE);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff }
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff buf = tmp;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff } else {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *minor_status = ret;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff free(buf);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (GSS_S_FAILURE);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff }
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff }
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff } while (ret == ASN1_OVERFLOW);
439c0011e642fb1d26011116144af698125262dbMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *outbuf = malloc(buf_len);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (*outbuf == NULL) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *minor_status = ENOMEM;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff free(buf);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (GSS_S_FAILURE);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff }
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff memcpy(*outbuf, buf + buf_size - buf_len, buf_len);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *outbuf_size = buf_len;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff free(buf);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (GSS_S_COMPLETE);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffstatic OM_uint32
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graffsend_reject(OM_uint32 * minor_status,
439c0011e642fb1d26011116144af698125262dbMichael Graff gss_buffer_t output_token)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff{
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff NegTokenResp resp;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 ret;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff resp.negState = malloc(sizeof(*resp.negState));
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (resp.negState == NULL) {
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *minor_status = ENOMEM;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (GSS_S_FAILURE);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff }
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *(resp.negState) = reject;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff resp.supportedMech = NULL;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff resp.responseToken = NULL;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff resp.mechListMIC = NULL;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret = code_NegTokenArg(minor_status, &resp,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff (unsigned char **)&output_token->value,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff &output_token->length);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff free_NegTokenResp(&resp);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (ret)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (ret);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (GSS_S_BAD_MECH);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffstatic OM_uint32
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffsend_accept(OM_uint32 * minor_status,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_buffer_t output_token,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_buffer_t mech_token,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_OID pref)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff{
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff NegTokenResp resp;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 ret;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff memset(&resp, 0, sizeof(resp));
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff resp.negState = malloc(sizeof(*resp.negState));
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (resp.negState == NULL) {
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *minor_status = ENOMEM;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (GSS_S_FAILURE);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff }
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff *(resp.negState) = accept_completed;
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff resp.supportedMech = malloc(sizeof(*resp.supportedMech));
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (resp.supportedMech == NULL) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff free_NegTokenResp(&resp);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *minor_status = ENOMEM;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (GSS_S_FAILURE);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff }
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret = der_get_oid(pref->elements,
439c0011e642fb1d26011116144af698125262dbMichael Graff pref->length,
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff resp.supportedMech,
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff NULL);
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff if (ret) {
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff free_NegTokenResp(&resp);
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff *minor_status = ENOMEM;
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff return (GSS_S_FAILURE);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff }
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (mech_token != NULL && mech_token->length != 0U) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff resp.responseToken = malloc(sizeof(*resp.responseToken));
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (resp.responseToken == NULL) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff free_NegTokenResp(&resp);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *minor_status = ENOMEM;
439c0011e642fb1d26011116144af698125262dbMichael Graff return (GSS_S_FAILURE);
439c0011e642fb1d26011116144af698125262dbMichael Graff }
439c0011e642fb1d26011116144af698125262dbMichael Graff resp.responseToken->length = mech_token->length;
439c0011e642fb1d26011116144af698125262dbMichael Graff resp.responseToken->data = mech_token->value;
439c0011e642fb1d26011116144af698125262dbMichael Graff }
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff ret = code_NegTokenArg(minor_status, &resp,
439c0011e642fb1d26011116144af698125262dbMichael Graff (unsigned char **)&output_token->value,
439c0011e642fb1d26011116144af698125262dbMichael Graff &output_token->length);
439c0011e642fb1d26011116144af698125262dbMichael Graff if (resp.responseToken != NULL) {
439c0011e642fb1d26011116144af698125262dbMichael Graff free(resp.responseToken);
439c0011e642fb1d26011116144af698125262dbMichael Graff resp.responseToken = NULL;
439c0011e642fb1d26011116144af698125262dbMichael Graff }
439c0011e642fb1d26011116144af698125262dbMichael Graff free_NegTokenResp(&resp);
439c0011e642fb1d26011116144af698125262dbMichael Graff if (ret)
439c0011e642fb1d26011116144af698125262dbMichael Graff return (ret);
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff return (GSS_S_COMPLETE);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael GraffOM_uint32
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffgss_accept_sec_context_spnego(OM_uint32 *minor_status,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff gss_ctx_id_t *context_handle,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff const gss_cred_id_t acceptor_cred_handle,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff const gss_buffer_t input_token_buffer,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff const gss_channel_bindings_t input_chan_bindings,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff gss_name_t *src_name,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff gss_OID *mech_type,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_buffer_t output_token,
439c0011e642fb1d26011116144af698125262dbMichael Graff OM_uint32 *ret_flags,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff OM_uint32 *time_rec,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff gss_cred_id_t *delegated_cred_handle)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff NegTokenInit init_token;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff OM_uint32 major_status;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff OM_uint32 minor_status2;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff gss_buffer_desc ibuf, obuf;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff gss_buffer_t ot = NULL;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff gss_OID pref = GSS_KRB5_MECH;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff unsigned char *buf;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t buf_size;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t len, taglen, ni_len;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff int found = 0;
3f6a66689410910ef601a4d26f10a24f331ef83cMichael Graff int ret;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff unsigned i;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff /*
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * Before doing anything else, see whether this is a SPNEGO
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * PDU. If not, dispatch to the GSSAPI library and get out.
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff */
439c0011e642fb1d26011116144af698125262dbMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (cmp_gss_type(input_token_buffer, GSS_SPNEGO_MECH))
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (gss_accept_sec_context(minor_status,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff context_handle,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff acceptor_cred_handle,
3f6a66689410910ef601a4d26f10a24f331ef83cMichael Graff input_token_buffer,
3f6a66689410910ef601a4d26f10a24f331ef83cMichael Graff input_chan_bindings,
3f6a66689410910ef601a4d26f10a24f331ef83cMichael Graff src_name,
3f6a66689410910ef601a4d26f10a24f331ef83cMichael Graff mech_type,
3f6a66689410910ef601a4d26f10a24f331ef83cMichael Graff output_token,
3f6a66689410910ef601a4d26f10a24f331ef83cMichael Graff ret_flags,
3f6a66689410910ef601a4d26f10a24f331ef83cMichael Graff time_rec,
3f6a66689410910ef601a4d26f10a24f331ef83cMichael Graff delegated_cred_handle));
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff /*
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * If we get here, it's SPNEGO.
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff */
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff memset(&init_token, 0, sizeof(init_token));
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff ret = gssapi_spnego_decapsulate(minor_status, input_token_buffer,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff &buf, &buf_size, GSS_SPNEGO_MECH);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (ret)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (ret);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret = der_match_tag_and_length(buf, buf_size, ASN1_C_CONTEXT, CONS,
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff 0, &len, &taglen);
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff if (ret)
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff return (ret);
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff ret = decode_NegTokenInit(buf + taglen, len, &init_token, &ni_len);
439c0011e642fb1d26011116144af698125262dbMichael Graff if (ret) {
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff *minor_status = EINVAL; /* XXX */
439c0011e642fb1d26011116144af698125262dbMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff }
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff for (i = 0; !found && i < init_token.mechTypes.len; ++i) {
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff unsigned char mechbuf[17];
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff size_t mech_len;
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff ret = der_put_oid(mechbuf + sizeof(mechbuf) - 1,
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff sizeof(mechbuf),
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff &init_token.mechTypes.val[i],
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff &mech_len);
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff if (ret)
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff if (mech_len == GSS_KRB5_MECH->length &&
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff memcmp(GSS_KRB5_MECH->elements,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff mechbuf + sizeof(mechbuf) - mech_len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff mech_len) == 0) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff found = 1;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff break;
519b4a1a27c8b767a57a981dda69a3c6394bd49dMichael Graff }
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (mech_len == GSS_MSKRB5_MECH->length &&
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff memcmp(GSS_MSKRB5_MECH->elements,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff mechbuf + sizeof(mechbuf) - mech_len,
439c0011e642fb1d26011116144af698125262dbMichael Graff mech_len) == 0) {
439c0011e642fb1d26011116144af698125262dbMichael Graff found = 1;
439c0011e642fb1d26011116144af698125262dbMichael Graff if (i == 0)
439c0011e642fb1d26011116144af698125262dbMichael Graff pref = GSS_MSKRB5_MECH;
439c0011e642fb1d26011116144af698125262dbMichael Graff break;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff }
439c0011e642fb1d26011116144af698125262dbMichael Graff }
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff if (!found)
439c0011e642fb1d26011116144af698125262dbMichael Graff return (send_reject(minor_status, output_token));
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff if (i == 0 && init_token.mechToken != NULL) {
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff ibuf.length = init_token.mechToken->length;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff ibuf.value = init_token.mechToken->data;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff major_status = gss_accept_sec_context(minor_status,
439c0011e642fb1d26011116144af698125262dbMichael Graff context_handle,
439c0011e642fb1d26011116144af698125262dbMichael Graff acceptor_cred_handle,
439c0011e642fb1d26011116144af698125262dbMichael Graff &ibuf,
439c0011e642fb1d26011116144af698125262dbMichael Graff input_chan_bindings,
439c0011e642fb1d26011116144af698125262dbMichael Graff src_name,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff mech_type,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff &obuf,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret_flags,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff time_rec,
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff delegated_cred_handle);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff if (GSS_ERROR(major_status)) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff send_reject(&minor_status2, output_token);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (major_status);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff }
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ot = &obuf;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff }
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret = send_accept(&minor_status2, output_token, ot, pref);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (ot != NULL && ot->length != 0U)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff gss_release_buffer(&minor_status2, ot);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (ret);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff/* decapsulate.c */
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic OM_uint32
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffgssapi_verify_mech_header(u_char ** str,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t total_len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff const gss_OID mech)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff size_t len, len_len, mech_len, foo;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff int e;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff u_char *p = *str;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff if (total_len < 1U)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff if (*p++ != 0x60)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff e = der_get_length(p, total_len - 1, &len, &len_len);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff if (e || 1 + len_len + len != total_len)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff p += len_len;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff if (*p++ != 0x06)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff e = der_get_length(p, total_len - 1 - len_len - 1,
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff &mech_len, &foo);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff if (e)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (GSS_S_DEFECTIVE_TOKEN);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p += foo;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (mech_len != mech->length)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (GSS_S_BAD_MECH);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (memcmp(p, mech->elements, mech->length) != 0)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (GSS_S_BAD_MECH);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff p += mech_len;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *str = p;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff return (GSS_S_COMPLETE);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff/*
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff * Remove the GSS-API wrapping from `in_token' giving `buf and buf_size' Does
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff * not copy data, so just free `in_token'.
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff */
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic OM_uint32
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graffgssapi_spnego_decapsulate(OM_uint32 *minor_status,
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff gss_buffer_t input_token_buffer,
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff unsigned char **buf,
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff size_t *buf_len,
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff const gss_OID mech)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff{
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff u_char *p;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff OM_uint32 ret;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p = input_token_buffer->value;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret = gssapi_verify_mech_header(&p,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff input_token_buffer->length,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff mech);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (ret) {
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *minor_status = ret;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (GSS_S_FAILURE);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff }
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *buf_len = input_token_buffer->length -
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff (p - (u_char *) input_token_buffer->value);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *buf = p;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (GSS_S_COMPLETE);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff/* der_free.c */
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffstatic void
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Grafffree_octet_string(octet_string *k)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff free(k->data);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff k->data = NULL;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic void
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Grafffree_oid(oid *k)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff free(k->components);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff k->components = NULL;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff/* der_get.c */
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff/*
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * All decoding functions take a pointer `p' to first position in which to
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * read, from the left, `len' which means the maximum number of characters we
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * are able to read, `ret' were the value will be returned and `size' where
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * the number of used bytes is stored. Either 0 or an error code is returned.
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff */
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic int
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffder_get_unsigned(const unsigned char *p, size_t len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff unsigned *ret, size_t *size)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff unsigned val = 0;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t oldlen = len;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff while (len--)
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff val = val * 256 + *p++;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *ret = val;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (size)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *size = oldlen;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (0);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff}
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffstatic int
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffder_get_int(const unsigned char *p, size_t len,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff int *ret, size_t *size)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff{
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff int val = 0;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff size_t oldlen = len;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (len > 0U) {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff val = (signed char)*p++;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff while (--len)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff val = val * 256 + *p++;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff }
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *ret = val;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (size)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *size = oldlen;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (0);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff}
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffstatic int
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffder_get_length(const unsigned char *p, size_t len,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff size_t *val, size_t *size)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff{
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff size_t v;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (len <= 0U)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ASN1_OVERRUN);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff --len;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff v = *p++;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (v < 128U) {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *val = v;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (size)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *size = 1;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff } else {
439c0011e642fb1d26011116144af698125262dbMichael Graff int e;
439c0011e642fb1d26011116144af698125262dbMichael Graff size_t l;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff unsigned tmp;
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff if (v == 0x80U) {
439c0011e642fb1d26011116144af698125262dbMichael Graff *val = ASN1_INDEFINITE;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (size)
439c0011e642fb1d26011116144af698125262dbMichael Graff *size = 1;
439c0011e642fb1d26011116144af698125262dbMichael Graff return (0);
439c0011e642fb1d26011116144af698125262dbMichael Graff }
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff v &= 0x7F;
439c0011e642fb1d26011116144af698125262dbMichael Graff if (len < v)
439c0011e642fb1d26011116144af698125262dbMichael Graff return (ASN1_OVERRUN);
439c0011e642fb1d26011116144af698125262dbMichael Graff e = der_get_unsigned(p, v, &tmp, &l);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (e)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (e);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *val = tmp;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (size)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *size = l + 1;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff }
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (0);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff}
439c0011e642fb1d26011116144af698125262dbMichael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffstatic int
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffder_get_octet_string(const unsigned char *p, size_t len,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff octet_string *data, size_t *size)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff{
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff data->length = len;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff data->data = malloc(len);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (data->data == NULL && data->length != 0U)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ENOMEM);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff memcpy(data->data, p, len);
439c0011e642fb1d26011116144af698125262dbMichael Graff if (size)
439c0011e642fb1d26011116144af698125262dbMichael Graff *size = len;
439c0011e642fb1d26011116144af698125262dbMichael Graff return (0);
439c0011e642fb1d26011116144af698125262dbMichael Graff}
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffstatic int
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffder_get_oid(const unsigned char *p, size_t len,
439c0011e642fb1d26011116144af698125262dbMichael Graff oid *data, size_t *size)
439c0011e642fb1d26011116144af698125262dbMichael Graff{
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff int n;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff size_t oldlen = len;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff if (len < 1U)
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff return (ASN1_OVERRUN);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff data->components = malloc(len * sizeof(*data->components));
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff if (data->components == NULL && len != 0U)
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff return (ENOMEM);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff data->components[0] = (*p) / 40;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff data->components[1] = (*p) % 40;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff --len;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff ++p;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff for (n = 2; len > 0U; ++n) {
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff unsigned u = 0;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff do {
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff --len;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff u = u * 128 + (*p++ % 128);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff } while (len > 0U && p[-1] & 0x80);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff data->components[n] = u;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff }
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff if (p[-1] & 0x80) {
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff free_oid(data);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff return (ASN1_OVERRUN);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff }
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff data->length = n;
439c0011e642fb1d26011116144af698125262dbMichael Graff if (size)
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff *size = oldlen;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (0);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic int
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graffder_get_tag(const unsigned char *p, size_t len,
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff Der_class *class, Der_type *type,
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff int *tag, size_t *size)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (len < 1U)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (ASN1_OVERRUN);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *class = (Der_class) (((*p) >> 6) & 0x03);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *type = (Der_type) (((*p) >> 5) & 0x01);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *tag = (*p) & 0x1F;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (size)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *size = 1;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (0);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff}
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic int
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffder_match_tag(const unsigned char *p, size_t len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff Der_class class, Der_type type,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff int tag, size_t *size)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff Der_class thisclass;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff Der_type thistype;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff int thistag;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff int e;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_get_tag(p, len, &thisclass, &thistype, &thistag, &l);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff if (e)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff return (e);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff if (class != thisclass || type != thistype)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff return (ASN1_BAD_ID);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (tag > thistag)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (ASN1_MISPLACED_FIELD);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff if (tag < thistag)
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff return (ASN1_MISSING_FIELD);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (size)
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff *size = l;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff return (0);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff}
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_match_tag_and_length(const unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff Der_class class, Der_type type, int tag,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff size_t *length_ret, size_t *size)
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff{
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff size_t l, ret = 0;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff int e;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff e = der_match_tag(p, len, class, type, tag, &l);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret += l;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff e = der_get_length(p, len, length_ret, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff /* p += l; */
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff POST(len);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff ret += l;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff if (size)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff *size = ret;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (0);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffdecode_enumerated(const unsigned char *p, size_t len, void *num, size_t *size)
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff{
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff size_t ret = 0;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff size_t l, reallen;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff int e;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_Enumerated, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
439c0011e642fb1d26011116144af698125262dbMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_get_length(p, len, &reallen, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_get_int(p, reallen, num, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff POST(p); POST(len);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (size)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *size = ret;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (0);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic int
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffdecode_octet_string(const unsigned char *p, size_t len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff octet_string *k, size_t *size)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t ret = 0;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t l;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff int e;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff size_t slen;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_OctetString, &l);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff if (e)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret += l;
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff e = der_get_length(p, len, &slen, &l);
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff p += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (len < slen)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (ASN1_OVERRUN);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_get_octet_string(p, slen, k, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff p += l;
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff len -= l;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff POST(p); POST(len);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff ret += l;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff if (size)
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff *size = ret;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff return (0);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff}
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffdecode_oid(const unsigned char *p, size_t len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff oid *k, size_t *size)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff{
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff size_t ret = 0;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff size_t l;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff int e;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff size_t slen;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_OID, &l);
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff if (e)
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff return (e);
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff p += l;
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff len -= l;
439c0011e642fb1d26011116144af698125262dbMichael Graff ret += l;
439c0011e642fb1d26011116144af698125262dbMichael Graff
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff e = der_get_length(p, len, &slen, &l);
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff if (e)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff return (e);
439c0011e642fb1d26011116144af698125262dbMichael Graff p += l;
439c0011e642fb1d26011116144af698125262dbMichael Graff len -= l;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff ret += l;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (len < slen)
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff return (ASN1_OVERRUN);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff e = der_get_oid(p, slen, k, &l);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff if (e)
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff return (e);
439c0011e642fb1d26011116144af698125262dbMichael Graff p += l;
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff len -= l;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff POST(p); POST(len);
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff ret += l;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (size)
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff *size = ret;
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff return (0);
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff}
439c0011e642fb1d26011116144af698125262dbMichael Graff
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graffstatic int
50b5857f1ad137624a18ce67b26b9941e316b007Michael Grafffix_dce(size_t reallen, size_t *len)
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff{
439c0011e642fb1d26011116144af698125262dbMichael Graff if (reallen == ASN1_INDEFINITE)
439c0011e642fb1d26011116144af698125262dbMichael Graff return (1);
439c0011e642fb1d26011116144af698125262dbMichael Graff if (*len < reallen)
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff return (-1);
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff *len = reallen;
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff return (0);
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff}
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff/* der_length.c */
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graffstatic size_t
50b5857f1ad137624a18ce67b26b9941e316b007Michael Grafflen_unsigned(unsigned val)
50b5857f1ad137624a18ce67b26b9941e316b007Michael Graff{
3c5148c4d98af51d6dcb449c6dbd45fe8c645f61Michael Graff size_t ret = 0;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff do {
439c0011e642fb1d26011116144af698125262dbMichael Graff ++ret;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff val /= 256;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff } while (val);
439c0011e642fb1d26011116144af698125262dbMichael Graff return (ret);
439c0011e642fb1d26011116144af698125262dbMichael Graff}
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graffstatic size_t
439c0011e642fb1d26011116144af698125262dbMichael Grafflength_len(size_t len)
439c0011e642fb1d26011116144af698125262dbMichael Graff{
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff if (len < 128U)
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff return (1);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff else
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff return (len_unsigned(len) + 1);
439c0011e642fb1d26011116144af698125262dbMichael Graff}
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff/* der_put.c */
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff/*
439c0011e642fb1d26011116144af698125262dbMichael Graff * All encoding functions take a pointer `p' to first position in which to
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff * write, from the right, `len' which means the maximum number of characters
439c0011e642fb1d26011116144af698125262dbMichael Graff * we are able to write. The function returns the number of characters
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff * written in `size' (if non-NULL). The return value is 0 or an error.
439c0011e642fb1d26011116144af698125262dbMichael Graff */
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graffstatic int
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffder_put_unsigned(unsigned char *p, size_t len, unsigned val, size_t *size)
439c0011e642fb1d26011116144af698125262dbMichael Graff{
439c0011e642fb1d26011116144af698125262dbMichael Graff unsigned char *base = p;
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff if (val) {
439c0011e642fb1d26011116144af698125262dbMichael Graff while (len > 0U && val) {
439c0011e642fb1d26011116144af698125262dbMichael Graff *p-- = val % 256;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff val /= 256;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff --len;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff }
439c0011e642fb1d26011116144af698125262dbMichael Graff if (val != 0)
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff return (ASN1_OVERFLOW);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff else {
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff *size = base - p;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (0);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff }
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff } else if (len < 1U)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (ASN1_OVERFLOW);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff else {
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff *p = 0;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff *size = 1;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (0);
439c0011e642fb1d26011116144af698125262dbMichael Graff }
439c0011e642fb1d26011116144af698125262dbMichael Graff}
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graffstatic int
439c0011e642fb1d26011116144af698125262dbMichael Graffder_put_int(unsigned char *p, size_t len, int val, size_t *size)
439c0011e642fb1d26011116144af698125262dbMichael Graff{
439c0011e642fb1d26011116144af698125262dbMichael Graff unsigned char *base = p;
439c0011e642fb1d26011116144af698125262dbMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graff if (val >= 0) {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff do {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (len < 1U)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ASN1_OVERFLOW);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *p-- = val % 256;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff len--;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff val /= 256;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff } while (val);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (p[1] >= 128) {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (len < 1U)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ASN1_OVERFLOW);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *p-- = 0;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff len--;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff }
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff } else {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff val = ~val;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff do {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (len < 1U)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ASN1_OVERFLOW);
439c0011e642fb1d26011116144af698125262dbMichael Graff *p-- = ~(val % 256);
439c0011e642fb1d26011116144af698125262dbMichael Graff len--;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff val /= 256;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff } while (val);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (p[1] < 128) {
439c0011e642fb1d26011116144af698125262dbMichael Graff if (len < 1U)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ASN1_OVERFLOW);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *p-- = 0xff;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff len--;
439c0011e642fb1d26011116144af698125262dbMichael Graff }
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff }
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *size = base - p;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (0);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff}
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffstatic int
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graffder_put_length(unsigned char *p, size_t len, size_t val, size_t *size)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff{
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (len < 1U)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ASN1_OVERFLOW);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (val < 128U) {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *p = val;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *size = 1;
439c0011e642fb1d26011116144af698125262dbMichael Graff return (0);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff } else {
439c0011e642fb1d26011116144af698125262dbMichael Graff size_t l;
439c0011e642fb1d26011116144af698125262dbMichael Graff int e;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff e = der_put_unsigned(p, len - 1, val, &l);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (e)
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff return (e);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff p -= l;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff *p = 0x80 | l;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff *size = l + 1;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff return (0);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff }
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff}
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
439c0011e642fb1d26011116144af698125262dbMichael Graffstatic int
439c0011e642fb1d26011116144af698125262dbMichael Graffder_put_octet_string(unsigned char *p, size_t len,
439c0011e642fb1d26011116144af698125262dbMichael Graff const octet_string *data, size_t *size)
439c0011e642fb1d26011116144af698125262dbMichael Graff{
3c5148c4d98af51d6dcb449c6dbd45fe8c645f61Michael Graff if (len < data->length)
3c5148c4d98af51d6dcb449c6dbd45fe8c645f61Michael Graff return (ASN1_OVERFLOW);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff p -= data->length;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff len -= data->length;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff POST(len);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff memcpy(p + 1, data->data, data->length);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *size = data->length;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff return (0);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffstatic int
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffder_put_oid(unsigned char *p, size_t len,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const oid *data, size_t *size)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff{
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff unsigned char *base = p;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff int n;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff for (n = data->length - 1; n >= 2; --n) {
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff unsigned u = data->components[n];
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (len < 1U)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (ASN1_OVERFLOW);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *p-- = u % 128;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff u /= 128;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff --len;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff while (u > 0) {
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (len < 1U)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (ASN1_OVERFLOW);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff *p-- = 128 + u % 128;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff u /= 128;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff --len;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff }
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff }
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (len < 1U)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (ASN1_OVERFLOW);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *p-- = 40 * data->components[0] + data->components[1];
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *size = base - p;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (0);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffstatic int
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffder_put_tag(unsigned char *p, size_t len, Der_class class, Der_type type,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff int tag, size_t *size)
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff{
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff if (len < 1U)
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff return (ASN1_OVERFLOW);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff *p = (class << 6) | (type << 5) | tag; /* XXX */
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff *size = 1;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff return (0);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffstatic int
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffder_put_length_and_tag(unsigned char *p, size_t len, size_t len_val,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff Der_class class, Der_type type, int tag, size_t *size)
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff{
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t ret = 0;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t l;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff int e;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_put_length(p, len, len_val, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p -= l;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_put_tag(p, len, class, type, tag, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff p -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff POST(p); POST(len);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *size = ret;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (0);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic int
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffencode_enumerated(unsigned char *p, size_t len, const void *data, size_t *size)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff unsigned num = *(const unsigned *)data;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t ret = 0;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff int e;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_put_int(p, len, num, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_put_length_and_tag(p, len, l, ASN1_C_UNIV, PRIM, UT_Enumerated, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff POST(p); POST(len);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *size = ret;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (0);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic int
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffencode_octet_string(unsigned char *p, size_t len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff const octet_string *k, size_t *size)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t ret = 0;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff int e;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff e = der_put_octet_string(p, len, k, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_put_length_and_tag(p, len, l, ASN1_C_UNIV, PRIM, UT_OctetString, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff POST(p); POST(len);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *size = ret;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (0);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic int
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffencode_oid(unsigned char *p, size_t len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff const oid *k, size_t *size)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t ret = 0;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t l;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff int e;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_put_oid(p, len, k, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff ret += l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_put_length_and_tag(p, len, l, ASN1_C_UNIV, PRIM, UT_OID, &l);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff return (e);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff p -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len -= l;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff POST(p); POST(len);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff ret += l;
439c0011e642fb1d26011116144af698125262dbMichael Graff *size = ret;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (0);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff/* encapsulate.c */
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic void
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graffgssapi_encap_length(size_t data_len,
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff size_t *len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t *total_len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff const gss_OID mech)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff{
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t len_len;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *len = 1 + 1 + mech->length + data_len;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len_len = length_len(*len);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *total_len = 1 + len_len + *len;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffstatic u_char *
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graffgssapi_mech_make_header(u_char *p,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff size_t len,
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff const gss_OID mech)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff{
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff int e;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t len_len, foo;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff *p++ = 0x60;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff len_len = length_len(len);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff e = der_put_length(p + len_len - 1, len_len, len, &foo);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff if (e || foo != len_len)
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff return (NULL);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff p += len_len;
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff *p++ = 0x06;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff *p++ = mech->length;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff memcpy(p, mech->elements, mech->length);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff p += mech->length;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (p);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff}
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff/*
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff */
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graffstatic OM_uint32
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graffgssapi_spnego_encapsulate(OM_uint32 * minor_status,
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff unsigned char *buf,
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff size_t buf_size,
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff gss_buffer_t output_token,
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff const gss_OID mech)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff{
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff size_t len, outer_len;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff u_char *p;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff gssapi_encap_length(buf_size, &len, &outer_len, mech);
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff output_token->length = outer_len;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff output_token->value = malloc(outer_len);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff if (output_token->value == NULL) {
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff *minor_status = ENOMEM;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (GSS_S_FAILURE);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff }
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff p = gssapi_mech_make_header(output_token->value, len, mech);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff if (p == NULL) {
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff if (output_token->length != 0U)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff gss_release_buffer(minor_status, output_token);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (GSS_S_FAILURE);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff }
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff memcpy(p, buf, buf_size);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff return (GSS_S_COMPLETE);
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff}
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff/* init_sec_context.c */
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff/*
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff * SPNEGO wrapper for Kerberos5 GSS-API kouril@ics.muni.cz, 2003 (mostly
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff * based on Heimdal code)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff */
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graffstatic int
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graffadd_mech(MechTypeList * mech_list, gss_OID mech)
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff{
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff MechType *tmp;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff int ret;
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff
6d14fe95e9ea5bbc5e863e5aab4618f7b3dbcc0fMichael Graff tmp = realloc(mech_list->val, (mech_list->len + 1) * sizeof(*tmp));
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff if (tmp == NULL)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (ENOMEM);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff mech_list->val = tmp;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff ret = der_get_oid(mech->elements, mech->length,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff &mech_list->val[mech_list->len], NULL);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (ret)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (ret);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff mech_list->len++;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff return (0);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff/*
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * return the length of the mechanism in token or -1
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff */
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffstatic ssize_t
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffgssapi_krb5_get_mech(const u_char *ptr,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t total_len,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const u_char **mech_ret)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff{
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t len, len_len, mech_len, foo;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff const u_char *p = ptr;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff int e;
30251e07d1705d1a85b0e1d5a969496e1aed612eMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (total_len < 1U)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (-1);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (*p++ != 0x60)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (-1);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff e = der_get_length (p, total_len - 1, &len, &len_len);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (e || 1 + len_len + len != total_len)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (-1);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff p += len_len;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (*p++ != 0x06)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (-1);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff e = der_get_length (p, total_len - 1 - len_len - 1,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff &mech_len, &foo);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (e)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (-1);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff p += foo;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *mech_ret = p;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (mech_len);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffstatic OM_uint32
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graffspnego_initial(OM_uint32 *minor_status,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_cred_id_t initiator_cred_handle,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff gss_ctx_id_t *context_handle,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff const gss_name_t target_name,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_OID mech_type,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 req_flags,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 time_req,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_channel_bindings_t input_chan_bindings,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_buffer_t input_token,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_OID *actual_mech_type,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_buffer_t output_token,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 *ret_flags,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 *time_rec)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff{
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff NegTokenInit token_init;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 major_status, minor_status2;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_buffer_desc krb5_output_token = GSS_C_EMPTY_BUFFER;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff unsigned char *buf = NULL;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t buf_size;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff size_t len;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff int ret;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff (void)mech_type;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff memset(&token_init, 0, sizeof(token_init));
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff ret = add_mech(&token_init.mechTypes, GSS_KRB5_MECH);
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff if (ret) {
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff *minor_status = ret;
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff ret = GSS_S_FAILURE;
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff goto end;
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff }
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff major_status = gss_init_sec_context(minor_status,
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff initiator_cred_handle,
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff context_handle,
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff target_name,
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff GSS_KRB5_MECH,
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff req_flags,
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff time_req,
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff input_chan_bindings,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff input_token,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff actual_mech_type,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff &krb5_output_token,
439c0011e642fb1d26011116144af698125262dbMichael Graff ret_flags,
a9ece9973c35d4d780338e89e288fb6a59575324Michael Graff time_rec);
439c0011e642fb1d26011116144af698125262dbMichael Graff if (GSS_ERROR(major_status)) {
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff ret = major_status;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff goto end;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff }
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (krb5_output_token.length > 0U) {
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff token_init.mechToken = malloc(sizeof(*token_init.mechToken));
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (token_init.mechToken == NULL) {
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff *minor_status = ENOMEM;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff ret = GSS_S_FAILURE;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff goto end;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff }
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff token_init.mechToken->data = krb5_output_token.value;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff token_init.mechToken->length = krb5_output_token.length;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff }
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff /*
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * The MS implementation of SPNEGO seems to not like the mechListMIC
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff * field, so we omit it (it's optional anyway)
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff */
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff buf_size = 1024;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff buf = malloc(buf_size);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff do {
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff ret = encode_NegTokenInit(buf + buf_size - 1,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff buf_size,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff &token_init, &len);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (ret == 0) {
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff size_t tmp;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff ret = der_put_length_and_tag(buf + buf_size - len - 1,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff buf_size - len,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff len,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff ASN1_C_CONTEXT,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff CONS,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff 0,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff &tmp);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (ret == 0)
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff len += tmp;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff }
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (ret) {
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (ret == ASN1_OVERFLOW) {
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff u_char *tmp;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff buf_size *= 2;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff tmp = realloc(buf, buf_size);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (tmp == NULL) {
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff *minor_status = ENOMEM;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff ret = GSS_S_FAILURE;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff goto end;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff }
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff buf = tmp;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff } else {
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff *minor_status = ret;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff ret = GSS_S_FAILURE;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff goto end;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff }
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff }
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff } while (ret == ASN1_OVERFLOW);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff ret = gssapi_spnego_encapsulate(minor_status,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff buf + buf_size - len, len,
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff output_token, GSS_SPNEGO_MECH);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (ret == GSS_S_COMPLETE)
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff ret = major_status;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graffend:
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff if (token_init.mechToken != NULL) {
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff free(token_init.mechToken);
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff token_init.mechToken = NULL;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff }
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff free_NegTokenInit(&token_init);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (krb5_output_token.length != 0U)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_release_buffer(&minor_status2, &krb5_output_token);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff if (buf)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff free(buf);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff return (ret);
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff}
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffstatic OM_uint32
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graffspnego_reply(OM_uint32 *minor_status,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_cred_id_t initiator_cred_handle,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_ctx_id_t *context_handle,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_name_t target_name,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_OID mech_type,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 req_flags,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 time_req,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_channel_bindings_t input_chan_bindings,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff const gss_buffer_t input_token,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_OID *actual_mech_type,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff gss_buffer_t output_token,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 *ret_flags,
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 *time_rec)
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff{
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff OM_uint32 ret;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff NegTokenResp resp;
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff unsigned char *buf;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff size_t buf_size;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff u_char oidbuf[17];
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff size_t oidlen;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff gss_buffer_desc sub_token;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff ssize_t mech_len;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff const u_char *p;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff size_t len, taglen;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff (void)mech_type;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff output_token->length = 0;
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael Graff output_token->value = NULL;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff /*
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff * SPNEGO doesn't include gss wrapping on SubsequentContextToken
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff * like the Kerberos 5 mech does. But lets check for it anyway.
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff */
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff mech_len = gssapi_krb5_get_mech(input_token->value,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff input_token->length,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff &p);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (mech_len < 0) {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff buf = input_token->value;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff buf_size = input_token->length;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff } else if ((size_t)mech_len == GSS_KRB5_MECH->length &&
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff memcmp(GSS_KRB5_MECH->elements, p, mech_len) == 0)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (gss_init_sec_context(minor_status,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff initiator_cred_handle,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff context_handle,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff target_name,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff GSS_KRB5_MECH,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff req_flags,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff time_req,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff input_chan_bindings,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff input_token,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff actual_mech_type,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff output_token,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff ret_flags,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff time_rec));
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff else if ((size_t)mech_len == GSS_SPNEGO_MECH->length &&
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff memcmp(GSS_SPNEGO_MECH->elements, p, mech_len) == 0) {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff ret = gssapi_spnego_decapsulate(minor_status,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff input_token,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff &buf,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff &buf_size,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff GSS_SPNEGO_MECH);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (ret)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ret);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff } else
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (GSS_S_BAD_MECH);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff ret = der_match_tag_and_length(buf, buf_size,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (ret)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ret);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if(len > buf_size - taglen)
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (ASN1_OVERRUN);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff ret = decode_NegTokenResp(buf + taglen, len, &resp, NULL);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (ret) {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *minor_status = ENOMEM;
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (GSS_S_FAILURE);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff }
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff if (resp.negState == NULL ||
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff *(resp.negState) == reject ||
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff resp.supportedMech == NULL) {
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff free_NegTokenResp(&resp);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff return (GSS_S_BAD_MECH);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff }
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff ret = der_put_oid(oidbuf + sizeof(oidbuf) - 1,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff sizeof(oidbuf),
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff resp.supportedMech,
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff &oidlen);
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff if (ret || oidlen != GSS_KRB5_MECH->length ||
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff memcmp(oidbuf + sizeof(oidbuf) - oidlen,
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff GSS_KRB5_MECH->elements,
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff oidlen) != 0) {
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff free_NegTokenResp(&resp);
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff return GSS_S_BAD_MECH;
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff }
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff if (resp.responseToken != NULL) {
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff sub_token.length = resp.responseToken->length;
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff sub_token.value = resp.responseToken->data;
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff } else {
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff sub_token.length = 0;
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff sub_token.value = NULL;
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff }
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff ret = gss_init_sec_context(minor_status,
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff initiator_cred_handle,
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff context_handle,
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff target_name,
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff GSS_KRB5_MECH,
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff req_flags,
f00d96a15cdd11e764437f9359e67328631caaeaMichael Graff time_req,
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff input_chan_bindings,
f36a81c88493985ee2d1c53cc6fe88f4b00dbbc8Michael Graff &sub_token,
actual_mech_type,
output_token,
ret_flags,
time_rec);
if (ret) {
free_NegTokenResp(&resp);
return (ret);
}
/*
* XXXSRA I don't think this limited implementation ever needs
* to check the MIC -- our preferred mechanism (Kerberos)
* authenticates its own messages and is the only mechanism
* we'll accept, so if the mechanism negotiation completes
* successfully, we don't need the MIC. See RFC 4178.
*/
free_NegTokenResp(&resp);
return (ret);
}
OM_uint32
gss_init_sec_context_spnego(OM_uint32 *minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t *context_handle,
const gss_name_t target_name,
const gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
const gss_buffer_t input_token,
gss_OID *actual_mech_type,
gss_buffer_t output_token,
OM_uint32 *ret_flags,
OM_uint32 *time_rec)
{
/* Dirty trick to suppress compiler warnings */
/* Figure out whether we're starting over or processing a reply */
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0U)
return (spnego_initial(minor_status,
initiator_cred_handle,
context_handle,
target_name,
mech_type,
req_flags,
time_req,
input_chan_bindings,
input_token,
actual_mech_type,
output_token,
ret_flags,
time_rec));
else
return (spnego_reply(minor_status,
initiator_cred_handle,
context_handle,
target_name,
mech_type,
req_flags,
time_req,
input_chan_bindings,
input_token,
actual_mech_type,
output_token,
ret_flags,
time_rec));
}
#endif /* GSSAPI */