4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow#include <stdlib.h>

4bff34e37def8a90f9194d81bc345c52ba20086athurlow#include <stdio.h>

4bff34e37def8a90f9194d81bc345c52ba20086athurlow#include <memory.h>

4bff34e37def8a90f9194d81bc345c52ba20086athurlow#include "spnego.h"

4bff34e37def8a90f9194d81bc345c52ba20086athurlow#include "derparse.h"

4bff34e37def8a90f9194d81bc345c52ba20086athurlow#include "spnegoparse.h"

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowextern MECH_OID g_stcMechOIDList [];

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowint CalculateMinSpnegoInitTokenSize( long nMechTokenLength,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross long nMechListMICLength, SPNEGO_MECH_OID *mechOidLst, int mechOidCnt,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReqFlagsAvailable, long* pnTokenSize,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long* pnInternalTokenLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReturn = SPNEGO_E_INVALID_LENGTH;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Start at 0.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTotalLength = 0;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTempLength= 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // We will calculate this by walking the token backwards

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // Start with MIC Element (or negHints)

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nMechListMICLength > 0L )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcElementLength( nMechListMICLength, NULL );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nMechListMICLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenInitLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Next is the MechToken

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nMechTokenLength > 0L )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcElementLength( nMechTokenLength, NULL );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenInitLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Next is the ReqFlags

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nReqFlagsAvailable )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcElementLength( SPNEGO_NEGINIT_MAXLEN_REQFLAGS, NULL );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenInitLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Next is the MechList - This is REQUIRED

12b65585e720714b31036daaa2b30eb76014048eGordon Ross nTempLength += ASNDerCalcMechListLength( mechOidLst, mechOidCnt, NULL );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenInitLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Following four fields are the basic header tokens

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Sequence Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcTokenLength( nTotalLength, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenInitLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Neg Token Identifier Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcTokenLength( nTotalLength, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenInitLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // SPNEGO OID Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += g_stcMechOIDList[spnego_mech_oid_Spnego].iLen;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenInitLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // App Constructed Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcTokenLength( nTotalLength, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenInitLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The internal length doesn't include the number of bytes

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // for the initial token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnInternalTokenLength = nTotalLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // We're done

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnTokenSize = nTotalLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = SPNEGO_E_SUCCESS;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowxEndTokenInitLength:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow return nReturn;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

12b65585e720714b31036daaa2b30eb76014048eGordon Rossint CreateSpnegoInitToken( SPNEGO_MECH_OID *pMechTypeList, long MechTypeCnt,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned char ucContextFlags, unsigned char* pbMechToken,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned long ulMechTokenLen, unsigned char* pbMechListMIC,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned long ulMechListMICLen, unsigned char* pbTokenData,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTokenLength, long nInternalTokenLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReturn = SPNEGO_E_INVALID_LENGTH;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Start at 0.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTempLength= 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTotalBytesWritten = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nInternalLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned char* pbWriteTokenData = pbTokenData + nTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Temporary buffer to hold the REQ Flags as BIT String Data

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned char abTempReqFlags[SPNEGO_NEGINIT_MAXLEN_REQFLAGS];

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // We will write the token out backwards to properly handle the cases

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // where the length bytes become adjustable

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // Start with MIC Element (or negHints)

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ulMechListMICLen > 0L )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

12b65585e720714b31036daaa2b30eb76014048eGordon Ross unsigned char ucType;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcElementLength( ulMechListMICLen, &nInternalLength );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // Decrease the pbWriteTokenData, now we know the length and write it out.

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // Note: When MechTokenLen == 0, we're writing a negTokenInit2 and the

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // MIC arg is really negHints, written as a constructed sequence.

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // Otherwise we're writing a negTokenInit, and the MIC is an OCTETSTRING.

12b65585e720714b31036daaa2b30eb76014048eGordon Ross ucType = (ulMechTokenLen == 0) ?

12b65585e720714b31036daaa2b30eb76014048eGordon Ross SPNEGO_CONSTRUCTED_SEQUENCE : OCTETSTRING;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteElement( pbWriteTokenData, SPNEGO_NEGINIT_ELEMENT_MECHLISTMIC,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross ucType, pbMechListMIC, ulMechListMICLen );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenInit;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF MechListMIC is present

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Next is the MechToken

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ulMechTokenLen > 0L )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcElementLength( ulMechTokenLen, &nInternalLength );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteElement( pbWriteTokenData, SPNEGO_NEGINIT_ELEMENT_MECHTOKEN,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow OCTETSTRING, pbMechToken, ulMechTokenLen );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenInit;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF MechToken Length is present

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Next is the ReqFlags

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ucContextFlags > 0L )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcElementLength( SPNEGO_NEGINIT_MAXLEN_REQFLAGS, &nInternalLength );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // We need a byte that indicates how many bits difference between the number

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // of bits used in final octet (we only have one) and the max (8)

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow abTempReqFlags[0] = SPNEGO_NEGINIT_REQFLAGS_BITDIFF;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow abTempReqFlags[1] = ucContextFlags;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteElement( pbWriteTokenData, SPNEGO_NEGINIT_ELEMENT_REQFLAGS,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow BITSTRING, abTempReqFlags, SPNEGO_NEGINIT_MAXLEN_REQFLAGS );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenInit;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF ContextFlags

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Next is the MechList - This is REQUIRED

12b65585e720714b31036daaa2b30eb76014048eGordon Ross nTempLength = ASNDerCalcMechListLength( pMechTypeList, MechTypeCnt, &nInternalLength );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

12b65585e720714b31036daaa2b30eb76014048eGordon Ross nTempLength = ASNDerWriteMechList( pbWriteTokenData, pMechTypeList, MechTypeCnt );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenInit;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The next tokens we're writing out reflect the total number of bytes

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // we have actually written out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Sequence Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcTokenLength( nTotalBytesWritten, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteToken( pbWriteTokenData, SPNEGO_CONSTRUCTED_SEQUENCE,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow NULL, nTotalBytesWritten );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenInit;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Neg Init Token Identifier Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcTokenLength( nTotalBytesWritten, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteToken( pbWriteTokenData, SPNEGO_NEGINIT_TOKEN_IDENTIFIER,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow NULL, nTotalBytesWritten );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenInit;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // SPNEGO OID Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = g_stcMechOIDList[spnego_mech_oid_Spnego].iLen;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteOID( pbWriteTokenData, spnego_mech_oid_Spnego );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenInit;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // App Constructed Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcTokenLength( nTotalBytesWritten, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteToken( pbWriteTokenData, SPNEGO_NEGINIT_APP_CONSTRUCT,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow NULL, nTotalBytesWritten );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Don't adjust the internal token length here, it doesn't account

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // the initial bytes written out (we really don't need to keep

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // a running count here, but for debugging, it helps to be able

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // to see the total number of bytes written out as well as the

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // number of bytes left to write).

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten == nTokenLength && nInternalTokenLength == 0 &&

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData == pbTokenData )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = SPNEGO_E_SUCCESS;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowxEndWriteNegTokenInit:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow return nReturn;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowint CalculateMinSpnegoTargTokenSize( SPNEGO_MECH_OID MechType,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_NEGRESULT spnegoNegResult, long nMechTokenLen,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nMechListMICLen, long* pnTokenSize,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long* pnInternalTokenLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReturn = SPNEGO_E_INVALID_LENGTH;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Start at 0.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTotalLength = 0;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTempLength= 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // We will calculate this by walking the token backwards

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Start with MIC Element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nMechListMICLen > 0L )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcElementLength( nMechListMICLen, NULL );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nMechListMICLen )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenTargLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Next is the MechToken

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nMechTokenLen > 0L )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcElementLength( nMechTokenLen, NULL );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenTargLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Supported MechType

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( spnego_mech_oid_NotUsed != MechType )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Supported MechOID element - we use the token function since

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // we already know the size of the OID token and value

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcElementLength( g_stcMechOIDList[MechType].iActualDataLen,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow NULL );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenTargLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF MechType is available

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // NegResult Element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( spnego_negresult_NotUsed != spnegoNegResult )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcElementLength( SPNEGO_NEGTARG_MAXLEN_NEGRESULT, NULL );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenTargLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF negResult is available

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Following two fields are the basic header tokens

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Sequence Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcTokenLength( nTotalLength, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenTargLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Neg Token Identifier Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength += ASNDerCalcTokenLength( nTotalLength, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check for rollover error

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTempLength < nTotalLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndTokenTargLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The internal length doesn't include the number of bytes

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // for the initial token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnInternalTokenLength = nTotalLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalLength = nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // We're done

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnTokenSize = nTotalLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = SPNEGO_E_SUCCESS;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowxEndTokenTargLength:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow return nReturn;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowint CreateSpnegoTargToken( SPNEGO_MECH_OID MechType,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_NEGRESULT eNegResult, unsigned char* pbMechToken,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned long ulMechTokenLen, unsigned char* pbMechListMIC,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned long ulMechListMICLen, unsigned char* pbTokenData,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTokenLength, long nInternalTokenLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReturn = SPNEGO_E_INVALID_LENGTH;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Start at 0.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTempLength= 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nTotalBytesWritten = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nInternalLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned char ucTemp = 0;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // We will write the token out backwards to properly handle the cases

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // where the length bytes become adjustable, so the write location

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // is initialized to point *just* past the end of the buffer.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned char* pbWriteTokenData = pbTokenData + nTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Start with MIC Element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ulMechListMICLen > 0L )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcElementLength( ulMechListMICLen, &nInternalLength );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteElement( pbWriteTokenData, SPNEGO_NEGTARG_ELEMENT_MECHLISTMIC,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow OCTETSTRING, pbMechListMIC, ulMechListMICLen );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenTarg;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF MechListMIC is present

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Next is the MechToken

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ulMechTokenLen > 0L )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcElementLength( ulMechTokenLen, &nInternalLength );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteElement( pbWriteTokenData, SPNEGO_NEGTARG_ELEMENT_RESPONSETOKEN,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow OCTETSTRING, pbMechToken, ulMechTokenLen );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenTarg;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF MechToken Length is present

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Supported Mech Type

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( spnego_mech_oid_NotUsed != MechType )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcElementLength( g_stcMechOIDList[MechType].iActualDataLen,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nInternalLength );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteToken( pbWriteTokenData, SPNEGO_NEGTARG_ELEMENT_SUPPORTEDMECH,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow g_stcMechOIDList[MechType].ucOid,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow g_stcMechOIDList[MechType].iLen );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenTarg;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF MechType is present

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Neg Result

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // NegResult Element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( spnego_negresult_NotUsed != eNegResult )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow ucTemp = (unsigned char) eNegResult;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcElementLength( SPNEGO_NEGTARG_MAXLEN_NEGRESULT, &nInternalLength );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteElement( pbWriteTokenData, SPNEGO_NEGTARG_ELEMENT_NEGRESULT,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow ENUMERATED, &ucTemp, SPNEGO_NEGTARG_MAXLEN_NEGRESULT );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenTarg;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // If eNegResult is available

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The next tokens we're writing out reflect the total number of bytes

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // we have actually written out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Sequence Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcTokenLength( nTotalBytesWritten, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteToken( pbWriteTokenData, SPNEGO_CONSTRUCTED_SEQUENCE,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow NULL, nTotalBytesWritten );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nInternalTokenLength -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten > nTokenLength || nInternalTokenLength < 0 )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow goto xEndWriteNegTokenTarg;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Neg Targ Token Identifier Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerCalcTokenLength( nTotalBytesWritten, 0L );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Decrease the pbWriteTokenData, now we know the length and

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // write it out.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData -= nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTempLength = ASNDerWriteToken( pbWriteTokenData, SPNEGO_NEGTARG_TOKEN_IDENTIFIER,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow NULL, nTotalBytesWritten );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust Values and sanity check

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nTotalBytesWritten += nTempLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Don't adjust the internal token length here, it doesn't account

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // the initial bytes written out (we really don't need to keep

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // a running count here, but for debugging, it helps to be able

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // to see the total number of bytes written out as well as the

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // number of bytes left to write).

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( nTotalBytesWritten == nTokenLength && nInternalTokenLength == 0 &&

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbWriteTokenData == pbTokenData )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = SPNEGO_E_SUCCESS;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowxEndWriteNegTokenTarg:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow return nReturn;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowSPNEGO_TOKEN* AllocEmptySpnegoToken( unsigned char ucCopyData, unsigned long ulFlags,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned char * pbTokenData, unsigned long ulTokenSize )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_TOKEN* pSpnegoToken = (SPNEGO_TOKEN*) calloc( 1, sizeof(SPNEGO_TOKEN) );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( NULL != pSpnegoToken )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Set the token size

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->nStructSize = SPNEGO_TOKEN_SIZE;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Initialize the element array

4bff34e37def8a90f9194d81bc345c52ba20086athurlow InitSpnegoTokenElementArray( pSpnegoToken );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Assign the flags value

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->ulFlags = ulFlags;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // IF ucCopyData is TRUE, we will allocate a buffer and copy data into it.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Otherwise, we will just copy the pointer and the length. This is so we

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // can cut out additional allocations for performance reasons

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA == ucCopyData )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Alloc the internal buffer. Cleanup on failure.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->pbBinaryData = (unsigned char*) calloc( ulTokenSize, sizeof(unsigned char) );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( NULL != pSpnegoToken->pbBinaryData )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // We must ALWAYS free this buffer

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->ulFlags |= SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Copy the data locally

4bff34e37def8a90f9194d81bc345c52ba20086athurlow memcpy( pSpnegoToken->pbBinaryData, pbTokenData, ulTokenSize );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->ulBinaryDataLen = ulTokenSize;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow else

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow free( pSpnegoToken );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken = NULL;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF ucCopyData

4bff34e37def8a90f9194d81bc345c52ba20086athurlow else

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Copy the pointer and the length directly - ulFlags will control whether or not

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // we are allowed to free the value

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->pbBinaryData = pbTokenData;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->ulBinaryDataLen = ulTokenSize;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow return pSpnegoToken;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowvoid FreeSpnegoToken( SPNEGO_TOKEN* pSpnegoToken )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( NULL != pSpnegoToken )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Cleanup internal allocation per the flags

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( pSpnegoToken->ulFlags & SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA &&

4bff34e37def8a90f9194d81bc345c52ba20086athurlow NULL != pSpnegoToken->pbBinaryData )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow free( pSpnegoToken->pbBinaryData );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->pbBinaryData = NULL;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow free ( pSpnegoToken );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowvoid InitSpnegoTokenElementArray( SPNEGO_TOKEN* pSpnegoToken )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nCtr;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Set the number of elemnts

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->nNumElements = MAX_NUM_TOKEN_ELEMENTS;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Initially, all elements are unavailable

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow for ( nCtr = 0; nCtr < MAX_NUM_TOKEN_ELEMENTS; nCtr++ )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Set the element size as well

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->aElementArray[ nCtr ].nStructSize = SPNEGO_ELEMENT_SIZE;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->aElementArray[ nCtr ].iElementPresent = SPNEGO_TOKEN_ELEMENT_UNAVAILABLE;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowint InitSpnegoTokenType( SPNEGO_TOKEN* pSpnegoToken, long* pnTokenLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long* pnRemainingTokenLength, unsigned char** ppbFirstElement )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReturn = SPNEGO_E_INVALID_TOKEN;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nActualTokenLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nBoundaryLength = pSpnegoToken->ulBinaryDataLen;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned char* pbTokenData = pSpnegoToken->pbBinaryData;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // First byte MUST be either an APP_CONSTRUCT or the NEGTARG_TOKEN_TARG

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( SPNEGO_NEGINIT_APP_CONSTRUCT == *pbTokenData )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Validate the above token - this will tell us the actual length of the token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // per the encoding (minus the actual token bytes)

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_NEGINIT_APP_CONSTRUCT, 0L, nBoundaryLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pnTokenLength, &nActualTokenLength ) )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Initialize the remaining token length value. This will be used

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // to tell the caller how much token there is left once we've parsed

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // the header (they could calculate it from the other values, but this

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // is a bit friendlier)

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength = *pnTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Make adjustments to next token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbTokenData += nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nBoundaryLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The next token should be an OID

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckOID( pbTokenData, spnego_mech_oid_Spnego, nBoundaryLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nActualTokenLength ) ) == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Make adjustments to next token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbTokenData += nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nBoundaryLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The next token should specify the NegTokenInit

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_NEGINIT_TOKEN_IDENTIFIER,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength, nBoundaryLength, pnTokenLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nActualTokenLength ) )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Make adjustments to next token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbTokenData += nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nBoundaryLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The next token should specify the start of a sequence

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_CONSTRUCTED_SEQUENCE,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength, nBoundaryLength, pnTokenLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nActualTokenLength ) )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // NegTokenInit header is now checked out!

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Make adjustments to next token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Store pointer to first element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *ppbFirstElement = pbTokenData + nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->ucTokenType = SPNEGO_TOKEN_INIT;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF Check Sequence Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF Check NegTokenInit token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF Check for SPNEGO OID

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF check app construct token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow else if ( SPNEGO_NEGTARG_TOKEN_IDENTIFIER == *pbTokenData )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The next token should specify the NegTokenInit

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_NEGTARG_TOKEN_IDENTIFIER,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength, nBoundaryLength, pnTokenLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nActualTokenLength ) )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Initialize the remaining token length value. This will be used

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // to tell the caller how much token there is left once we've parsed

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // the header (they could calculate it from the other values, but this

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // is a bit friendlier)

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength = *pnTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Make adjustments to next token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbTokenData += nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nBoundaryLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The next token should specify the start of a sequence

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_CONSTRUCTED_SEQUENCE,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength, nBoundaryLength, pnTokenLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nActualTokenLength ) )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // NegTokenInit header is now checked out!

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Make adjustments to next token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *pnRemainingTokenLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Store pointer to first element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow *ppbFirstElement = pbTokenData + nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoToken->ucTokenType = SPNEGO_TOKEN_TARG;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF Check Sequence Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF Check NegTokenInit token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // ELSE IF it's a NegTokenTarg

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow return nReturn;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowint GetSpnegoInitTokenMechList( unsigned char* pbTokenData, int nMechListLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_ELEMENT* pSpnegoElement )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReturn = SPNEGO_E_INVALID_TOKEN;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nActualTokenLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Actual MechList is prepended by a Constructed Sequence Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_CONSTRUCTED_SEQUENCE,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nMechListLength, nMechListLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nLength, &nActualTokenLength ) )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust for this token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nMechListLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbTokenData += nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Perform simple validation of the actual MechList (i.e. ensure that

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // the OIDs in the MechList are reasonable).

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ValidateMechList( pbTokenData, nLength ) ) == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Initialize the element now

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->eElementType = spnego_init_mechtypes;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->iElementPresent = SPNEGO_TOKEN_ELEMENT_AVAILABLE;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->type = SPNEGO_MECHLIST_TYPE;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->nDatalength = nLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->pbData = pbTokenData;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF Check Token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow return nReturn;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowint InitSpnegoTokenElementFromBasicType( unsigned char* pbTokenData, int nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned char ucExpectedType,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_ELEMENT_TYPE spnegoElementType,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_ELEMENT* pSpnegoElement )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReturn = SPNEGO_E_UNEXPECTED_TYPE;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nActualTokenLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The type BYTE must match our token data or something is badly wrong

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( *pbTokenData == ucExpectedType )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check that we are pointing at the specified type

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckToken( pbTokenData, ucExpectedType,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nElementLength, nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nLength, &nActualTokenLength ) )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Adjust for this token

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nElementLength -= nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbTokenData += nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Initialize the element now

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->eElementType = spnegoElementType;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->iElementPresent = SPNEGO_TOKEN_ELEMENT_AVAILABLE;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->type = ucExpectedType;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->nDatalength = nLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->pbData = pbTokenData;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF type makes sense

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow return nReturn;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowint InitSpnegoTokenElementFromOID( unsigned char* pbTokenData, int nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_ELEMENT_TYPE spnegoElementType,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_ELEMENT* pSpnegoElement )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReturn = SPNEGO_E_UNEXPECTED_TYPE;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nActualTokenLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The type BYTE must match our token data or something is badly wrong

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( *pbTokenData == OID )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check that we are pointing at an OID type

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckToken( pbTokenData, OID,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nElementLength, nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nLength, &nActualTokenLength ) )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Don't adjust any values for this function

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Initialize the element now

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->eElementType = spnegoElementType;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->iElementPresent = SPNEGO_TOKEN_ELEMENT_AVAILABLE;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->type = OID;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->nDatalength = nElementLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pSpnegoElement->pbData = pbTokenData;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF type makes sense

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow return nReturn;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow}

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlowint InitSpnegoTokenElements( SPNEGO_TOKEN* pSpnegoToken, unsigned char* pbTokenData,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nRemainingTokenLength )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow{

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // The following arrays contain the token identifiers for the elements

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // comprising the actual token. All values are optional, and there are

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // no defaults.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow static unsigned char abNegTokenInitElements[] =

4bff34e37def8a90f9194d81bc345c52ba20086athurlow { SPNEGO_NEGINIT_ELEMENT_MECHTYPES, SPNEGO_NEGINIT_ELEMENT_REQFLAGS,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_NEGINIT_ELEMENT_MECHTOKEN, SPNEGO_NEGINIT_ELEMENT_MECHLISTMIC };

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow static unsigned char abNegTokenTargElements[] =

4bff34e37def8a90f9194d81bc345c52ba20086athurlow { SPNEGO_NEGTARG_ELEMENT_NEGRESULT, SPNEGO_NEGTARG_ELEMENT_SUPPORTEDMECH,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_NEGTARG_ELEMENT_RESPONSETOKEN, SPNEGO_NEGTARG_ELEMENT_MECHLISTMIC };

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nReturn = SPNEGO_E_SUCCESS;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow int nCtr = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nElementLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow long nActualTokenLength = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow unsigned char* pbElements = NULL;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Point to the correct array

4bff34e37def8a90f9194d81bc345c52ba20086athurlow switch( pSpnegoToken->ucTokenType )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow case SPNEGO_TOKEN_INIT:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbElements = abNegTokenInitElements;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow case SPNEGO_TOKEN_TARG:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbElements = abNegTokenTargElements;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // SWITCH tokentype

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Enumerate the element arrays and look for the tokens at our current location

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow for ( nCtr = 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow SPNEGO_E_SUCCESS == nReturn &&

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nCtr < MAX_NUM_TOKEN_ELEMENTS &&

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nRemainingTokenLength > 0L;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nCtr++ )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Check if the token exists

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( ( nReturn = ASNDerCheckToken( pbTokenData, pbElements[nCtr],

4bff34e37def8a90f9194d81bc345c52ba20086athurlow 0L, nRemainingTokenLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &nElementLength, &nActualTokenLength ) )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow == SPNEGO_E_SUCCESS )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Token data should skip over the sequence token and then

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // call the appropriate function to initialize the element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbTokenData += nActualTokenLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Lengths in the elements should NOT go beyond the element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // length

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Different tokens mean different elements

4bff34e37def8a90f9194d81bc345c52ba20086athurlow if ( SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Handle each element as appropriate

4bff34e37def8a90f9194d81bc345c52ba20086athurlow switch( pbElements[nCtr] )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow case SPNEGO_NEGINIT_ELEMENT_MECHTYPES:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // This is a Mech List that specifies which OIDs the

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // originator of the Init Token supports.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = GetSpnegoInitTokenMechList( pbTokenData, nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &pSpnegoToken->aElementArray[nCtr] );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow case SPNEGO_NEGINIT_ELEMENT_REQFLAGS:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // This is a BITSTRING which specifies the flags that the receiver

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // pass to the gss_accept_sec_context() function.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow BITSTRING, spnego_init_reqFlags,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &pSpnegoToken->aElementArray[nCtr] );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow case SPNEGO_NEGINIT_ELEMENT_MECHTOKEN:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // This is an OCTETSTRING which contains a GSSAPI token corresponding

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // to the first OID in the MechList.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow OCTETSTRING, spnego_init_mechToken,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &pSpnegoToken->aElementArray[nCtr] );

12b65585e720714b31036daaa2b30eb76014048eGordon Ross }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

12b65585e720714b31036daaa2b30eb76014048eGordon Ross case SPNEGO_NEGINIT_ELEMENT_MECHLISTMIC: // xA3

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // Don't yet know if this is a negTokenInit, or negTokenInit2.

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // Unfortunately, both have the same type: SPNEGO_TOKEN_INIT

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // If it's negTokenInit, this element should be an OCTETSTRING

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // containing the MIC. If it's a negTokenInit2, this element

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // should be an SPNEGO_CONSTRUCTED_SEQUENCE containing the

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // negHints (GENERALSTR, ignored)

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross OCTETSTRING, spnego_init_mechListMIC,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross &pSpnegoToken->aElementArray[nCtr] );

12b65585e720714b31036daaa2b30eb76014048eGordon Ross

12b65585e720714b31036daaa2b30eb76014048eGordon Ross if (nReturn == SPNEGO_E_UNEXPECTED_TYPE) {

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // This is really a negHints element. Check the type and length,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // but otherwise just ignore it.

12b65585e720714b31036daaa2b30eb76014048eGordon Ross long elen, tlen;

12b65585e720714b31036daaa2b30eb76014048eGordon Ross nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_CONSTRUCTED_SEQUENCE,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross nElementLength, nElementLength,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross &elen, &tlen );

12b65585e720714b31036daaa2b30eb76014048eGordon Ross }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // SWITCH Element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow else

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

12b65585e720714b31036daaa2b30eb76014048eGordon Ross /* pSpnegoToken->ucTokenType == SPNEGO_TOKEN_TARG */

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow switch( pbElements[nCtr] )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow case SPNEGO_NEGTARG_ELEMENT_NEGRESULT:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // This is an ENUMERATION which specifies result of the last GSS

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // token negotiation call.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow ENUMERATED, spnego_targ_negResult,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &pSpnegoToken->aElementArray[nCtr] );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow case SPNEGO_NEGTARG_ELEMENT_SUPPORTEDMECH:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // This is an OID which specifies a supported mechanism.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = InitSpnegoTokenElementFromOID( pbTokenData, nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow spnego_targ_mechListMIC,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &pSpnegoToken->aElementArray[nCtr] );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow case SPNEGO_NEGTARG_ELEMENT_RESPONSETOKEN:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // This is an OCTETSTRING which specifies results of the last GSS

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // token negotiation call.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow OCTETSTRING, spnego_targ_responseToken,

4bff34e37def8a90f9194d81bc345c52ba20086athurlow &pSpnegoToken->aElementArray[nCtr] );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow case SPNEGO_NEGTARG_ELEMENT_MECHLISTMIC:

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // This is an OCTETSTRING, typically 16 bytes,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross // which contains a message integrity BLOB.

4bff34e37def8a90f9194d81bc345c52ba20086athurlow //

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross OCTETSTRING, spnego_targ_mechListMIC,

12b65585e720714b31036daaa2b30eb76014048eGordon Ross &pSpnegoToken->aElementArray[nCtr] );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow break;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // SWITCH Element

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // ELSE !NegTokenInit

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Account for the entire token and following data

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nRemainingTokenLength -= ( nActualTokenLength + nElementLength );

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // Token data should skip past the element length now

4bff34e37def8a90f9194d81bc345c52ba20086athurlow pbTokenData += nElementLength;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // IF Token found

4bff34e37def8a90f9194d81bc345c52ba20086athurlow else if ( SPNEGO_E_TOKEN_NOT_FOUND == nReturn )

4bff34e37def8a90f9194d81bc345c52ba20086athurlow {

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // For now, this is a benign error (remember, all elements are optional, so

4bff34e37def8a90f9194d81bc345c52ba20086athurlow // if we don't find one, it's okay).

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow nReturn = SPNEGO_E_SUCCESS;

4bff34e37def8a90f9194d81bc345c52ba20086athurlow }

4bff34e37def8a90f9194d81bc345c52ba20086athurlow

4bff34e37def8a90f9194d81bc345c52ba20086athurlow } // FOR enum elements

4bff34e37def8a90f9194d81bc345c52ba20086athurlow