Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/openldap/dist/libraries/libldap Put back gssapi.c
details: https://anonhg.NetBSD.org/src/rev/210a2757a0b6
branches: trunk
changeset: 1022918:210a2757a0b6
user: christos <christos%NetBSD.org@localhost>
date: Sat Aug 14 16:15:46 2021 +0000
description:
Put back gssapi.c
diffstat:
external/bsd/openldap/dist/libraries/libldap/gssapi.c | 1015 +++++++++++++++++
1 files changed, 1015 insertions(+), 0 deletions(-)
diffs (truncated from 1019 to 300 lines):
diff -r 1a98ba3f5c74 -r 210a2757a0b6 external/bsd/openldap/dist/libraries/libldap/gssapi.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/openldap/dist/libraries/libldap/gssapi.c Sat Aug 14 16:15:46 2021 +0000
@@ -0,0 +1,1015 @@
+/* $NetBSD: gssapi.c,v 1.4 2021/08/14 16:15:46 christos Exp $ */
+
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2020 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Author: Stefan Metzmacher <metze%sernet.de@localhost>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: gssapi.c,v 1.4 2021/08/14 16:15:46 christos Exp $");
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "ldap-int.h"
+
+#ifdef HAVE_GSSAPI
+
+#ifdef HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#else
+#include <gssapi.h>
+#endif
+
+static char *
+gsserrstr(
+ char *buf,
+ ber_len_t buf_len,
+ gss_OID mech,
+ int gss_rc,
+ OM_uint32 minor_status )
+{
+ OM_uint32 min2;
+ gss_buffer_desc mech_msg = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc gss_msg = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc minor_msg = GSS_C_EMPTY_BUFFER;
+ OM_uint32 msg_ctx = 0;
+
+ if (buf == NULL) {
+ return NULL;
+ }
+
+ if (buf_len == 0) {
+ return NULL;
+ }
+
+#ifdef HAVE_GSS_OID_TO_STR
+ gss_oid_to_str(&min2, mech, &mech_msg);
+#endif
+ gss_display_status(&min2, gss_rc, GSS_C_GSS_CODE,
+ mech, &msg_ctx, &gss_msg);
+ gss_display_status(&min2, minor_status, GSS_C_MECH_CODE,
+ mech, &msg_ctx, &minor_msg);
+
+ snprintf(buf, buf_len, "gss_rc[%d:%*s] mech[%*s] minor[%u:%*s]",
+ gss_rc, (int)gss_msg.length,
+ (const char *)(gss_msg.value?gss_msg.value:""),
+ (int)mech_msg.length,
+ (const char *)(mech_msg.value?mech_msg.value:""),
+ minor_status, (int)minor_msg.length,
+ (const char *)(minor_msg.value?minor_msg.value:""));
+
+ gss_release_buffer(&min2, &mech_msg);
+ gss_release_buffer(&min2, &gss_msg);
+ gss_release_buffer(&min2, &minor_msg);
+
+ buf[buf_len-1] = '\0';
+
+ return buf;
+}
+
+static void
+sb_sasl_gssapi_init(
+ struct sb_sasl_generic_data *p,
+ ber_len_t *min_send,
+ ber_len_t *max_send,
+ ber_len_t *max_recv )
+{
+ gss_ctx_id_t gss_ctx = (gss_ctx_id_t)p->ops_private;
+ int gss_rc;
+ OM_uint32 minor_status;
+ gss_OID ctx_mech = GSS_C_NO_OID;
+ OM_uint32 ctx_flags = 0;
+ int conf_req_flag = 0;
+ OM_uint32 max_input_size;
+
+ gss_inquire_context(&minor_status,
+ gss_ctx,
+ NULL,
+ NULL,
+ NULL,
+ &ctx_mech,
+ &ctx_flags,
+ NULL,
+ NULL);
+
+ if (ctx_flags & (GSS_C_CONF_FLAG)) {
+ conf_req_flag = 1;
+ }
+
+#if defined(HAVE_CYRUS_SASL)
+#define SEND_PREALLOC_SIZE SASL_MIN_BUFF_SIZE
+#else
+#define SEND_PREALLOC_SIZE 4096
+#endif
+#define SEND_MAX_WIRE_SIZE 0x00A00000
+#define RECV_MAX_WIRE_SIZE 0x0FFFFFFF
+#define FALLBACK_SEND_MAX_SIZE 0x009FFFB8 /* from MIT 1.5.x */
+
+ gss_rc = gss_wrap_size_limit(&minor_status, gss_ctx,
+ conf_req_flag, GSS_C_QOP_DEFAULT,
+ SEND_MAX_WIRE_SIZE, &max_input_size);
+ if ( gss_rc != GSS_S_COMPLETE ) {
+ char msg[256];
+ ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_gssapi_init: failed to wrap size limit: %s\n",
+ gsserrstr( msg, sizeof(msg), ctx_mech, gss_rc, minor_status ) );
+ ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_gssapi_init: fallback to default wrap size limit\n");
+ /*
+ * some libgssglue/libgssapi versions
+ * have a broken gss_wrap_size_limit()
+ * implementation
+ */
+ max_input_size = FALLBACK_SEND_MAX_SIZE;
+ }
+
+ *min_send = SEND_PREALLOC_SIZE;
+ *max_send = max_input_size;
+ *max_recv = RECV_MAX_WIRE_SIZE;
+}
+
+static ber_int_t
+sb_sasl_gssapi_encode(
+ struct sb_sasl_generic_data *p,
+ unsigned char *buf,
+ ber_len_t len,
+ Sockbuf_Buf *dst )
+{
+ gss_ctx_id_t gss_ctx = (gss_ctx_id_t)p->ops_private;
+ int gss_rc;
+ OM_uint32 minor_status;
+ gss_buffer_desc unwrapped, wrapped;
+ gss_OID ctx_mech = GSS_C_NO_OID;
+ OM_uint32 ctx_flags = 0;
+ int conf_req_flag = 0;
+ int conf_state;
+ unsigned char *b;
+ ber_len_t pkt_len;
+
+ unwrapped.value = buf;
+ unwrapped.length = len;
+
+ gss_inquire_context(&minor_status,
+ gss_ctx,
+ NULL,
+ NULL,
+ NULL,
+ &ctx_mech,
+ &ctx_flags,
+ NULL,
+ NULL);
+
+ if (ctx_flags & (GSS_C_CONF_FLAG)) {
+ conf_req_flag = 1;
+ }
+
+ gss_rc = gss_wrap(&minor_status, gss_ctx,
+ conf_req_flag, GSS_C_QOP_DEFAULT,
+ &unwrapped, &conf_state,
+ &wrapped);
+ if ( gss_rc != GSS_S_COMPLETE ) {
+ char msg[256];
+ ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_gssapi_encode: failed to encode packet: %s\n",
+ gsserrstr( msg, sizeof(msg), ctx_mech, gss_rc, minor_status ) );
+ return -1;
+ }
+
+ if ( conf_req_flag && conf_state == 0 ) {
+ ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_gssapi_encode: GSS_C_CONF_FLAG was ignored by our gss_wrap()\n" );
+ return -1;
+ }
+
+ pkt_len = 4 + wrapped.length;
+
+ /* Grow the packet buffer if neccessary */
+ if ( dst->buf_size < pkt_len &&
+ ber_pvt_sb_grow_buffer( dst, pkt_len ) < 0 )
+ {
+ ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_gssapi_encode: failed to grow the buffer to %lu bytes\n",
+ pkt_len );
+ return -1;
+ }
+
+ dst->buf_end = pkt_len;
+
+ b = (unsigned char *)dst->buf_base;
+
+ b[0] = (unsigned char)(wrapped.length >> 24);
+ b[1] = (unsigned char)(wrapped.length >> 16);
+ b[2] = (unsigned char)(wrapped.length >> 8);
+ b[3] = (unsigned char)(wrapped.length >> 0);
+
+ /* copy the wrapped blob to the right location */
+ memcpy(b + 4, wrapped.value, wrapped.length);
+
+ gss_release_buffer(&minor_status, &wrapped);
+
+ return 0;
+}
+
+static ber_int_t
+sb_sasl_gssapi_decode(
+ struct sb_sasl_generic_data *p,
+ const Sockbuf_Buf *src,
+ Sockbuf_Buf *dst )
+{
+ gss_ctx_id_t gss_ctx = (gss_ctx_id_t)p->ops_private;
+ int gss_rc;
+ OM_uint32 minor_status;
+ gss_buffer_desc unwrapped, wrapped;
+ gss_OID ctx_mech = GSS_C_NO_OID;
+ OM_uint32 ctx_flags = 0;
+ int conf_req_flag = 0;
+ int conf_state;
+ unsigned char *b;
+
+ wrapped.value = src->buf_base + 4;
+ wrapped.length = src->buf_end - 4;
+
+ gss_inquire_context(&minor_status,
+ gss_ctx,
+ NULL,
+ NULL,
+ NULL,
+ &ctx_mech,
+ &ctx_flags,
+ NULL,
+ NULL);
+
+ if (ctx_flags & (GSS_C_CONF_FLAG)) {
+ conf_req_flag = 1;
+ }
+
+ gss_rc = gss_unwrap(&minor_status, gss_ctx,
+ &wrapped, &unwrapped,
+ &conf_state, GSS_C_QOP_DEFAULT);
+ if ( gss_rc != GSS_S_COMPLETE ) {
+ char msg[256];
+ ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_gssapi_decode: failed to decode packet: %s\n",
+ gsserrstr( msg, sizeof(msg), ctx_mech, gss_rc, minor_status ) );
+ return -1;
+ }
+
+ if ( conf_req_flag && conf_state == 0 ) {
+ ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_gssapi_encode: GSS_C_CONF_FLAG was ignored by our peer\n" );
+ return -1;
+ }
+
+ /* Grow the packet buffer if neccessary */
+ if ( dst->buf_size < unwrapped.length &&
+ ber_pvt_sb_grow_buffer( dst, unwrapped.length ) < 0 )
+ {
+ ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+ "sb_sasl_gssapi_decode: failed to grow the buffer to %lu bytes\n",
+ unwrapped.length );
+ return -1;
Home |
Main Index |
Thread Index |
Old Index