gss_init_sec_context.c [plain text]
#include "mech_locl.h"
static gss_cred_id_t
_gss_mech_cred_find(gss_cred_id_t cred_handle, gss_OID mech_type)
{
struct _gss_cred *cred = (struct _gss_cred *)cred_handle;
struct _gss_mechanism_cred *mc;
if (cred == NULL)
return GSS_C_NO_CREDENTIAL;
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
if (gss_oid_equal(mech_type, mc->gmc_mech_oid))
return mc->gmc_cred;
}
return GSS_C_NO_CREDENTIAL;
}
static void
log_init_sec_context(struct _gss_context *ctx,
struct _gss_name *target,
OM_uint32 req_flags,
struct _gss_cred *cred,
gss_OID mech_type,
gss_buffer_t input_token)
{
gssapi_mech_interface m;
if (ctx)
m = ctx->gc_mech;
else
m = __gss_get_mechanism(mech_type);
if (m == NULL)
return;
mech_type = &m->gm_mech_oid;
_gss_mg_log(1, "gss_isc: %s %sfirst flags %08x, %s cred, %stoken",
m->gm_name,
(ctx == NULL) ? "" : "not ",
req_flags,
(cred != NULL) ? "specific" : "default",
(input_token != NULL && input_token->length) ? "" : "no ");
if (cred) {
struct _gss_mechanism_cred *mc;
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
_gss_mg_log(1, "gss_isc: cred: %s", mc->gmc_mech->gm_name);
}
}
_gss_mg_log_name(1, target, mech_type, "gss_isc: target");
}
OM_uint32 GSSAPI_LIB_FUNCTION
gss_init_sec_context(OM_uint32 * minor_status,
const gss_cred_id_t initiator_cred_handle,
gss_ctx_id_t * context_handle,
const gss_name_t target_name,
const gss_OID input_mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
const gss_channel_bindings_t input_chan_bindings,
const gss_buffer_t input_token,
gss_OID * actual_mech_type,
gss_buffer_t output_token,
OM_uint32 * ret_flags,
OM_uint32 * time_rec)
{
OM_uint32 major_status;
gssapi_mech_interface m;
struct _gss_name *name = (struct _gss_name *) target_name;
struct _gss_mechanism_name *mn;
struct _gss_context *ctx = (struct _gss_context *) *context_handle;
gss_cred_id_t cred_handle;
int allocated_ctx;
gss_OID mech_type = input_mech_type;
*minor_status = 0;
_mg_buffer_zero(output_token);
if (actual_mech_type)
*actual_mech_type = GSS_C_NO_OID;
if (ret_flags)
*ret_flags = 0;
if (time_rec)
*time_rec = 0;
if (mech_type == NULL)
mech_type = GSS_KRB5_MECHANISM;
if (_gss_mg_log_level(1))
log_init_sec_context(ctx, name, req_flags,
(struct _gss_cred *)initiator_cred_handle,
input_mech_type, input_token);
if (!ctx) {
ctx = malloc(sizeof(struct _gss_context));
if (!ctx) {
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
memset(ctx, 0, sizeof(struct _gss_context));
m = ctx->gc_mech = __gss_get_mechanism(mech_type);
if (!m) {
free(ctx);
*minor_status = 0;
gss_mg_set_error_string(mech_type, GSS_S_BAD_MECH,
*minor_status,
"Asked for mechanism isn'ted supported");
return GSS_S_BAD_MECH;
}
allocated_ctx = 1;
} else {
m = ctx->gc_mech;
mech_type = &ctx->gc_mech->gm_mech_oid;
allocated_ctx = 0;
}
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (major_status != GSS_S_COMPLETE) {
if (allocated_ctx)
free(ctx);
return major_status;
}
if (m->gm_flags & GM_USE_MG_CRED)
cred_handle = initiator_cred_handle;
else if (initiator_cred_handle) {
cred_handle = _gss_mech_cred_find(initiator_cred_handle, mech_type);
if (cred_handle == GSS_C_NO_CREDENTIAL) {
*minor_status = 0;
if (allocated_ctx)
free(ctx);
gss_mg_set_error_string(mech_type, GSS_S_UNAVAILABLE,
*minor_status,
"Credential for asked mech-type "
"mech not found in the "
"credential handle");
return GSS_S_UNAVAILABLE;
}
} else {
cred_handle = GSS_C_NO_CREDENTIAL;
}
major_status = m->gm_init_sec_context(minor_status,
cred_handle,
&ctx->gc_ctx,
mn ? mn->gmn_name : GSS_C_NO_NAME,
mech_type,
req_flags,
time_req,
input_chan_bindings,
input_token,
actual_mech_type,
output_token,
ret_flags,
time_rec);
if (major_status != GSS_S_COMPLETE
&& major_status != GSS_S_CONTINUE_NEEDED) {
if (allocated_ctx)
free(ctx);
_mg_buffer_zero(output_token);
_gss_mg_error(m, *minor_status);
} else {
*context_handle = (gss_ctx_id_t) ctx;
}
_gss_mg_log(1, "gss_isc: maj_stat: %d/%d", (int)major_status,
(int)*minor_status);
return (major_status);
}