1
/* -----------------------------------------------------------------------------
2
* spnegohelp.c defines RFC 2478 SPNEGO GSS-API mechanism APIs.
4
* Author: Frank Balluffi
6
* Copyright (C) 2002-2003 All rights reserved.
8
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation; either version 2 of the License, or
11
* (at your option) any later version.
13
* This program is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU General Public License for more details.
18
* You should have received a copy of the GNU General Public License
19
* along with this program; if not, write to the Free Software
20
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
22
* -----------------------------------------------------------------------------
25
#include "spnegohelp.h"
30
int makeNegTokenTarg (const unsigned char * kerberosToken,
31
size_t kerberosTokenLength,
32
const unsigned char ** negTokenTarg,
33
size_t * negTokenTargLength)
35
SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;
37
int rc2 = SPNEGO_E_SUCCESS;
39
/* Check arguments. */
46
/* Does IIS reply with 1.2.840.48018.1.2.2 or 1.2.840.113554.1.2.2? */
48
/* Does IIS always reply with accept_completed? */
50
/* IIS does not include a MIC. */
52
rc2 = spnegoCreateNegTokenTarg (spnego_mech_oid_Kerberos_V5_Legacy,
53
spnego_negresult_success,
54
(unsigned char *) kerberosToken,
60
if (rc2 != SPNEGO_E_SUCCESS)
66
/* Get NegTokenTarg length. */
68
rc2 = spnegoTokenGetBinary (hSpnegoToken,
70
(unsigned long*) negTokenTargLength);
72
if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL)
78
*negTokenTarg = malloc (*negTokenTargLength);
86
/* Get NegTokenTarg data. */
88
rc2 = spnegoTokenGetBinary (hSpnegoToken,
89
(unsigned char *) *negTokenTarg,
90
(unsigned long*) negTokenTargLength);
93
if (rc2 != SPNEGO_E_SUCCESS)
107
free ((unsigned char *) *negTokenTarg);
108
*negTokenTarg = NULL;
109
*negTokenTargLength = 0;
115
spnegoFreeData (hSpnegoToken);
117
LOG(("makeNegTokenTarg returned %d\n",rc1));
121
int parseNegTokenInit (const unsigned char * negTokenInit,
122
size_t negTokenInitLength,
123
const unsigned char ** kerberosToken,
124
size_t * kerberosTokenLength)
126
SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;
129
int rc2 = SPNEGO_E_SUCCESS;
130
unsigned char reqFlags = 0;
133
/* Check arguments. */
137
!kerberosTokenLength)
140
/* Decode SPNEGO token. */
142
rc2 = spnegoInitFromBinary ((unsigned char *) negTokenInit,
146
if (rc2 != SPNEGO_E_SUCCESS)
152
/* Check for negTokenInit choice. */
154
rc2 = spnegoGetTokenType (hSpnegoToken,
157
if (rc2 != SPNEGO_E_SUCCESS)
163
if (tokenType != SPNEGO_TOKEN_INIT)
170
Check that first mechType is 1.2.840.113554.1.2.2 or 1.2.840.48018.1.2.2.
174
IE seems to reply with 1.2.840.48018.1.2.2 and then 1.2.840.113554.1.2.2.
177
rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,
178
spnego_mech_oid_Kerberos_V5_Legacy,
181
if (rc2 != SPNEGO_E_SUCCESS ||
184
rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,
185
spnego_mech_oid_Kerberos_V5,
188
if (rc2 != SPNEGO_E_SUCCESS ||
196
/* Check for no reqFlags. */
198
/* Does IE ever send reqFlags? */
200
rc2 = spnegoGetContextFlags (hSpnegoToken,
203
if (rc2 == SPNEGO_E_SUCCESS)
209
/* Get mechanism token length. */
211
rc2 = spnegoGetMechToken (hSpnegoToken,
213
(unsigned long*) kerberosTokenLength);
215
if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL)
221
*kerberosToken = malloc (*kerberosTokenLength);
229
/* Get mechanism token data. */
231
rc2 = spnegoGetMechToken (hSpnegoToken,
232
(unsigned char *) *kerberosToken,
233
(unsigned long*) kerberosTokenLength);
235
if (rc2 != SPNEGO_E_SUCCESS)
241
/* According to Microsoft, IE does not send a MIC. */
251
free ((unsigned char *) *kerberosToken);
252
*kerberosToken = NULL;
253
*kerberosTokenLength = 0;
259
spnegoFreeData (hSpnegoToken);
261
LOG(("parseNegTokenInit returned %d\n",rc1));
1
/* -----------------------------------------------------------------------------
2
* spnegohelp.c defines RFC 2478 SPNEGO GSS-API mechanism APIs.
4
* Author: Frank Balluffi
6
* Copyright (C) 2002-2003 All rights reserved.
8
* This program is free software; you can redistribute it and/or modify
9
* it under the terms of the GNU General Public License as published by
10
* the Free Software Foundation; either version 2 of the License, or
11
* (at your option) any later version.
13
* This program is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU General Public License for more details.
18
* You should have received a copy of the GNU General Public License
19
* along with this program; if not, write to the Free Software
20
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
22
* -----------------------------------------------------------------------------
25
#include "spnegohelp.h"
30
int makeNegTokenTarg (const unsigned char * kerberosToken,
31
size_t kerberosTokenLength,
32
const unsigned char ** negTokenTarg,
33
size_t * negTokenTargLength)
35
SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;
37
int rc2 = SPNEGO_E_SUCCESS;
39
/* Check arguments. */
46
/* Does IIS reply with 1.2.840.48018.1.2.2 or 1.2.840.113554.1.2.2? */
48
/* Does IIS always reply with accept_completed? */
50
/* IIS does not include a MIC. */
52
rc2 = spnegoCreateNegTokenTarg (spnego_mech_oid_Kerberos_V5_Legacy,
53
spnego_negresult_success,
54
(unsigned char *) kerberosToken,
60
if (rc2 != SPNEGO_E_SUCCESS) {
65
/* Get NegTokenTarg length. */
67
rc2 = spnegoTokenGetBinary (hSpnegoToken,
69
(unsigned long*) negTokenTargLength);
71
if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL) {
76
*negTokenTarg = malloc (*negTokenTargLength);
83
/* Get NegTokenTarg data. */
85
rc2 = spnegoTokenGetBinary (hSpnegoToken,
86
(unsigned char *) *negTokenTarg,
87
(unsigned long*) negTokenTargLength);
90
if (rc2 != SPNEGO_E_SUCCESS) {
102
free ((unsigned char *) *negTokenTarg);
103
*negTokenTarg = NULL;
104
*negTokenTargLength = 0;
110
spnegoFreeData (hSpnegoToken);
112
LOG(("makeNegTokenTarg returned %d\n",rc1));
116
int parseNegTokenInit (const unsigned char * negTokenInit,
117
size_t negTokenInitLength,
118
const unsigned char ** kerberosToken,
119
size_t * kerberosTokenLength)
121
SPNEGO_TOKEN_HANDLE hSpnegoToken = NULL;
124
int rc2 = SPNEGO_E_SUCCESS;
125
unsigned char reqFlags = 0;
128
/* Check arguments. */
132
!kerberosTokenLength)
135
/* Decode SPNEGO token. */
137
rc2 = spnegoInitFromBinary ((unsigned char *) negTokenInit,
141
if (rc2 != SPNEGO_E_SUCCESS) {
146
/* Check for negTokenInit choice. */
148
rc2 = spnegoGetTokenType (hSpnegoToken,
151
if (rc2 != SPNEGO_E_SUCCESS) {
156
if (tokenType != SPNEGO_TOKEN_INIT) {
162
Check that first mechType is 1.2.840.113554.1.2.2 or 1.2.840.48018.1.2.2.
166
IE seems to reply with 1.2.840.48018.1.2.2 and then 1.2.840.113554.1.2.2.
169
rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,
170
spnego_mech_oid_Kerberos_V5_Legacy,
173
if (rc2 != SPNEGO_E_SUCCESS ||
175
rc2 = spnegoIsMechTypeAvailable (hSpnegoToken,
176
spnego_mech_oid_Kerberos_V5,
179
if (rc2 != SPNEGO_E_SUCCESS ||
186
/* Check for no reqFlags. */
188
/* Does IE ever send reqFlags? */
190
rc2 = spnegoGetContextFlags (hSpnegoToken,
193
if (rc2 == SPNEGO_E_SUCCESS) {
198
/* Get mechanism token length. */
200
rc2 = spnegoGetMechToken (hSpnegoToken,
202
(unsigned long*) kerberosTokenLength);
204
if (rc2 != SPNEGO_E_BUFFER_TOO_SMALL) {
209
*kerberosToken = malloc (*kerberosTokenLength);
211
if (!*kerberosToken) {
216
/* Get mechanism token data. */
218
rc2 = spnegoGetMechToken (hSpnegoToken,
219
(unsigned char *) *kerberosToken,
220
(unsigned long*) kerberosTokenLength);
222
if (rc2 != SPNEGO_E_SUCCESS) {
227
/* According to Microsoft, IE does not send a MIC. */
235
if (*kerberosToken) {
236
free ((unsigned char *) *kerberosToken);
237
*kerberosToken = NULL;
238
*kerberosTokenLength = 0;
244
spnegoFreeData (hSpnegoToken);
246
LOG(("parseNegTokenInit returned %d\n",rc1));
added
removed
helpers/negotiate_auth/squid_kerb_auth/spnegohelp/spnegohelp.c
