summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/lib/gssapi/netlogon
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
commit4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree8ce7b00f7a76baa386372422adebbe64510812d4 /third_party/heimdal/lib/gssapi/netlogon
parentInitial commit. (diff)
downloadsamba-upstream.tar.xz
samba-upstream.zip
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/heimdal/lib/gssapi/netlogon')
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/accept_sec_context.c89
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c186
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/add_cred.c89
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/canonicalize_name.c46
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/compare_name.c61
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/context_time.c47
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/crypto.c733
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/delete_sec_context.c62
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/display_name.c67
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/display_status.c55
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/duplicate_cred.c54
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/duplicate_name.c77
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/export_name.c45
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/export_sec_context.c50
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/external.c111
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/import_name.c94
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/import_sec_context.c50
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/indicate_mechs.c48
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/init_sec_context.c289
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/inquire_context.c76
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/inquire_cred.c68
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/inquire_cred_by_mech.c66
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/inquire_mechs_for_name.c48
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/inquire_names_for_mech.c58
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/iter_cred.c44
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/netlogon.h150
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/process_context_token.c46
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/regen.sh3
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/release_cred.c54
-rw-r--r--third_party/heimdal/lib/gssapi/netlogon/release_name.c54
30 files changed, 2920 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/gssapi/netlogon/accept_sec_context.c b/third_party/heimdal/lib/gssapi/netlogon/accept_sec_context.c
new file mode 100644
index 0000000..06ddfd5
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/accept_sec_context.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+/*
+ * Not implemented: this is needed only by domain controllers.
+ */
+
+OM_uint32
+_netlogon_accept_sec_context
+(OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
+ const gss_buffer_t input_token_buffer,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_name_t * src_name,
+ gss_OID * mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec,
+ gss_cred_id_t * delegated_cred_handle
+ )
+{
+
+ output_token->value = NULL;
+ output_token->length = 0;
+
+ *minor_status = 0;
+
+ if (context_handle == NULL)
+ return GSS_S_FAILURE;
+
+ if (input_token_buffer == GSS_C_NO_BUFFER)
+ return GSS_S_FAILURE;
+
+ if (src_name)
+ *src_name = GSS_C_NO_NAME;
+ if (mech_type)
+ *mech_type = GSS_C_NO_OID;
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = 0;
+ if (delegated_cred_handle)
+ *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ } else {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ return GSS_S_UNAVAILABLE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c b/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c
new file mode 100644
index 0000000..d790d08
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/acquire_cred.c
@@ -0,0 +1,186 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+#include <gssapi_spi.h>
+
+OM_uint32
+_netlogon_acquire_cred(OM_uint32 * min_stat,
+ gss_const_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t * output_cred_handle,
+ gss_OID_set * actual_mechs,
+ OM_uint32 * time_rec)
+{
+ OM_uint32 ret;
+ gssnetlogon_cred cred;
+
+ /* only initiator support so far */
+ if (cred_usage != GSS_C_INITIATE)
+ return GSS_S_FAILURE;
+
+ if (desired_name == GSS_C_NO_NAME)
+ return GSS_S_BAD_NAME;
+
+ cred = (gssnetlogon_cred)calloc(1, sizeof(*cred));
+ if (cred == NULL) {
+ *min_stat = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ cred->SignatureAlgorithm = NL_SIGN_ALG_HMAC_MD5;
+ cred->SealAlgorithm = NL_SEAL_ALG_RC4;
+
+ ret = _netlogon_duplicate_name(min_stat, desired_name,
+ (gss_name_t *)&cred->Name);
+ if (GSS_ERROR(ret)) {
+ free(cred);
+ return ret;
+ }
+
+ *output_cred_handle = (gss_cred_id_t)cred;
+ if (actual_mechs != NULL)
+ *actual_mechs = GSS_C_NO_OID_SET;
+ if (time_rec != NULL)
+ *time_rec = GSS_C_INDEFINITE;
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_netlogon_acquire_cred_ex(gss_status_id_t status,
+ gss_const_name_t desired_name,
+ OM_uint32 flags,
+ OM_uint32 time_req,
+ gss_cred_usage_t cred_usage,
+ gss_auth_identity_t identity,
+ void *ctx,
+ void (*complete)(void *, OM_uint32, gss_status_id_t, gss_cred_id_t, OM_uint32))
+{
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ * value contains 16 byte session key
+ */
+static OM_uint32
+_netlogon_set_session_key(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_buffer_t value)
+{
+ gssnetlogon_cred cred;
+
+ if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ cred = (gssnetlogon_cred)*cred_handle;
+
+ if (value->length != sizeof(cred->SessionKey)) {
+ *minor_status = ERANGE;
+ return GSS_S_FAILURE;
+ }
+
+ memcpy(cred->SessionKey, value->value, value->length);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+/*
+ * value contains 16 bit little endian encoded seal algorithm
+ */
+static OM_uint32
+_netlogon_set_sign_algorithm(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_buffer_t value)
+{
+ gssnetlogon_cred cred;
+ uint16_t alg;
+ const uint8_t *p;
+
+ if (*cred_handle == GSS_C_NO_CREDENTIAL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ cred = (gssnetlogon_cred)*cred_handle;
+
+ if (value->length != 2) {
+ *minor_status = ERANGE;
+ return GSS_S_FAILURE;
+ }
+
+ p = (const uint8_t *)value->value;
+ alg = (p[0] << 0) | (p[1] << 8);
+
+ if (alg != NL_SIGN_ALG_HMAC_MD5 && alg != NL_SIGN_ALG_SHA256) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ cred->SignatureAlgorithm = alg;
+ if (alg == NL_SIGN_ALG_SHA256)
+ cred->SealAlgorithm = NL_SEAL_ALG_AES128;
+ else
+ cred->SealAlgorithm = NL_SEAL_ALG_RC4;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_netlogon_set_cred_option
+ (OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ if (value == GSS_C_NO_BUFFER) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ if (gss_oid_equal(desired_object, GSS_NETLOGON_SET_SESSION_KEY_X))
+ return _netlogon_set_session_key(minor_status, cred_handle, value);
+ else if (gss_oid_equal(desired_object, GSS_NETLOGON_SET_SIGN_ALGORITHM_X))
+ return _netlogon_set_sign_algorithm(minor_status, cred_handle, value);
+
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/add_cred.c b/third_party/heimdal/lib/gssapi/netlogon/add_cred.c
new file mode 100644
index 0000000..0222303
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/add_cred.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_add_cred (
+ OM_uint32 *minor_status,
+ gss_const_cred_id_t input_cred_handle,
+ gss_const_name_t desired_name,
+ const gss_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ OM_uint32 initiator_time_req,
+ OM_uint32 acceptor_time_req,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *initiator_time_rec,
+ OM_uint32 *acceptor_time_rec)
+{
+ OM_uint32 ret;
+ int equal;
+ const gssnetlogon_cred src = (const gssnetlogon_cred)input_cred_handle;
+ gssnetlogon_cred dst;
+
+ if (desired_name != GSS_C_NO_NAME) {
+ if (input_cred_handle != GSS_C_NO_CREDENTIAL) {
+ ret = _netlogon_compare_name(minor_status, desired_name,
+ (gss_name_t)src->Name, &equal);
+ if (GSS_ERROR(ret))
+ return ret;
+
+ if (!equal)
+ return GSS_S_BAD_NAME;
+ }
+ }
+
+ ret = _netlogon_acquire_cred(minor_status,
+ input_cred_handle ? (gss_name_t)src->Name : desired_name,
+ initiator_time_req, GSS_C_NO_OID_SET, cred_usage,
+ output_cred_handle, actual_mechs, initiator_time_rec);
+ if (GSS_ERROR(ret))
+ return ret;
+
+ dst = (gssnetlogon_cred)*output_cred_handle;
+
+ if (src != NULL) {
+ dst->SignatureAlgorithm = src->SignatureAlgorithm;
+ dst->SealAlgorithm = src->SealAlgorithm;
+
+ memcpy(dst->SessionKey, src->SessionKey, sizeof(src->SessionKey));
+ }
+
+ if (acceptor_time_rec != NULL)
+ *acceptor_time_rec = 0;
+
+ return GSS_S_COMPLETE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/canonicalize_name.c b/third_party/heimdal/lib/gssapi/netlogon/canonicalize_name.c
new file mode 100644
index 0000000..1e8087a
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/canonicalize_name.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_canonicalize_name (
+ OM_uint32 * minor_status,
+ gss_const_name_t input_name,
+ const gss_OID mech_type,
+ gss_name_t * output_name
+ )
+{
+ return _netlogon_duplicate_name(minor_status, input_name, output_name);
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/compare_name.c b/third_party/heimdal/lib/gssapi/netlogon/compare_name.c
new file mode 100644
index 0000000..986c3b0
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/compare_name.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_compare_name
+ (OM_uint32 * minor_status,
+ gss_const_name_t name1,
+ gss_const_name_t name2,
+ int * name_equal
+ )
+{
+ const gssnetlogon_name n1 = (const gssnetlogon_name)name1;
+ const gssnetlogon_name n2 = (const gssnetlogon_name)name2;
+
+ *name_equal = 0;
+
+ if (n1->NetbiosName.value != NULL && n2->NetbiosName.value != NULL)
+ *name_equal = (strcasecmp((char *)n1->NetbiosName.value,
+ (char *)n2->NetbiosName.value) == 0);
+
+ if (n1->DnsName.value != NULL && n2->DnsName.value != NULL)
+ *name_equal = (strcasecmp((char *)n1->DnsName.value,
+ (char *)n2->DnsName.value) == 0);
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/context_time.c b/third_party/heimdal/lib/gssapi/netlogon/context_time.c
new file mode 100644
index 0000000..c7bf9eb
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/context_time.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_context_time
+ (OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ OM_uint32 * time_rec
+ )
+{
+ if (time_rec != NULL)
+ *time_rec = GSS_C_INDEFINITE;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/crypto.c b/third_party/heimdal/lib/gssapi/netlogon/crypto.c
new file mode 100644
index 0000000..0fc8f01
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/crypto.c
@@ -0,0 +1,733 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+static uint8_t zeros[4];
+
+static void
+_netlogon_encode_sequence_number(uint64_t SequenceNumber, uint8_t *p,
+ int initiatorFlag)
+{
+ uint32_t LowPart, HighPart;
+
+ LowPart = (SequenceNumber >> 0 ) & 0xFFFFFFFF;
+ HighPart = (SequenceNumber >> 32) & 0xFFFFFFFF;
+
+ _gss_mg_encode_be_uint32(LowPart, &p[0]);
+ _gss_mg_encode_be_uint32(HighPart, &p[4]);
+
+ if (initiatorFlag)
+ p[4] |= 0x80;
+}
+
+static int
+_netlogon_decode_sequence_number(void *ptr, uint64_t *n,
+ int initiatorFlag)
+{
+ uint8_t *p = ptr;
+ uint32_t LowPart, HighPart;
+ int gotInitiatorFlag;
+
+ gotInitiatorFlag = (p[4] & 0x80) != 0;
+ if (gotInitiatorFlag != initiatorFlag)
+ return -1;
+
+ p[4] &= 0x7F; /* clear initiator bit */
+
+ _gss_mg_decode_be_uint32(&p[0], &LowPart);
+ _gss_mg_decode_be_uint32(&p[4], &HighPart);
+
+ *n = (LowPart << 0) | ((uint64_t)HighPart << 32);
+
+ return 0;
+}
+
+static inline size_t
+_netlogon_checksum_length(NL_AUTH_SIGNATURE *sig)
+{
+#if 0
+ return (sig->SignatureAlgorithm == NL_SIGN_ALG_SHA256) ? 32 : 8;
+#else
+ /* Owing to a bug in Windows it always uses the old value */
+ return 8;
+#endif
+}
+
+static inline size_t
+_netlogon_signature_length(uint16_t alg, int conf_req_flag)
+{
+ return NL_AUTH_SIGNATURE_COMMON_LENGTH +
+ (alg == NL_SIGN_ALG_SHA256 ? 32 : 8) +
+ (conf_req_flag ? 8 : 0);
+}
+
+static inline uint8_t *
+_netlogon_confounder(NL_AUTH_SIGNATURE *sig)
+{
+ size_t cksumlen = _netlogon_checksum_length(sig);
+
+ return &sig->Checksum[cksumlen];
+}
+
+static int
+_netlogon_encode_NL_AUTH_SIGNATURE(NL_AUTH_SIGNATURE *sig,
+ uint8_t *p, size_t len)
+{
+ *p++ = (sig->SignatureAlgorithm >> 0) & 0xFF;
+ *p++ = (sig->SignatureAlgorithm >> 8) & 0xFF;
+ *p++ = (sig->SealAlgorithm >> 0) & 0xFF;
+ *p++ = (sig->SealAlgorithm >> 8) & 0xFF;
+ *p++ = (sig->Pad >> 0) & 0xFF;
+ *p++ = (sig->Pad >> 8) & 0xFF;
+ *p++ = (sig->Flags >> 0) & 0xFF;
+ *p++ = (sig->Flags >> 8) & 0xFF;
+
+ if (len > NL_AUTH_SIGNATURE_HEADER_LENGTH) {
+ memcpy(p, sig->SequenceNumber, 8);
+ p += 8;
+ }
+
+ if (len > NL_AUTH_SIGNATURE_COMMON_LENGTH) {
+ size_t cksumlen = _netlogon_checksum_length(sig);
+
+ memcpy(p, sig->Checksum, cksumlen);
+ p += cksumlen;
+
+ /* Confounder, if present, is immediately after checksum */
+ if (sig->SealAlgorithm != NL_SEAL_ALG_NONE) {
+ memcpy(p, &sig->Checksum[cksumlen], 8);
+ }
+ }
+
+ return 0;
+}
+
+static int
+_netlogon_decode_NL_AUTH_SIGNATURE(const uint8_t *ptr,
+ size_t len,
+ NL_AUTH_SIGNATURE *sig)
+{
+ const uint8_t *p = ptr;
+ size_t cksumlen;
+
+ if (len < NL_AUTH_SIGNATURE_COMMON_LENGTH)
+ return KRB5_BAD_MSIZE;
+
+ sig->SignatureAlgorithm = (p[0] << 0) | (p[1] << 8);
+ sig->SealAlgorithm = (p[2] << 0) | (p[3] << 8);
+ sig->Pad = (p[4] << 0) | (p[5] << 8);
+ sig->Flags = (p[6] << 0) | (p[7] << 8);
+ p += 8;
+
+ memcpy(sig->SequenceNumber, p, 8);
+ p += 8;
+
+ /* Validate signature algorithm is known and matches enctype */
+ switch (sig->SignatureAlgorithm) {
+ case NL_SIGN_ALG_HMAC_MD5:
+ cksumlen = NL_AUTH_SIGNATURE_LENGTH;
+ break;
+ case NL_SIGN_ALG_SHA256:
+ cksumlen = NL_AUTH_SHA2_SIGNATURE_LENGTH;
+ break;
+ default:
+ return EINVAL;
+ break;
+ }
+
+ if (sig->SealAlgorithm == NL_SEAL_ALG_NONE)
+ cksumlen -= 8; /* confounder is optional if no sealing */
+
+ if (len < cksumlen)
+ return KRB5_BAD_MSIZE;
+
+ /* Copy variable length checksum */
+ cksumlen = _netlogon_checksum_length(sig);
+ memcpy(sig->Checksum, p, cksumlen);
+ p += cksumlen;
+
+ /* Copy confounder in past checksum */
+ if (sig->SealAlgorithm != NL_SEAL_ALG_NONE)
+ memcpy(&sig->Checksum[cksumlen], p, 8);
+
+ return 0;
+}
+
+static void
+_netlogon_derive_rc4_hmac_key(uint8_t key[16],
+ uint8_t *salt,
+ size_t saltLength,
+ EVP_CIPHER_CTX *rc4Key,
+ int enc)
+{
+ uint8_t tmpData[MD5_DIGEST_LENGTH];
+ uint8_t derivedKey[MD5_DIGEST_LENGTH];
+ unsigned int len = MD5_DIGEST_LENGTH;
+
+ HMAC(EVP_md5(), key, 16, zeros, sizeof(zeros), tmpData, &len);
+ HMAC(EVP_md5(), tmpData, MD5_DIGEST_LENGTH,
+ salt, saltLength, derivedKey, &len);
+
+ assert(len == MD5_DIGEST_LENGTH);
+
+ EVP_CipherInit_ex(rc4Key, EVP_rc4(), NULL, derivedKey, NULL, enc);
+
+ memset(derivedKey, 0, sizeof(derivedKey));
+}
+
+static void
+_netlogon_derive_rc4_seal_key(gssnetlogon_ctx ctx,
+ NL_AUTH_SIGNATURE *sig,
+ EVP_CIPHER_CTX *sealkey,
+ int enc)
+{
+ uint8_t xorKey[16];
+ int i;
+
+ for (i = 0; i < sizeof(xorKey); i++) {
+ xorKey[i] = ctx->SessionKey[i] ^ 0xF0;
+ }
+
+ _netlogon_derive_rc4_hmac_key(xorKey,
+ sig->SequenceNumber, sizeof(sig->SequenceNumber), sealkey, enc);
+
+ memset(xorKey, 0, sizeof(xorKey));
+}
+
+static void
+_netlogon_derive_rc4_seq_key(gssnetlogon_ctx ctx,
+ NL_AUTH_SIGNATURE *sig,
+ EVP_CIPHER_CTX *seqkey,
+ int enc)
+{
+ _netlogon_derive_rc4_hmac_key(ctx->SessionKey,
+ sig->Checksum, sizeof(sig->Checksum), seqkey, enc);
+}
+
+static void
+_netlogon_derive_aes_seal_key(gssnetlogon_ctx ctx,
+ NL_AUTH_SIGNATURE *sig,
+ EVP_CIPHER_CTX *sealkey,
+ int enc)
+{
+ uint8_t encryptionKey[16];
+ uint8_t ivec[16];
+ int i;
+
+ for (i = 0; i < sizeof(encryptionKey); i++) {
+ encryptionKey[i] = ctx->SessionKey[i] ^ 0xF0;
+ }
+
+ memcpy(&ivec[0], sig->SequenceNumber, 8);
+ memcpy(&ivec[8], sig->SequenceNumber, 8);
+
+ EVP_CipherInit_ex(sealkey, EVP_aes_128_cfb8(),
+ NULL, encryptionKey, ivec, enc);
+
+ memset(encryptionKey, 0, sizeof(encryptionKey));
+}
+
+static void
+_netlogon_derive_aes_seq_key(gssnetlogon_ctx ctx,
+ NL_AUTH_SIGNATURE *sig,
+ EVP_CIPHER_CTX *seqkey,
+ int enc)
+{
+ uint8_t ivec[16];
+
+ memcpy(&ivec[0], sig->Checksum, 8);
+ memcpy(&ivec[8], sig->Checksum, 8);
+
+ EVP_CipherInit_ex(seqkey, EVP_aes_128_cfb8(),
+ NULL, ctx->SessionKey, ivec, enc);
+}
+
+static void
+_netlogon_seal(gssnetlogon_ctx ctx,
+ NL_AUTH_SIGNATURE *sig,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ int enc)
+{
+ EVP_CIPHER_CTX sealkey;
+ int i;
+ uint8_t *confounder = _netlogon_confounder(sig);
+
+ EVP_CIPHER_CTX_init(&sealkey);
+
+ if (sig->SealAlgorithm == NL_SEAL_ALG_AES128)
+ _netlogon_derive_aes_seal_key(ctx, sig, &sealkey, enc);
+ else
+ _netlogon_derive_rc4_seal_key(ctx, sig, &sealkey, enc);
+
+ EVP_Cipher(&sealkey, confounder, confounder, 8);
+
+ /*
+ * For RC4, Windows resets the cipherstate after encrypting
+ * the confounder, thus defeating the purpose of the confounder
+ */
+ if (sig->SealAlgorithm == NL_SEAL_ALG_RC4) {
+ EVP_CipherFinal_ex(&sealkey, NULL, &i);
+ _netlogon_derive_rc4_seal_key(ctx, sig, &sealkey, enc);
+ }
+
+ for (i = 0; i < iov_count; i++) {
+ gss_iov_buffer_t iovp = &iov[i];
+
+ switch (GSS_IOV_BUFFER_TYPE(iovp->type)) {
+ case GSS_IOV_BUFFER_TYPE_DATA:
+ case GSS_IOV_BUFFER_TYPE_PADDING:
+ EVP_Cipher(&sealkey, iovp->buffer.value, iovp->buffer.value,
+ iovp->buffer.length);
+ break;
+ default:
+ break;
+ }
+ }
+
+ EVP_CipherFinal_ex(&sealkey, NULL, &i);
+ EVP_CIPHER_CTX_cleanup(&sealkey);
+}
+
+static void
+_netlogon_seq(gssnetlogon_ctx ctx,
+ NL_AUTH_SIGNATURE *sig,
+ int enc)
+{
+ EVP_CIPHER_CTX seqkey;
+
+ EVP_CIPHER_CTX_init(&seqkey);
+
+ if (sig->SignatureAlgorithm == NL_SIGN_ALG_SHA256)
+ _netlogon_derive_aes_seq_key(ctx, sig, &seqkey, enc);
+ else
+ _netlogon_derive_rc4_seq_key(ctx, sig, &seqkey, enc);
+
+ EVP_Cipher(&seqkey, sig->SequenceNumber, sig->SequenceNumber, 8);
+
+ EVP_CIPHER_CTX_cleanup(&seqkey);
+}
+
+static void
+_netlogon_digest_md5(gssnetlogon_ctx ctx,
+ NL_AUTH_SIGNATURE *sig,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ uint8_t *md)
+{
+ EVP_MD_CTX *md5;
+ uint8_t header[NL_AUTH_SIGNATURE_HEADER_LENGTH];
+ uint8_t digest[MD5_DIGEST_LENGTH];
+ unsigned int md_len = MD5_DIGEST_LENGTH;
+ int i;
+
+ _netlogon_encode_NL_AUTH_SIGNATURE(sig, header, sizeof(header));
+
+ md5 = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(md5, EVP_md5(), NULL);
+ EVP_DigestUpdate(md5, zeros, sizeof(zeros));
+ EVP_DigestUpdate(md5, header, sizeof(header));
+
+ if (sig->SealAlgorithm != NL_SEAL_ALG_NONE) {
+ EVP_DigestUpdate(md5, sig->Confounder, sizeof(sig->Confounder));
+ }
+
+ for (i = 0; i < iov_count; i++) {
+ gss_iov_buffer_t iovp = &iov[i];
+
+ switch (GSS_IOV_BUFFER_TYPE(iovp->type)) {
+ case GSS_IOV_BUFFER_TYPE_DATA:
+ case GSS_IOV_BUFFER_TYPE_PADDING:
+ case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
+ EVP_DigestUpdate(md5, iovp->buffer.value, iovp->buffer.length);
+ break;
+ default:
+ break;
+ }
+ }
+
+ EVP_DigestFinal_ex(md5, digest, NULL);
+ EVP_MD_CTX_destroy(md5);
+
+ HMAC(EVP_md5(), ctx->SessionKey, sizeof(ctx->SessionKey),
+ digest, sizeof(digest), digest, &md_len);
+ memcpy(md, digest, 8);
+}
+
+static void
+_netlogon_digest_sha256(gssnetlogon_ctx ctx,
+ NL_AUTH_SIGNATURE *sig,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ uint8_t *md)
+{
+ HMAC_CTX hmac;
+ uint8_t header[NL_AUTH_SIGNATURE_HEADER_LENGTH];
+ uint8_t digest[SHA256_DIGEST_LENGTH];
+ unsigned int md_len = SHA256_DIGEST_LENGTH;
+ int i;
+
+ /* Encode first 8 bytes of signature into header */
+ _netlogon_encode_NL_AUTH_SIGNATURE(sig, header, sizeof(header));
+
+ HMAC_CTX_init(&hmac);
+ HMAC_Init_ex(&hmac, ctx->SessionKey, sizeof(ctx->SessionKey),
+ EVP_sha256(), NULL);
+ HMAC_Update(&hmac, header, sizeof(header));
+
+ if (sig->SealAlgorithm != NL_SEAL_ALG_NONE) {
+ /*
+ * If the checksum length bug is ever fixed, then be sure to
+ * update this code to point to &sig->Checksum[32] as that is
+ * where the confounder is supposed to be.
+ */
+ HMAC_Update(&hmac, sig->Confounder, 8);
+ }
+
+ for (i = 0; i < iov_count; i++) {
+ gss_iov_buffer_t iovp = &iov[i];
+
+ switch (GSS_IOV_BUFFER_TYPE(iovp->type)) {
+ case GSS_IOV_BUFFER_TYPE_DATA:
+ case GSS_IOV_BUFFER_TYPE_PADDING:
+ case GSS_IOV_BUFFER_TYPE_SIGN_ONLY:
+ HMAC_Update(&hmac, iovp->buffer.value, iovp->buffer.length);
+ break;
+ default:
+ break;
+ }
+ }
+
+ HMAC_Final(&hmac, digest, &md_len);
+ HMAC_CTX_cleanup(&hmac);
+ memcpy(md, digest, 8);
+}
+
+static void
+_netlogon_digest(gssnetlogon_ctx ctx,
+ NL_AUTH_SIGNATURE *sig,
+ gss_iov_buffer_desc *iov,
+ int iov_count,
+ uint8_t *md)
+{
+ if (sig->SignatureAlgorithm == NL_SIGN_ALG_SHA256)
+ _netlogon_digest_sha256(ctx, sig, iov, iov_count, md);
+ else
+ _netlogon_digest_md5(ctx, sig, iov, iov_count, md);
+}
+
+OM_uint32
+_netlogon_wrap_iov(OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ OM_uint32 ret;
+ gss_iov_buffer_t header;
+ NL_AUTH_SIGNATURE_U sigbuf = { { 0 } };
+ NL_AUTH_SIGNATURE *sig = NL_AUTH_SIGNATURE_P(&sigbuf);
+ gssnetlogon_ctx ctx = (gssnetlogon_ctx)context_handle;
+ size_t size;
+ uint8_t *seqdata;
+
+ if (ctx->State != NL_AUTH_ESTABLISHED) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ header = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+ if (header == NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ size = _netlogon_signature_length(ctx->SignatureAlgorithm, conf_req_flag);
+
+ if (GSS_IOV_BUFFER_FLAGS(header->type) & GSS_IOV_BUFFER_FLAG_ALLOCATE) {
+ ret = _gss_mg_allocate_buffer(minor_status, header, size);
+ if (GSS_ERROR(ret))
+ return ret;
+ } else if (header->buffer.length < size) {
+ *minor_status = KRB5_BAD_MSIZE;
+ return GSS_S_FAILURE;
+ } else {
+ header->buffer.length = size;
+ }
+
+ memset(header->buffer.value, 0, header->buffer.length);
+
+ sig->SignatureAlgorithm = ctx->SignatureAlgorithm;
+ sig->SealAlgorithm = conf_req_flag ? ctx->SealAlgorithm : NL_SEAL_ALG_NONE;
+
+ if (conf_req_flag)
+ krb5_generate_random_block(_netlogon_confounder(sig), 8);
+
+ sig->Pad = 0xFFFF; /* [MS-NRPC] 3.3.4.2.1.3 */
+ sig->Flags = 0; /* [MS-NRPC] 3.3.4.2.1.4 */
+ HEIMDAL_MUTEX_lock(&ctx->Mutex);
+ _netlogon_encode_sequence_number(ctx->SequenceNumber, sig->SequenceNumber,
+ ctx->LocallyInitiated);
+ ctx->SequenceNumber++;
+ HEIMDAL_MUTEX_unlock(&ctx->Mutex);
+
+ /* [MS-NRPC] 3.3.4.2.1.7: sign header, optional confounder and data */
+ _netlogon_digest(ctx, sig, iov, iov_count, sig->Checksum);
+
+ /* [MS-NRPC] 3.3.4.2.1.8: optionally encrypt confounder and data */
+ if (conf_req_flag)
+ _netlogon_seal(ctx, sig, iov, iov_count, 1);
+
+ /* [MS-NRPC] 3.3.4.2.1.9: encrypt sequence number */
+ _netlogon_seq(ctx, sig, 1);
+
+ _netlogon_encode_NL_AUTH_SIGNATURE(sig, header->buffer.value,
+ header->buffer.length);
+
+ if (conf_state != NULL)
+ *conf_state = conf_req_flag;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_netlogon_unwrap_iov(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ OM_uint32 ret;
+ gss_iov_buffer_t header;
+ NL_AUTH_SIGNATURE_U sigbuf;
+ NL_AUTH_SIGNATURE *sig = NL_AUTH_SIGNATURE_P(&sigbuf);
+ gssnetlogon_ctx ctx = (gssnetlogon_ctx)context_handle;
+ uint8_t checksum[SHA256_DIGEST_LENGTH];
+ uint64_t SequenceNumber;
+
+ if (ctx->State != NL_AUTH_ESTABLISHED) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ header = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+ if (header == NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ ret = _netlogon_decode_NL_AUTH_SIGNATURE(header->buffer.value,
+ header->buffer.length,
+ sig);
+ if (ret != 0) {
+ *minor_status = ret;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ /* [MS-NRPC] 3.3.4.2.2.1: verify signature algorithm selection */
+ if (sig->SignatureAlgorithm != ctx->SignatureAlgorithm)
+ return GSS_S_BAD_SIG;
+
+ /* [MS-NRPC] 3.3.4.2.2.2: verify encryption algorithm selection */
+ if (sig->SealAlgorithm != NL_SEAL_ALG_NONE &&
+ sig->SealAlgorithm != ctx->SealAlgorithm)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ /* [MS-NRPC] 3.3.4.2.2.3: verify Pad bytes */
+ if (sig->Pad != 0xFFFF)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ /* [MS-NRPC] 3.3.4.2.2.5: decrypt sequence number */
+ _netlogon_seq(ctx, sig, 0);
+
+ /* [MS-NRPC] 3.3.4.2.2.6: decode sequence number */
+ if (_netlogon_decode_sequence_number(sig->SequenceNumber, &SequenceNumber,
+ !ctx->LocallyInitiated) != 0)
+ return GSS_S_UNSEQ_TOKEN;
+
+ /* [MS-NRPC] 3.3.4.2.2.9: decrypt confounder and data */
+ if (sig->SealAlgorithm != NL_SEAL_ALG_NONE)
+ _netlogon_seal(ctx, sig, iov, iov_count, 0);
+
+ /* [MS-NRPC] 3.3.4.2.2.10: verify signature */
+ _netlogon_digest(ctx, sig, iov, iov_count, checksum);
+ if (memcmp(sig->Checksum, checksum, _netlogon_checksum_length(sig)) != 0)
+ return GSS_S_BAD_SIG;
+
+ HEIMDAL_MUTEX_lock(&ctx->Mutex);
+ if (SequenceNumber != ctx->SequenceNumber) {
+ /* [MS-NRPC] 3.3.4.2.2.7: check sequence number */
+ ret = GSS_S_UNSEQ_TOKEN;
+ } else {
+ /* [MS-NRPC] 3.3.4.2.2.8: increment sequence number */
+ ctx->SequenceNumber++;
+ ret = GSS_S_COMPLETE;
+ }
+ HEIMDAL_MUTEX_unlock(&ctx->Mutex);
+
+ if (conf_state != NULL)
+ *conf_state = (sig->SealAlgorithm != NL_SEAL_ALG_NONE);
+ if (qop_state != NULL)
+ *qop_state = GSS_C_QOP_DEFAULT;
+
+ *minor_status = 0;
+ return ret;
+}
+
+OM_uint32
+_netlogon_wrap_iov_length(OM_uint32 * minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ OM_uint32 ret;
+ gss_iov_buffer_t iovp;
+ gssnetlogon_ctx ctx = (gssnetlogon_ctx)context_handle;
+ size_t len;
+
+ iovp = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+ if (iovp == NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ len = NL_AUTH_SIGNATURE_COMMON_LENGTH;
+ if (ctx->SignatureAlgorithm == NL_SIGN_ALG_SHA256)
+ len += 32; /* SHA2 checksum size */
+ else
+ len += 8; /* HMAC checksum size */
+ if (conf_req_flag)
+ len += 8; /* counfounder */
+
+ iovp->buffer.length = len;
+
+ iovp = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
+ if (iovp != NULL)
+ iovp->buffer.length = 0;
+
+ iovp = _gss_mg_find_buffer(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
+ if (iovp != NULL)
+ iovp->buffer.length = 0;
+
+ if (conf_state != NULL)
+ *conf_state = conf_req_flag;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32 _netlogon_get_mic
+ (OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token
+ )
+{
+ gss_iov_buffer_desc iov[2];
+ OM_uint32 ret;
+
+ iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
+ iov[0].buffer = *message_buffer;
+ iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+ iov[1].buffer.length = 0;
+ iov[1].buffer.value = NULL;
+
+ ret = _netlogon_wrap_iov(minor_status, context_handle, 0,
+ qop_req, NULL, iov, 2);
+ if (ret == GSS_S_COMPLETE)
+ *message_token = iov[1].buffer;
+
+ return ret;
+}
+
+OM_uint32
+_netlogon_verify_mic
+ (OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t * qop_state
+ )
+{
+ gss_iov_buffer_desc iov[2];
+
+ iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
+ iov[0].buffer = *message_buffer;
+ iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER;
+ iov[1].buffer = *token_buffer;
+
+ return _netlogon_unwrap_iov(minor_status, context_handle,
+ NULL, qop_state, iov, 2);
+}
+
+OM_uint32
+_netlogon_wrap_size_limit (
+ OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 *max_input_size
+ )
+{
+ gss_iov_buffer_desc iov[1];
+ OM_uint32 ret;
+
+ iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
+ iov[0].buffer.length = 0;
+
+ ret = _netlogon_wrap_iov_length(minor_status, context_handle,
+ conf_req_flag, qop_req, NULL,
+ iov, sizeof(iov)/sizeof(iov[0]));
+ if (GSS_ERROR(ret))
+ return ret;
+
+ if (req_output_size < iov[0].buffer.length)
+ *max_input_size = 0;
+ else
+ *max_input_size = req_output_size - iov[0].buffer.length;
+
+ return GSS_S_COMPLETE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/delete_sec_context.c b/third_party/heimdal/lib/gssapi/netlogon/delete_sec_context.c
new file mode 100644
index 0000000..8710416
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/delete_sec_context.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32
+_netlogon_delete_sec_context(OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_buffer_t output_token)
+{
+ if (context_handle != NULL && *context_handle != GSS_C_NO_CONTEXT) {
+ gssnetlogon_ctx ctx = (gssnetlogon_ctx)*context_handle;
+
+ *context_handle = GSS_C_NO_CONTEXT;
+
+ _netlogon_release_name(minor_status, (gss_name_t *)&ctx->SourceName);
+ _netlogon_release_name(minor_status, (gss_name_t *)&ctx->TargetName);
+ HEIMDAL_MUTEX_destroy(&ctx->Mutex);
+ memset(ctx, 0, sizeof(*ctx));
+ free(ctx);
+ }
+
+ if (output_token != GSS_C_NO_BUFFER) {
+ output_token->length = 0;
+ output_token->value = NULL;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/display_name.c b/third_party/heimdal/lib/gssapi/netlogon/display_name.c
new file mode 100644
index 0000000..7b0e223
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/display_name.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_display_name
+ (OM_uint32 * minor_status,
+ gss_const_name_t input_name,
+ gss_buffer_t output_name_buffer,
+ gss_OID * output_name_type
+ )
+{
+ const gssnetlogon_name name = (const gssnetlogon_name)input_name;
+ gss_buffer_t namebuf;
+
+ if (output_name_type != NULL)
+ *output_name_type = GSS_C_NO_OID;
+
+ if (output_name_buffer != NULL) {
+ namebuf = name->DnsName.length ? &name->DnsName : &name->NetbiosName;
+
+ output_name_buffer->value = malloc(namebuf->length + 1);
+ if (output_name_buffer->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy(output_name_buffer->value, namebuf->value, namebuf->length);
+ ((char *)output_name_buffer->value)[namebuf->length] = '\0';
+ output_name_buffer->length = namebuf->length;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/display_status.c b/third_party/heimdal/lib/gssapi/netlogon/display_status.c
new file mode 100644
index 0000000..68946e5
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/display_status.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_display_status
+ (OM_uint32 *minor_status,
+ OM_uint32 status_value,
+ int status_type,
+ const gss_OID mech_type,
+ OM_uint32 *message_context,
+ gss_buffer_t status_string)
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (status_string) {
+ status_string->length = 0;
+ status_string->value = NULL;
+ }
+ if (message_context)
+ *message_context = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/duplicate_cred.c b/third_party/heimdal/lib/gssapi/netlogon/duplicate_cred.c
new file mode 100644
index 0000000..0271fb2
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/duplicate_cred.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2010-2018 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32
+_netlogon_duplicate_cred(OM_uint32 *minor_status,
+ gss_const_cred_id_t input_cred_handle,
+ gss_cred_id_t *output_cred_handle)
+{
+ gssnetlogon_const_cred src = (gssnetlogon_const_cred)input_cred_handle;
+ gssnetlogon_cred dst;
+
+ dst = calloc(1, sizeof(*dst));
+ if (dst == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ *dst = *src;
+ return _netlogon_duplicate_name(minor_status, (gss_name_t)&src->Name, &dst->Name)
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/duplicate_name.c b/third_party/heimdal/lib/gssapi/netlogon/duplicate_name.c
new file mode 100644
index 0000000..1365e76
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/duplicate_name.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_duplicate_name (
+ OM_uint32 * minor_status,
+ gss_const_name_t src_name,
+ gss_name_t * dest_name
+ )
+{
+ const gssnetlogon_name src = (const gssnetlogon_name)src_name;
+ gssnetlogon_name dst = NULL;
+
+ dst = calloc(1, sizeof(*dst));
+ if (dst == NULL)
+ goto fail;
+
+ dst->NetbiosName.value = malloc(src->NetbiosName.length + 1);
+ if (dst->NetbiosName.value == NULL)
+ goto fail;
+ memcpy(dst->NetbiosName.value, src->NetbiosName.value,
+ src->NetbiosName.length);
+ dst->NetbiosName.length = src->NetbiosName.length;
+ ((char *)dst->NetbiosName.value)[dst->NetbiosName.length] = '\0';
+
+ if (src->DnsName.length != 0) {
+ dst->DnsName.value = malloc(src->DnsName.length + 1);
+ if (dst->DnsName.value == NULL)
+ goto fail;
+ memcpy(dst->DnsName.value, src->DnsName.value, src->DnsName.length);
+ dst->DnsName.length = src->DnsName.length;
+ ((char *)dst->DnsName.value)[dst->DnsName.length] = '\0';
+ }
+
+ *minor_status = 0;
+ *dest_name = (gss_name_t)dst;
+ return GSS_S_COMPLETE;
+
+fail:
+ _netlogon_release_name(minor_status, (gss_name_t *)&dst);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/export_name.c b/third_party/heimdal/lib/gssapi/netlogon/export_name.c
new file mode 100644
index 0000000..9984f8b
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/export_name.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_export_name
+ (OM_uint32 * minor_status,
+ gss_const_name_t input_name,
+ gss_buffer_t exported_name
+ )
+{
+ return GSS_S_UNAVAILABLE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/export_sec_context.c b/third_party/heimdal/lib/gssapi/netlogon/export_sec_context.c
new file mode 100644
index 0000000..7e410aa
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/export_sec_context.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32
+_netlogon_export_sec_context (
+ OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_buffer_t interprocess_token
+ )
+{
+ if (interprocess_token != GSS_C_NO_BUFFER) {
+ interprocess_token->length = 0;
+ interprocess_token->value = NULL;
+ }
+ return GSS_S_UNAVAILABLE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/external.c b/third_party/heimdal/lib/gssapi/netlogon/external.c
new file mode 100644
index 0000000..14f471e
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/external.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2010-2018 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+static gssapi_mech_interface_desc netlogon_mech = {
+ GMI_VERSION,
+ "netlogon",
+ {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x02") },
+ 0,
+ _netlogon_acquire_cred,
+ _netlogon_release_cred,
+ _netlogon_init_sec_context,
+ _netlogon_accept_sec_context,
+ _netlogon_process_context_token,
+ _netlogon_delete_sec_context,
+ _netlogon_context_time,
+ _netlogon_get_mic,
+ _netlogon_verify_mic,
+ NULL,
+ NULL,
+ _netlogon_display_status,
+ NULL,
+ _netlogon_compare_name,
+ _netlogon_display_name,
+ _netlogon_import_name,
+ _netlogon_export_name,
+ _netlogon_release_name,
+ _netlogon_inquire_cred,
+ _netlogon_inquire_context,
+ _netlogon_wrap_size_limit,
+ _netlogon_add_cred,
+ _netlogon_inquire_cred_by_mech,
+ _netlogon_export_sec_context,
+ _netlogon_import_sec_context,
+ _netlogon_inquire_names_for_mech,
+ _netlogon_inquire_mechs_for_name,
+ _netlogon_canonicalize_name,
+ _netlogon_duplicate_name,
+ NULL,
+ NULL,
+ NULL,
+ _netlogon_set_cred_option,
+ NULL,
+ _netlogon_wrap_iov,
+ _netlogon_unwrap_iov,
+ _netlogon_wrap_iov_length,
+ NULL, /* gm_store_cred */
+ NULL, /* gm_export_cred */
+ NULL, /* gm_import_cred */
+ NULL, /* gm_acquire_cred_from */
+ NULL, /* gm_acquire_cred_impersonate_name */
+ NULL, /* gm_iter_creds */
+ NULL, /* gm_destroy_cred */
+ NULL, /* gm_cred_hold */
+ NULL, /* gm_cred_unhold */
+ NULL, /* gm_cred_label_get */
+ NULL, /* gm_cred_label_set */
+ NULL, /* gm_mo */
+ 0, /* gm_mo_num */
+ NULL, /* gm_localname */
+ NULL, /* gm_authorize_localname */
+ NULL, /* gm_display_name_ext */
+ NULL, /* gm_inquire_name */
+ NULL, /* gm_get_name_attribute */
+ NULL, /* gm_set_name_attribute */
+ NULL, /* gm_delete_name_attribute */
+ NULL, /* gm_export_name_composite */
+ NULL, /* gm_duplicate_cred */
+ NULL, /* gm_add_cred_from */
+ NULL, /* gm_store_cred_into */
+ NULL /* gm_compat */
+};
+
+gssapi_mech_interface
+__gss_netlogon_initialize(void)
+{
+ return &netlogon_mech;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/import_name.c b/third_party/heimdal/lib/gssapi/netlogon/import_name.c
new file mode 100644
index 0000000..aa9191f
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/import_name.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+#include <ctype.h>
+
+OM_uint32 _netlogon_import_name
+ (OM_uint32 * minor_status,
+ const gss_buffer_t input_name_buffer,
+ const gss_OID input_name_type,
+ gss_name_t * output_name
+ )
+{
+ gssnetlogon_name name;
+ const char *netbiosName;
+ const char *dnsName = NULL;
+ size_t len, i;
+
+ if (!gss_oid_equal(input_name_type, GSS_NETLOGON_NT_NETBIOS_DNS_NAME)) {
+ return GSS_S_BAD_NAME;
+ }
+
+ /* encoding is NetBIOS name \0 DNS name \0 */
+
+ netbiosName = input_name_buffer->value;
+ len = strlen(netbiosName);
+ if (len < input_name_buffer->length)
+ dnsName = netbiosName + len + 1;
+
+ name = (gssnetlogon_name)calloc(1, sizeof(*name));
+ if (name == NULL)
+ goto cleanup;
+
+ name->NetbiosName.value = malloc(len + 1);
+ if (name->NetbiosName.value == NULL)
+ goto cleanup;
+ memcpy(name->NetbiosName.value, netbiosName, len + 1);
+ name->NetbiosName.length = len;
+
+ /* normalise name to uppercase XXX UTF-8 OK? */
+ for (i = 0; i < len; i++) {
+ ((char *)name->NetbiosName.value)[i] =
+ toupper(((char *)name->NetbiosName.value)[i]);
+ }
+
+ if (dnsName != NULL && dnsName[0] != '\0') {
+ name->DnsName.value = strdup(dnsName);
+ if (name->DnsName.value == NULL)
+ goto cleanup;
+ name->DnsName.length = strlen(dnsName);
+ }
+
+ *output_name = (gss_name_t)name;
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+
+cleanup:
+ _netlogon_release_name(minor_status, (gss_name_t *)&name);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/import_sec_context.c b/third_party/heimdal/lib/gssapi/netlogon/import_sec_context.c
new file mode 100644
index 0000000..0415b39
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/import_sec_context.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32
+_netlogon_import_sec_context (
+ OM_uint32 * minor_status,
+ const gss_buffer_t interprocess_token,
+ gss_ctx_id_t * context_handle
+ )
+{
+ *minor_status = 0;
+ if (context_handle != NULL)
+ *context_handle = GSS_C_NO_CONTEXT;
+
+ return GSS_S_UNAVAILABLE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/indicate_mechs.c b/third_party/heimdal/lib/gssapi/netlogon/indicate_mechs.c
new file mode 100644
index 0000000..9192e42
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/indicate_mechs.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_indicate_mechs
+(OM_uint32 * minor_status,
+ gss_OID_set * mech_set
+ )
+{
+ *minor_status = 0;
+ if (mech_set != NULL)
+ *mech_set = GSS_C_NO_OID_SET;
+
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/init_sec_context.c b/third_party/heimdal/lib/gssapi/netlogon/init_sec_context.c
new file mode 100644
index 0000000..906f457
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/init_sec_context.c
@@ -0,0 +1,289 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+#include <nameser.h>
+
+static OM_uint32
+_netlogon_encode_dns_string(OM_uint32 *minor_status,
+ const gss_buffer_t str,
+ gss_buffer_t buffer)
+{
+ int ret;
+
+ memset(buffer->value, 0, buffer->length);
+
+ ret = ns_name_compress((const char *)str->value,
+ (uint8_t *)buffer->value, buffer->length,
+ NULL, NULL);
+ if (ret < 0) {
+ *minor_status = errno;
+ return GSS_S_FAILURE;
+ }
+
+ buffer->length = ret;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+_netlogon_make_initial_auth_message(OM_uint32 *minor_status,
+ gssnetlogon_ctx ctx,
+ gss_buffer_t output_token)
+{
+ uint32_t flags = 0;
+#define MAX_NL_NAMES 5
+ gss_buffer_desc names[MAX_NL_NAMES];
+ uint8_t comp_names[3][MAXHOSTNAMELEN * 2];
+ size_t n = 0, i = 0, len;
+ OM_uint32 ret;
+ uint8_t *p;
+
+ if (ctx->TargetName->NetbiosName.length) {
+ flags |= NL_FLAG_NETBIOS_DOMAIN_NAME;
+ names[n] = ctx->TargetName->NetbiosName; /* OEM encoding */
+ names[n].length++;
+ n++;
+ }
+ if (ctx->SourceName->NetbiosName.length) {
+ flags |= NL_FLAG_NETBIOS_COMPUTER_NAME;
+ names[n] = ctx->SourceName->NetbiosName; /* OEM encoding */
+ names[n].length++;
+ n++;
+ }
+ if (ctx->TargetName->DnsName.length) {
+ flags |= NL_FLAG_DNS_DOMAIN_NAME;
+ names[n].value = comp_names[i++];
+ names[n].length = MAXHOSTNAMELEN * 2;
+ ret = _netlogon_encode_dns_string(minor_status,
+ &ctx->TargetName->DnsName,
+ &names[n]);
+ if (GSS_ERROR(ret))
+ return ret;
+ n++;
+ }
+ if (ctx->SourceName->DnsName.length) {
+ flags |= NL_FLAG_DNS_HOST_NAME;
+ names[n].value = comp_names[i++];
+ names[n].length = MAXHOSTNAMELEN * 2;
+ ret = _netlogon_encode_dns_string(minor_status,
+ &ctx->SourceName->DnsName,
+ &names[n]);
+ if (GSS_ERROR(ret))
+ return ret;
+ n++;
+ }
+ if (ctx->SourceName->NetbiosName.length) {
+ flags |= NL_FLAG_UTF8_COMPUTER_NAME;
+ names[n].value = comp_names[i++];
+ names[n].length = MAXHOSTNAMELEN * 2;
+ ret = _netlogon_encode_dns_string(minor_status,
+ &ctx->SourceName->NetbiosName,
+ &names[n]);
+ if (GSS_ERROR(ret))
+ return ret;
+ n++;
+ }
+
+ for (i = 0, len = NL_AUTH_MESSAGE_LENGTH; i < n; i++) {
+ len += names[i].length;
+ }
+
+ output_token->value = malloc(len);
+ if (output_token->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ p = (uint8_t *)output_token->value;
+ _gss_mg_encode_le_uint32(NL_NEGOTIATE_REQUEST_MESSAGE, p);
+ _gss_mg_encode_le_uint32(flags, p + 4);
+ p += 8;
+
+ for (i = 0; i < n; i++) {
+ assert(names[i].length != 0);
+ assert(((char *)names[i].value)[names[i].length - 1] == '\0');
+ memcpy(p, names[i].value, names[i].length);
+ p += names[i].length;
+ }
+
+ output_token->length = len;
+ assert(p == (uint8_t *)output_token->value + len);
+
+ *minor_status = 0;
+ return GSS_S_CONTINUE_NEEDED;
+}
+
+static OM_uint32
+_netlogon_read_initial_auth_message(OM_uint32 *minor_status,
+ gssnetlogon_ctx ctx,
+ const gss_buffer_t input_token)
+{
+ NL_AUTH_MESSAGE msg;
+ const uint8_t *p = (const uint8_t *)input_token->value;
+
+ if (ctx->State != NL_AUTH_NEGOTIATE) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ if (input_token->length < NL_AUTH_MESSAGE_LENGTH)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ _gss_mg_decode_le_uint32(&p[0], &msg.MessageType);
+ _gss_mg_decode_le_uint32(&p[4], &msg.Flags);
+
+ if (msg.MessageType != NL_NEGOTIATE_RESPONSE_MESSAGE ||
+ msg.Flags != 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ ctx->State = NL_AUTH_ESTABLISHED;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+_netlogon_alloc_context(OM_uint32 *minor_status,
+ gssnetlogon_ctx *pContext)
+{
+ gssnetlogon_ctx ctx;
+
+ ctx = (gssnetlogon_ctx)calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ ctx->State = NL_AUTH_NEGOTIATE;
+ ctx->LocallyInitiated = 1;
+ ctx->MessageBlockSize = 1;
+
+ HEIMDAL_MUTEX_init(&ctx->Mutex);
+
+ *pContext = ctx;
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+_netlogon_init_sec_context(OM_uint32 * minor_status,
+ gss_const_cred_id_t initiator_cred_handle,
+ gss_ctx_id_t * context_handle,
+ gss_const_name_t target_name,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec)
+{
+ const gssnetlogon_cred cred = (const gssnetlogon_cred)initiator_cred_handle;
+ gssnetlogon_ctx ctx = (gssnetlogon_ctx)*context_handle;
+ const gssnetlogon_name target = (const gssnetlogon_name)target_name;
+ OM_uint32 ret;
+
+ *minor_status = 0;
+
+ output_token->value = NULL;
+ output_token->length = 0;
+
+ /* Validate arguments */
+ if (cred == NULL)
+ return GSS_S_NO_CRED;
+ else if (target == NULL)
+ return GSS_S_BAD_NAME;
+
+ if (ctx == NULL) {
+ if (input_token->length != 0)
+ return GSS_S_DEFECTIVE_TOKEN;
+
+ ret = _netlogon_alloc_context(minor_status, &ctx);
+ if (GSS_ERROR(ret))
+ goto cleanup;
+
+ HEIMDAL_MUTEX_lock(&ctx->Mutex);
+ *context_handle = (gss_ctx_id_t)ctx;
+
+ ctx->GssFlags = req_flags & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
+ GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
+ GSS_C_INTEG_FLAG | GSS_C_DCE_STYLE);
+ ctx->SignatureAlgorithm = cred->SignatureAlgorithm;
+ ctx->SealAlgorithm = cred->SealAlgorithm;
+
+ ret = _netlogon_duplicate_name(minor_status, (gss_name_t)cred->Name,
+ (gss_name_t *)&ctx->SourceName);
+ if (GSS_ERROR(ret))
+ goto cleanup;
+
+ ret = _netlogon_duplicate_name(minor_status, (gss_name_t)target,
+ (gss_name_t *)&ctx->TargetName);
+ if (GSS_ERROR(ret))
+ goto cleanup;
+
+ memcpy(ctx->SessionKey, cred->SessionKey, sizeof(cred->SessionKey));
+
+ ret = _netlogon_make_initial_auth_message(minor_status, ctx,
+ output_token);
+ if (GSS_ERROR(ret))
+ goto cleanup;
+ } else {
+ HEIMDAL_MUTEX_lock(&ctx->Mutex);
+ ret = _netlogon_read_initial_auth_message(minor_status, ctx,
+ input_token);
+ }
+
+ if (ret_flags != NULL)
+ *ret_flags = ctx->GssFlags;
+ if (time_rec != NULL)
+ *time_rec = GSS_C_INDEFINITE;
+ if (actual_mech_type != NULL)
+ *actual_mech_type = GSS_NETLOGON_MECHANISM;
+
+cleanup:
+ HEIMDAL_MUTEX_unlock(&ctx->Mutex);
+
+ if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
+ OM_uint32 tmp;
+ _netlogon_delete_sec_context(&tmp, context_handle, NULL);
+ }
+
+ return ret;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/inquire_context.c b/third_party/heimdal/lib/gssapi/netlogon/inquire_context.c
new file mode 100644
index 0000000..24995c2
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/inquire_context.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_inquire_context (
+ OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ gss_name_t * src_name,
+ gss_name_t * targ_name,
+ OM_uint32 * lifetime_rec,
+ gss_OID * mech_type,
+ OM_uint32 * ctx_flags,
+ int * locally_initiated,
+ int * open_context
+ )
+{
+ const gssnetlogon_ctx ctx = (const gssnetlogon_ctx)context_handle;
+ OM_uint32 ret;
+
+ if (src_name != NULL) {
+ ret = _netlogon_duplicate_name(minor_status, (gss_name_t)ctx->SourceName,
+ (gss_name_t *)src_name);
+ if (GSS_ERROR(ret))
+ return ret;
+ }
+ if (targ_name != NULL) {
+ ret = _netlogon_duplicate_name(minor_status, (gss_name_t)ctx->TargetName,
+ (gss_name_t *)targ_name);
+ if (GSS_ERROR(ret))
+ return ret;
+ }
+ if (mech_type != NULL)
+ *mech_type = GSS_NETLOGON_MECHANISM;
+ if (ctx_flags != NULL)
+ *ctx_flags = ctx->GssFlags;
+ if (locally_initiated != NULL)
+ *locally_initiated = ctx->LocallyInitiated;
+ if (open_context != NULL)
+ *open_context = (ctx->State == NL_AUTH_ESTABLISHED);
+
+ return GSS_S_COMPLETE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/inquire_cred.c b/third_party/heimdal/lib/gssapi/netlogon/inquire_cred.c
new file mode 100644
index 0000000..6c7ca34
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/inquire_cred.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_inquire_cred
+ (OM_uint32 * minor_status,
+ gss_const_cred_id_t cred_handle,
+ gss_name_t * name,
+ OM_uint32 * lifetime,
+ gss_cred_usage_t * cred_usage,
+ gss_OID_set * mechanisms
+ )
+{
+ OM_uint32 ret;
+ const gssnetlogon_cred cred = (const gssnetlogon_cred)cred_handle;
+
+ *minor_status = 0;
+
+ if (cred == NULL)
+ return GSS_S_NO_CRED;
+
+ if (name != NULL) {
+ ret = _netlogon_duplicate_name(minor_status,
+ (gss_const_name_t)cred->Name, name);
+ if (GSS_ERROR(ret))
+ return ret;
+ }
+ if (lifetime != NULL)
+ *lifetime = GSS_C_INDEFINITE;
+ if (cred_usage != NULL)
+ *cred_usage = GSS_C_INITIATE;
+ if (mechanisms != NULL)
+ *mechanisms = GSS_C_NO_OID_SET;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/inquire_cred_by_mech.c b/third_party/heimdal/lib/gssapi/netlogon/inquire_cred_by_mech.c
new file mode 100644
index 0000000..f36310f
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/inquire_cred_by_mech.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_inquire_cred_by_mech (
+ OM_uint32 * minor_status,
+ gss_const_cred_id_t cred_handle,
+ const gss_OID mech_type,
+ gss_name_t * name,
+ OM_uint32 * initiator_lifetime,
+ OM_uint32 * acceptor_lifetime,
+ gss_cred_usage_t * cred_usage
+ )
+{
+ OM_uint32 ret;
+ const gssnetlogon_cred cred = (const gssnetlogon_cred)cred_handle;
+
+ if (name != NULL) {
+ ret = _netlogon_duplicate_name(minor_status,
+ (gss_const_name_t)cred->Name, name);
+ if (GSS_ERROR(ret))
+ return ret;
+ }
+ if (initiator_lifetime != NULL)
+ *initiator_lifetime = GSS_C_INDEFINITE;
+ if (acceptor_lifetime != NULL)
+ *acceptor_lifetime = GSS_C_INDEFINITE;
+ if (cred_usage != NULL)
+ *cred_usage = GSS_C_INITIATE;
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/inquire_mechs_for_name.c b/third_party/heimdal/lib/gssapi/netlogon/inquire_mechs_for_name.c
new file mode 100644
index 0000000..dbf385c
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/inquire_mechs_for_name.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_inquire_mechs_for_name (
+ OM_uint32 * minor_status,
+ gss_const_name_t input_name,
+ gss_OID_set * mech_types
+ )
+{
+ if (mech_types != NULL)
+ *mech_types = GSS_C_NO_OID_SET;
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/inquire_names_for_mech.c b/third_party/heimdal/lib/gssapi/netlogon/inquire_names_for_mech.c
new file mode 100644
index 0000000..9802e53
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/inquire_names_for_mech.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_inquire_names_for_mech (
+ OM_uint32 * minor_status,
+ const gss_OID mechanism,
+ gss_OID_set * name_types
+ )
+{
+ OM_uint32 ret, tmp;
+
+ ret = gss_create_empty_oid_set(minor_status, name_types);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ ret = gss_add_oid_set_member(minor_status, GSS_NETLOGON_NT_NETBIOS_DNS_NAME, name_types);
+ if (ret != GSS_S_COMPLETE) {
+ gss_release_oid_set(&tmp, name_types);
+ return ret;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/iter_cred.c b/third_party/heimdal/lib/gssapi/netlogon/iter_cred.c
new file mode 100644
index 0000000..93a8d59
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/iter_cred.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+#include <gssapi_spi.h>
+
+void
+_netlogon_iter_creds_f(OM_uint32 flags,
+ void *userctx ,
+ void (*cred_iter)(void *, gss_OID, gss_cred_id_t))
+{
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/netlogon.h b/third_party/heimdal/lib/gssapi/netlogon/netlogon.h
new file mode 100644
index 0000000..68573e2
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/netlogon.h
@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2010-2018 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef NETLOGON_NETLOGON_H
+#define NETLOGON_NETLOGON_H
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
+#include <errno.h>
+
+#include <gssapi.h>
+#include <gssapi_mech.h>
+#include <gssapi_netlogon.h>
+
+#include <krb5.h>
+
+#include <roken.h>
+#include <heim_threads.h>
+
+#define HC_DEPRECATED_CRYPTO
+#include "crypto-headers.h"
+
+/*
+ *
+ */
+
+typedef struct {
+#define NL_NEGOTIATE_REQUEST_MESSAGE 0x00000000
+#define NL_NEGOTIATE_RESPONSE_MESSAGE 0x00000001
+ uint32_t MessageType;
+#define NL_FLAG_NETBIOS_DOMAIN_NAME 0x00000001
+#define NL_FLAG_NETBIOS_COMPUTER_NAME 0x00000002
+#define NL_FLAG_DNS_DOMAIN_NAME 0x00000004
+#define NL_FLAG_DNS_HOST_NAME 0x00000008 /* not used */
+#define NL_FLAG_UTF8_COMPUTER_NAME 0x00000010
+ uint32_t Flags;
+ char *Buffer[0];
+} NL_AUTH_MESSAGE;
+
+#define NL_AUTH_MESSAGE_LENGTH 8
+
+/* SignatureAlgorithm */
+#define NL_SIGN_ALG_HMAC_MD5 0x0077
+#define NL_SIGN_ALG_SHA256 0x0013
+
+/* SealAlgorithm */
+#define NL_SEAL_ALG_RC4 0x007A
+#define NL_SEAL_ALG_AES128 0x001A
+#define NL_SEAL_ALG_NONE 0xFFFF
+
+typedef struct {
+ uint16_t SignatureAlgorithm;
+ uint16_t SealAlgorithm;
+ uint16_t Pad;
+ uint16_t Flags;
+ uint8_t SequenceNumber[8];
+ uint8_t Checksum[8];
+ uint8_t Confounder[8];
+} NL_AUTH_SIGNATURE;
+
+#define NL_AUTH_SIGNATURE_HEADER_LENGTH 8
+#define NL_AUTH_SIGNATURE_COMMON_LENGTH 16
+#define NL_AUTH_SIGNATURE_LENGTH 32
+
+typedef struct {
+ uint16_t SignatureAlgorithm;
+ uint16_t SealAlgorithm;
+ uint16_t Pad;
+ uint16_t Flags;
+ uint8_t SequenceNumber[8];
+ uint8_t Checksum[32];
+ uint8_t Confounder[8];
+} NL_AUTH_SHA2_SIGNATURE;
+
+#define NL_AUTH_SHA2_SIGNATURE_LENGTH 56
+
+typedef union {
+ NL_AUTH_SIGNATURE Signature;
+ NL_AUTH_SHA2_SIGNATURE SHA2Signature;
+} NL_AUTH_SIGNATURE_U;
+
+#define NL_AUTH_SIGNATURE_P(_u) (&(_u)->Signature)
+
+typedef struct gssnetlogon_name {
+ gss_buffer_desc NetbiosName;
+ gss_buffer_desc DnsName;
+} *gssnetlogon_name;
+typedef const struct gssnetlogon_name *gssnetlogon_const_name;
+
+typedef struct gssnetlogon_cred {
+ gssnetlogon_name *Name;
+ uint16_t SignatureAlgorithm;
+ uint16_t SealAlgorithm;
+ uint8_t SessionKey[16];
+} *gssnetlogon_cred;
+typedef const struct gssnetlogon_cred *gssnetlogon_const_cred;
+
+typedef struct gssnetlogon_ctx {
+ HEIMDAL_MUTEX Mutex;
+ enum { NL_AUTH_NEGOTIATE, NL_AUTH_ESTABLISHED } State;
+ OM_uint32 GssFlags;
+ uint8_t LocallyInitiated;
+ uint32_t MessageBlockSize;
+ uint16_t SignatureAlgorithm;
+ uint16_t SealAlgorithm;
+ uint64_t SequenceNumber;
+ gssnetlogon_name SourceName;
+ gssnetlogon_name TargetName;
+ uint8_t SessionKey[16];
+} *gssnetlogon_ctx;
+
+#include <netlogon-private.h>
+
+#endif /* NETLOGON_NETLOGON_H */
diff --git a/third_party/heimdal/lib/gssapi/netlogon/process_context_token.c b/third_party/heimdal/lib/gssapi/netlogon/process_context_token.c
new file mode 100644
index 0000000..0f83613
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/process_context_token.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2009 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_process_context_token (
+ OM_uint32 *minor_status,
+ gss_const_ctx_id_t context_handle,
+ const gss_buffer_t token_buffer
+ )
+{
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/netlogon/regen.sh b/third_party/heimdal/lib/gssapi/netlogon/regen.sh
new file mode 100644
index 0000000..b034dbf
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/regen.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+perl ../../../cf/make-proto.pl -q -P comment -p netlogon-private.h *.c
diff --git a/third_party/heimdal/lib/gssapi/netlogon/release_cred.c b/third_party/heimdal/lib/gssapi/netlogon/release_cred.c
new file mode 100644
index 0000000..7db71b6
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/release_cred.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_release_cred
+ (OM_uint32 * minor_status,
+ gss_cred_id_t * cred_handle
+ )
+{
+ gssnetlogon_cred cred = (gssnetlogon_cred)*cred_handle;
+
+ if (cred != NULL) {
+ _netlogon_release_name(minor_status, (gss_name_t *)&cred->Name);
+ memset(cred, 0, sizeof(*cred));
+ free(cred);
+ *cred_handle = GSS_C_NO_CREDENTIAL;
+ }
+
+ return GSS_S_COMPLETE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/netlogon/release_name.c b/third_party/heimdal/lib/gssapi/netlogon/release_name.c
new file mode 100644
index 0000000..27ca018
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/netlogon/release_name.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2010 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "netlogon.h"
+
+OM_uint32 _netlogon_release_name
+ (OM_uint32 * minor_status,
+ gss_name_t * input_name
+ )
+{
+ gssnetlogon_name name = (gssnetlogon_name)*input_name;
+
+ if (name != NULL) {
+ gss_release_buffer(minor_status, &name->NetbiosName);
+ gss_release_buffer(minor_status, &name->DnsName);
+ free(name);
+ *input_name = GSS_C_NO_NAME;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}