diff options
Diffstat (limited to 'third_party/heimdal/lib/gssapi/ntlm')
32 files changed, 3832 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/gssapi/ntlm/accept_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/accept_sec_context.c new file mode 100644 index 0000000..6a3e889 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/accept_sec_context.c @@ -0,0 +1,256 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +/* + * + */ + +OM_uint32 +_gss_ntlm_allocate_ctx(OM_uint32 *minor_status, ntlm_ctx *ctx) +{ + OM_uint32 maj_stat; + struct ntlm_server_interface *ns_interface = NULL; + +#ifdef DIGEST + ns_interface = &ntlmsspi_kdc_digest; +#endif + if (ns_interface == NULL) + return GSS_S_FAILURE; + + *ctx = calloc(1, sizeof(**ctx)); + if (*ctx == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + (*ctx)->server = ns_interface; + + maj_stat = (*(*ctx)->server->nsi_init)(minor_status, &(*ctx)->ictx); + if (maj_stat == GSS_S_COMPLETE) + return GSS_S_COMPLETE; + + if (*ctx) + free(*ctx); + (*ctx) = NULL; + + return maj_stat; +} + +/* + * + */ + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_accept_sec_context +(OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + gss_const_cred_id_t acceptor_cred_handle, + const gss_buffer_t input_token_buffer, + const gss_channel_bindings_t input_chan_bindings, + gss_name_t * src_name, + gss_OID * mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec, + gss_cred_id_t * delegated_cred_handle + ) +{ + krb5_error_code ret; + struct ntlm_buf data; + OM_uint32 junk; + ntlm_ctx ctx; + + output_token->value = NULL; + output_token->length = 0; + + *minor_status = 0; + + if (context_handle == NULL) + return GSS_S_FAILURE; + + if (input_token_buffer == GSS_C_NO_BUFFER) + return GSS_S_FAILURE; + + if (src_name) + *src_name = GSS_C_NO_NAME; + if (mech_type) + *mech_type = GSS_C_NO_OID; + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + if (delegated_cred_handle) + *delegated_cred_handle = GSS_C_NO_CREDENTIAL; + + if (*context_handle == GSS_C_NO_CONTEXT) { + struct ntlm_type1 type1; + OM_uint32 major_status; + OM_uint32 retflags; + struct ntlm_buf out; + + major_status = _gss_ntlm_allocate_ctx(minor_status, &ctx); + if (major_status) + return major_status; + *context_handle = (gss_ctx_id_t)ctx; + + /* check if the mechs is allowed by remote service */ + major_status = (*ctx->server->nsi_probe)(minor_status, ctx->ictx, NULL); + if (major_status) { + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + return major_status; + } + + data.data = input_token_buffer->value; + data.length = input_token_buffer->length; + + ret = heim_ntlm_decode_type1(&data, &type1); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + *minor_status = ret; + return GSS_S_DEFECTIVE_TOKEN; + } + + if ((type1.flags & NTLM_NEG_UNICODE) == 0) { + heim_ntlm_free_type1(&type1); + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + if (type1.flags & NTLM_NEG_SIGN) + ctx->gssflags |= GSS_C_CONF_FLAG; + if (type1.flags & NTLM_NEG_SIGN) + ctx->gssflags |= GSS_C_INTEG_FLAG; + + major_status = (*ctx->server->nsi_type2)(minor_status, + ctx->ictx, + type1.flags, + type1.hostname, + type1.domain, + &retflags, + &out); + heim_ntlm_free_type1(&type1); + if (major_status != GSS_S_COMPLETE) { + OM_uint32 gunk; + _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL); + return major_status; + } + + output_token->value = malloc(out.length); + if (output_token->value == NULL && out.length != 0) { + OM_uint32 gunk; + heim_ntlm_free_buf(&out); + _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(output_token->value, out.data, out.length); + output_token->length = out.length; + heim_ntlm_free_buf(&out); + + ctx->flags = retflags; + + return GSS_S_CONTINUE_NEEDED; + } else { + OM_uint32 maj_stat; + struct ntlm_type3 type3; + struct ntlm_buf session; + + ctx = (ntlm_ctx)*context_handle; + + data.data = input_token_buffer->value; + data.length = input_token_buffer->length; + + ret = heim_ntlm_decode_type3(&data, 1, &type3); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + *minor_status = ret; + return GSS_S_DEFECTIVE_TOKEN; + } + + maj_stat = (*ctx->server->nsi_type3)(minor_status, + ctx->ictx, + &type3, + &session); + if (maj_stat) { + heim_ntlm_free_type3(&type3); + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + return maj_stat; + } + + if (src_name) { + ntlm_name n = calloc(1, sizeof(*n)); + if (n) { + n->user = strdup(type3.username); + n->domain = strdup(type3.targetname); + } + if (n == NULL || n->user == NULL || n->domain == NULL) { + gss_name_t tempn = (gss_name_t)n; + _gss_ntlm_release_name(&junk, &tempn); + heim_ntlm_free_type3(&type3); + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + return maj_stat; + } + *src_name = (gss_name_t)n; + } + + heim_ntlm_free_type3(&type3); + + ret = krb5_data_copy(&ctx->sessionkey, + session.data, session.length); + if (ret) { + if (src_name) + _gss_ntlm_release_name(&junk, src_name); + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + *minor_status = ret; + return GSS_S_FAILURE; + } + + _gss_ntlm_set_keys(ctx); + + if (mech_type) + *mech_type = GSS_NTLM_MECHANISM; + if (time_rec) + *time_rec = GSS_C_INDEFINITE; + + ctx->status |= STATUS_OPEN; + + if (ret_flags) + *ret_flags = ctx->gssflags; + + return GSS_S_COMPLETE; + } +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/acquire_cred.c b/third_party/heimdal/lib/gssapi/ntlm/acquire_cred.c new file mode 100644 index 0000000..a6b151f --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/acquire_cred.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_acquire_cred_from(OM_uint32 *min_stat, + gss_const_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_const_key_value_set_t cred_store, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) +{ + ntlm_name name = (ntlm_name) desired_name; + OM_uint32 maj_stat; + ntlm_ctx ctx; + + *min_stat = 0; + *output_cred_handle = GSS_C_NO_CREDENTIAL; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + if (time_rec) + *time_rec = GSS_C_INDEFINITE; + + if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) { + int ret; + + maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx); + if (maj_stat != GSS_S_COMPLETE) + return maj_stat; + + ret = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, NULL); + { + gss_ctx_id_t context = (gss_ctx_id_t)ctx; + OM_uint32 junk; + _gss_ntlm_delete_sec_context(&junk, &context, NULL); + } + if (ret) { + *min_stat = ret; + return GSS_S_NO_CRED; + } + } + if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) { + ntlm_cred cred; + + *min_stat = _gss_ntlm_get_user_cred(name, &cred); + if (*min_stat) + return GSS_S_NO_CRED; + cred->usage = cred_usage; + + *output_cred_handle = (gss_cred_id_t)cred; + } + + return (GSS_S_COMPLETE); +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/add_cred.c b/third_party/heimdal/lib/gssapi/ntlm/add_cred.c new file mode 100644 index 0000000..1517232 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/add_cred.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_add_cred ( + OM_uint32 *minor_status, + gss_const_cred_id_t input_cred_handle, + gss_const_name_t desired_name, + const gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec) +{ + if (minor_status) + *minor_status = 0; + if (output_cred_handle) + *output_cred_handle = GSS_C_NO_CREDENTIAL; + if (actual_mechs) + *actual_mechs = GSS_C_NO_OID_SET; + if (initiator_time_rec) + *initiator_time_rec = 0; + if (acceptor_time_rec) + *acceptor_time_rec = 0; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/canonicalize_name.c b/third_party/heimdal/lib/gssapi/ntlm/canonicalize_name.c new file mode 100644 index 0000000..3409b3b --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/canonicalize_name.c @@ -0,0 +1,45 @@ +/* + * Copyright (c) 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_canonicalize_name ( + OM_uint32 * minor_status, + gss_const_name_t input_name, + const gss_OID mech_type, + gss_name_t * output_name + ) +{ + return gss_duplicate_name (minor_status, input_name, output_name); +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/compare_name.c b/third_party/heimdal/lib/gssapi/ntlm/compare_name.c new file mode 100644 index 0000000..d185ab9 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/compare_name.c @@ -0,0 +1,45 @@ +/* + * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_compare_name + (OM_uint32 * minor_status, + gss_const_name_t name1, + gss_const_name_t name2, + int * name_equal + ) +{ + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/context_time.c b/third_party/heimdal/lib/gssapi/ntlm/context_time.c new file mode 100644 index 0000000..589ee2a --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/context_time.c @@ -0,0 +1,45 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_context_time + (OM_uint32 * minor_status, + gss_const_ctx_id_t context_handle, + OM_uint32 * time_rec + ) +{ + if (time_rec) + *time_rec = GSS_C_INDEFINITE; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/creds.c b/third_party/heimdal/lib/gssapi/ntlm/creds.c new file mode 100644 index 0000000..5794015 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/creds.c @@ -0,0 +1,159 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_cred + (OM_uint32 * minor_status, + gss_const_cred_id_t cred_handle, + gss_name_t * name, + OM_uint32 * lifetime, + gss_cred_usage_t * cred_usage, + gss_OID_set * mechanisms + ) +{ + OM_uint32 ret, junk; + + *minor_status = 0; + + if (cred_handle == NULL) + return GSS_S_NO_CRED; + + if (name) { + ntlm_name n = calloc(1, sizeof(*n)); + ntlm_cred c = (ntlm_cred)cred_handle; + if (n) { + n->user = strdup(c->username); + n->domain = strdup(c->domain); + } + if (n == NULL || n->user == NULL || n->domain == NULL) { + if (n) { + free(n->user); + free(n->domain); + free(n); + } + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + *name = (gss_name_t)n; + } + if (lifetime) + *lifetime = GSS_C_INDEFINITE; + if (cred_usage) + *cred_usage = 0; + if (mechanisms) + *mechanisms = GSS_C_NO_OID_SET; + if (mechanisms) { + ret = gss_create_empty_oid_set(minor_status, mechanisms); + if (ret) + goto out; + ret = gss_add_oid_set_member(minor_status, + GSS_NTLM_MECHANISM, + mechanisms); + if (ret) + goto out; + } + + return GSS_S_COMPLETE; +out: + gss_release_oid_set(&junk, mechanisms); + return ret; +} + +#ifdef HAVE_KCM +static OM_uint32 +_gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle) +{ + krb5_storage *request, *response; + krb5_data response_data; + krb5_context context; + krb5_error_code ret; + ntlm_cred cred; + + cred = (ntlm_cred)*cred_handle; + + ret = krb5_init_context(&context); + if (ret) + return ret; + + ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request); + if (ret) + goto out; + + ret = krb5_store_stringz(request, cred->username); + if (ret) + goto out; + + ret = krb5_store_stringz(request, cred->domain); + if (ret) + goto out; + + ret = krb5_kcm_call(context, request, &response, &response_data); + if (ret) + goto out; + + krb5_storage_free(request); + krb5_storage_free(response); + krb5_data_free(&response_data); + + out: + krb5_free_context(context); + + return ret; +} +#endif /* HAVE_KCM */ + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_destroy_cred(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle) +{ +#ifdef HAVE_KCM + krb5_error_code ret; +#endif + + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_COMPLETE; + +#ifdef HAVE_KCM + ret = _gss_ntlm_destroy_kcm_cred(cred_handle); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } +#endif + + return _gss_ntlm_release_cred(minor_status, cred_handle); +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/crypto.c b/third_party/heimdal/lib/gssapi/ntlm/crypto.c new file mode 100644 index 0000000..efa71d9 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/crypto.c @@ -0,0 +1,636 @@ +/* + * Copyright (c) 2006-2016 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" +struct hx509_certs_data; +struct krb5_pk_identity; +struct krb5_pk_cert; +struct ContentInfo; +struct AlgorithmIdentifier; +struct _krb5_krb_auth_data; +struct krb5_dh_moduli; +struct _krb5_key_data; +struct _krb5_encryption_type; +struct _krb5_key_type; +#include "krb5_locl.h" + +/* + * + */ + +static void +encode_le_uint32(uint32_t n, unsigned char *p) +{ + p[0] = (n >> 0) & 0xFF; + p[1] = (n >> 8) & 0xFF; + p[2] = (n >> 16) & 0xFF; + p[3] = (n >> 24) & 0xFF; +} + + +static void +decode_le_uint32(const void *ptr, uint32_t *n) +{ + const unsigned char *p = ptr; + *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24); +} + +/* + * + */ + +const char a2i_signmagic[] = + "session key to server-to-client signing key magic constant"; +const char a2i_sealmagic[] = + "session key to server-to-client sealing key magic constant"; +const char i2a_signmagic[] = + "session key to client-to-server signing key magic constant"; +const char i2a_sealmagic[] = + "session key to client-to-server sealing key magic constant"; + + +void +_gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign, + unsigned char *data, size_t len) +{ + unsigned char out[16]; + EVP_MD_CTX *ctx; + const char *signmagic; + const char *sealmagic; + + if (acceptor) { + signmagic = a2i_signmagic; + sealmagic = a2i_sealmagic; + } else { + signmagic = i2a_signmagic; + sealmagic = i2a_sealmagic; + } + + key->seq = 0; + + ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, data, len); + EVP_DigestUpdate(ctx, signmagic, strlen(signmagic) + 1); + EVP_DigestFinal_ex(ctx, key->signkey, NULL); + + EVP_DigestInit_ex(ctx, EVP_md5(), NULL); + EVP_DigestUpdate(ctx, data, len); + EVP_DigestUpdate(ctx, sealmagic, strlen(sealmagic) + 1); + EVP_DigestFinal_ex(ctx, out, NULL); + EVP_MD_CTX_destroy(ctx); + + RC4_set_key(&key->sealkey, 16, out); + if (sealsign) + key->signsealkey = &key->sealkey; +} + +/* + * Set (or reset) keys + */ + +void +_gss_ntlm_set_keys(ntlm_ctx ctx) +{ + int acceptor; + + if (ctx->sessionkey.length == 0) + return; + + acceptor = !(ctx->status & STATUS_CLIENT); + + ctx->status |= STATUS_SESSIONKEY; + + if (ctx->flags & NTLM_NEG_NTLM2_SESSION) { + _gss_ntlm_set_key(&ctx->u.v2.send, acceptor, + (ctx->flags & NTLM_NEG_KEYEX), + ctx->sessionkey.data, + ctx->sessionkey.length); + _gss_ntlm_set_key(&ctx->u.v2.recv, !acceptor, + (ctx->flags & NTLM_NEG_KEYEX), + ctx->sessionkey.data, + ctx->sessionkey.length); + } else { + ctx->u.v1.crypto_send.seq = 0; + RC4_set_key(&ctx->u.v1.crypto_send.key, + ctx->sessionkey.length, + ctx->sessionkey.data); + ctx->u.v1.crypto_recv.seq = 0; + RC4_set_key(&ctx->u.v1.crypto_recv.key, + ctx->sessionkey.length, + ctx->sessionkey.data); + } +} + +/* + * + */ + +static OM_uint32 +v1_sign_message(gss_buffer_t in, + RC4_KEY *signkey, + uint32_t seq, + unsigned char out[16]) +{ + unsigned char sigature[12]; + uint32_t crc; + + _krb5_crc_init_table(); + crc = _krb5_crc_update(in->value, in->length, 0); + + encode_le_uint32(0, &sigature[0]); + encode_le_uint32(crc, &sigature[4]); + encode_le_uint32(seq, &sigature[8]); + + encode_le_uint32(1, out); /* version */ + RC4(signkey, sizeof(sigature), sigature, out + 4); + + if (RAND_bytes(out + 4, 4) != 1) + return GSS_S_UNAVAILABLE; + + return 0; +} + + +static OM_uint32 +v2_sign_message(gss_buffer_t in, + unsigned char signkey[16], + RC4_KEY *sealkey, + uint32_t seq, + unsigned char out[16]) +{ + unsigned char hmac[16]; + unsigned int hmaclen; + HMAC_CTX c; + + HMAC_CTX_init(&c); + if (HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL) == 0) { + HMAC_CTX_cleanup(&c); + return GSS_S_FAILURE; + } + + encode_le_uint32(seq, hmac); + HMAC_Update(&c, hmac, 4); + HMAC_Update(&c, in->value, in->length); + HMAC_Final(&c, hmac, &hmaclen); + HMAC_CTX_cleanup(&c); + + encode_le_uint32(1, &out[0]); + if (sealkey) + RC4(sealkey, 8, hmac, &out[4]); + else + memcpy(&out[4], hmac, 8); + + memset(&out[12], 0, 4); + + return GSS_S_COMPLETE; +} + +static OM_uint32 +v2_verify_message(gss_buffer_t in, + unsigned char signkey[16], + RC4_KEY *sealkey, + uint32_t seq, + const unsigned char checksum[16]) +{ + OM_uint32 ret; + unsigned char out[16]; + + ret = v2_sign_message(in, signkey, sealkey, seq, out); + if (ret) + return ret; + + if (memcmp(checksum, out, 16) != 0) + return GSS_S_BAD_MIC; + + return GSS_S_COMPLETE; +} + +static OM_uint32 +v2_seal_message(const gss_buffer_t in, + unsigned char signkey[16], + uint32_t seq, + RC4_KEY *sealkey, + gss_buffer_t out) +{ + unsigned char *p; + OM_uint32 ret; + + if (in->length + 16 < in->length) + return EINVAL; + + p = malloc(in->length + 16); + if (p == NULL) + return ENOMEM; + + RC4(sealkey, in->length, in->value, p); + + ret = v2_sign_message(in, signkey, sealkey, seq, &p[in->length]); + if (ret) { + free(p); + return ret; + } + + out->value = p; + out->length = in->length + 16; + + return 0; +} + +static OM_uint32 +v2_unseal_message(gss_buffer_t in, + unsigned char signkey[16], + uint32_t seq, + RC4_KEY *sealkey, + gss_buffer_t out) +{ + OM_uint32 ret; + + if (in->length < 16) + return GSS_S_BAD_MIC; + + out->length = in->length - 16; + out->value = malloc(out->length); + if (out->value == NULL) + return GSS_S_BAD_MIC; + + RC4(sealkey, out->length, in->value, out->value); + + ret = v2_verify_message(out, signkey, sealkey, seq, + ((const unsigned char *)in->value) + out->length); + if (ret) { + OM_uint32 junk; + gss_release_buffer(&junk, out); + } + return ret; +} + +/* + * + */ + +#define CTX_FLAGS_ISSET(_ctx,_flags) \ + (((_ctx)->flags & (_flags)) == (_flags)) + +/* + * + */ + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_get_mic + (OM_uint32 * minor_status, + gss_const_ctx_id_t context_handle, + gss_qop_t qop_req, + const gss_buffer_t message_buffer, + gss_buffer_t message_token + ) +{ + ntlm_ctx ctx = (ntlm_ctx)context_handle; + OM_uint32 junk; + + *minor_status = 0; + + message_token->value = malloc(16); + message_token->length = 16; + if (message_token->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) { + OM_uint32 ret; + + if ((ctx->status & STATUS_SESSIONKEY) == 0) { + gss_release_buffer(&junk, message_token); + return GSS_S_UNAVAILABLE; + } + + ret = v2_sign_message(message_buffer, + ctx->u.v2.send.signkey, + ctx->u.v2.send.signsealkey, + ctx->u.v2.send.seq++, + message_token->value); + if (ret) + gss_release_buffer(&junk, message_token); + return ret; + + } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) { + OM_uint32 ret; + + if ((ctx->status & STATUS_SESSIONKEY) == 0) { + gss_release_buffer(&junk, message_token); + return GSS_S_UNAVAILABLE; + } + + ret = v1_sign_message(message_buffer, + &ctx->u.v1.crypto_send.key, + ctx->u.v1.crypto_send.seq++, + message_token->value); + if (ret) + gss_release_buffer(&junk, message_token); + return ret; + + } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_ALWAYS_SIGN)) { + unsigned char *sigature; + + sigature = message_token->value; + + encode_le_uint32(1, &sigature[0]); /* version */ + encode_le_uint32(0, &sigature[4]); + encode_le_uint32(0, &sigature[8]); + encode_le_uint32(0, &sigature[12]); + + return GSS_S_COMPLETE; + } + gss_release_buffer(&junk, message_token); + + return GSS_S_UNAVAILABLE; +} + +/* + * + */ + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_verify_mic + (OM_uint32 * minor_status, + gss_const_ctx_id_t context_handle, + const gss_buffer_t message_buffer, + const gss_buffer_t token_buffer, + gss_qop_t * qop_state + ) +{ + ntlm_ctx ctx = (ntlm_ctx)context_handle; + + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; + *minor_status = 0; + + if (token_buffer->length != 16) + return GSS_S_BAD_MIC; + + if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) { + OM_uint32 ret; + + if ((ctx->status & STATUS_SESSIONKEY) == 0) + return GSS_S_UNAVAILABLE; + + ret = v2_verify_message(message_buffer, + ctx->u.v2.recv.signkey, + ctx->u.v2.recv.signsealkey, + ctx->u.v2.recv.seq++, + token_buffer->value); + if (ret) + return ret; + + return GSS_S_COMPLETE; + } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) { + + unsigned char sigature[12]; + uint32_t crc, num; + + if ((ctx->status & STATUS_SESSIONKEY) == 0) + return GSS_S_UNAVAILABLE; + + decode_le_uint32(token_buffer->value, &num); + if (num != 1) + return GSS_S_BAD_MIC; + + RC4(&ctx->u.v1.crypto_recv.key, sizeof(sigature), + ((unsigned char *)token_buffer->value) + 4, sigature); + + _krb5_crc_init_table(); + crc = _krb5_crc_update(message_buffer->value, + message_buffer->length, 0); + /* skip first 4 bytes in the encrypted checksum */ + decode_le_uint32(&sigature[4], &num); + if (num != crc) + return GSS_S_BAD_MIC; + decode_le_uint32(&sigature[8], &num); + if (ctx->u.v1.crypto_recv.seq != num) + return GSS_S_BAD_MIC; + ctx->u.v1.crypto_recv.seq++; + + return GSS_S_COMPLETE; + } else if (ctx->flags & NTLM_NEG_ALWAYS_SIGN) { + uint32_t num; + unsigned char *p; + + p = (unsigned char*)(token_buffer->value); + + decode_le_uint32(&p[0], &num); /* version */ + if (num != 1) return GSS_S_BAD_MIC; + decode_le_uint32(&p[4], &num); + if (num != 0) return GSS_S_BAD_MIC; + decode_le_uint32(&p[8], &num); + if (num != 0) return GSS_S_BAD_MIC; + decode_le_uint32(&p[12], &num); + if (num != 0) return GSS_S_BAD_MIC; + + return GSS_S_COMPLETE; + } + + return GSS_S_UNAVAILABLE; +} + +/* + * + */ + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_wrap_size_limit ( + OM_uint32 * minor_status, + gss_const_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 * max_input_size + ) +{ + ntlm_ctx ctx = (ntlm_ctx)context_handle; + + *minor_status = 0; + + if(ctx->flags & NTLM_NEG_SEAL) { + + if (req_output_size < 16) + *max_input_size = 0; + else + *max_input_size = req_output_size - 16; + + return GSS_S_COMPLETE; + } + + return GSS_S_UNAVAILABLE; +} + +/* + * + */ + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_wrap +(OM_uint32 * minor_status, + gss_const_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + const gss_buffer_t input_message_buffer, + int * conf_state, + gss_buffer_t output_message_buffer + ) +{ + ntlm_ctx ctx = (ntlm_ctx)context_handle; + OM_uint32 ret; + + *minor_status = 0; + if (conf_state) + *conf_state = 0; + if (output_message_buffer == GSS_C_NO_BUFFER) + return GSS_S_FAILURE; + + + if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) { + + return v2_seal_message(input_message_buffer, + ctx->u.v2.send.signkey, + ctx->u.v2.send.seq++, + &ctx->u.v2.send.sealkey, + output_message_buffer); + + } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) { + gss_buffer_desc trailer; + OM_uint32 junk; + + output_message_buffer->length = input_message_buffer->length + 16; + output_message_buffer->value = malloc(output_message_buffer->length); + if (output_message_buffer->value == NULL) { + output_message_buffer->length = 0; + return GSS_S_FAILURE; + } + + + RC4(&ctx->u.v1.crypto_send.key, input_message_buffer->length, + input_message_buffer->value, output_message_buffer->value); + + ret = _gss_ntlm_get_mic(minor_status, context_handle, + 0, input_message_buffer, + &trailer); + if (ret) { + gss_release_buffer(&junk, output_message_buffer); + return ret; + } + if (trailer.length != 16) { + gss_release_buffer(&junk, output_message_buffer); + gss_release_buffer(&junk, &trailer); + return GSS_S_FAILURE; + } + memcpy(((unsigned char *)output_message_buffer->value) + + input_message_buffer->length, + trailer.value, trailer.length); + gss_release_buffer(&junk, &trailer); + + return GSS_S_COMPLETE; + } + + return GSS_S_UNAVAILABLE; +} + +/* + * + */ + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_unwrap + (OM_uint32 * minor_status, + gss_const_ctx_id_t context_handle, + const gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int * conf_state, + gss_qop_t * qop_state + ) +{ + ntlm_ctx ctx = (ntlm_ctx)context_handle; + OM_uint32 ret; + + *minor_status = 0; + output_message_buffer->value = NULL; + output_message_buffer->length = 0; + + if (conf_state) + *conf_state = 0; + if (qop_state) + *qop_state = 0; + + if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) { + + return v2_unseal_message(input_message_buffer, + ctx->u.v2.recv.signkey, + ctx->u.v2.recv.seq++, + &ctx->u.v2.recv.sealkey, + output_message_buffer); + + } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) { + + gss_buffer_desc trailer; + OM_uint32 junk; + + if (input_message_buffer->length < 16) + return GSS_S_BAD_MIC; + + output_message_buffer->length = input_message_buffer->length - 16; + output_message_buffer->value = malloc(output_message_buffer->length); + if (output_message_buffer->value == NULL) { + output_message_buffer->length = 0; + return GSS_S_FAILURE; + } + + RC4(&ctx->u.v1.crypto_recv.key, output_message_buffer->length, + input_message_buffer->value, output_message_buffer->value); + + trailer.value = ((unsigned char *)input_message_buffer->value) + + output_message_buffer->length; + trailer.length = 16; + + ret = _gss_ntlm_verify_mic(minor_status, context_handle, + output_message_buffer, + &trailer, NULL); + if (ret) { + gss_release_buffer(&junk, output_message_buffer); + return ret; + } + + return GSS_S_COMPLETE; + } + + return GSS_S_UNAVAILABLE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/delete_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/delete_sec_context.c new file mode 100644 index 0000000..57587a0 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/delete_sec_context.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_delete_sec_context + (OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + gss_buffer_t output_token + ) +{ + OM_uint32 min; + + if (context_handle) { + ntlm_ctx ctx = (ntlm_ctx)*context_handle; + gss_cred_id_t cred = (gss_cred_id_t)ctx->client; + + *context_handle = GSS_C_NO_CONTEXT; + + if (ctx->server) + (*ctx->server->nsi_destroy)(minor_status, ctx->ictx); + + _gss_ntlm_release_cred(NULL, &cred); + memset_s(ctx->sessionkey.data, ctx->sessionkey.length, 0, + ctx->sessionkey.length); + krb5_data_free(&ctx->sessionkey); + gss_release_buffer(&min, &ctx->pac); + + memset(ctx, 0, sizeof(*ctx)); + free(ctx); + } + if (output_token) { + output_token->length = 0; + output_token->value = NULL; + } + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/display_name.c b/third_party/heimdal/lib/gssapi/ntlm/display_name.c new file mode 100644 index 0000000..59d2c84 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/display_name.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_display_name + (OM_uint32 * minor_status, + gss_const_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID * output_name_type + ) +{ + *minor_status = 0; + + if (output_name_type) + *output_name_type = GSS_NTLM_MECHANISM; + + if (output_name_buffer) { + ntlm_name n = (ntlm_name)input_name; + char *str = NULL; + int len; + + output_name_buffer->length = 0; + output_name_buffer->value = NULL; + + if (n == NULL) { + *minor_status = 0; + return GSS_S_BAD_NAME; + } + + len = asprintf(&str, "%s@%s", n->user, n->domain); + if (len < 0 || str == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + output_name_buffer->length = len; + output_name_buffer->value = str; + } + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/display_status.c b/third_party/heimdal/lib/gssapi/ntlm/display_status.c new file mode 100644 index 0000000..c9e1792 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/display_status.c @@ -0,0 +1,54 @@ +/* + * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_display_status + (OM_uint32 *minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 *message_context, + gss_buffer_t status_string) +{ + if (minor_status) + *minor_status = 0; + if (status_string) { + status_string->length = 0; + status_string->value = NULL; + } + if (message_context) + *message_context = 0; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/duplicate_cred.c b/third_party/heimdal/lib/gssapi/ntlm/duplicate_cred.c new file mode 100644 index 0000000..d05f9fa --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/duplicate_cred.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2006-2018 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_duplicate_cred(OM_uint32 *minor_status, + gss_const_cred_id_t input_cred_handle, + gss_cred_id_t *output_cred_handle) +{ + ntlm_const_cred cred = (ntlm_const_cred)input_cred_handle; + ntlm_cred new_cred; + OM_uint32 junk; + + if (input_cred_handle == GSS_C_NO_CREDENTIAL) + return _gss_ntlm_acquire_cred_from(minor_status, GSS_C_NO_NAME, + GSS_C_INDEFINITE, GSS_C_NO_OID_SET, + GSS_C_BOTH, GSS_C_NO_CRED_STORE, + output_cred_handle, NULL, NULL); + + *output_cred_handle = GSS_C_NO_CREDENTIAL; + + *minor_status = _gss_ntlm_copy_cred((ntlm_cred)input_cred_handle, + (ntlm_cred *)output_cred_handle); + + return *minor_status == 0 ? GSS_S_COMPLETE : GSS_S_FAILURE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/duplicate_name.c b/third_party/heimdal/lib/gssapi/ntlm/duplicate_name.c new file mode 100644 index 0000000..060fa55 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/duplicate_name.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_duplicate_name ( + OM_uint32 * minor_status, + gss_const_name_t src_name, + gss_name_t * dest_name + ) +{ + if (minor_status) + *minor_status = 0; + if (dest_name) + *dest_name = NULL; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/export_name.c b/third_party/heimdal/lib/gssapi/ntlm/export_name.c new file mode 100644 index 0000000..e5bdca4 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/export_name.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_export_name + (OM_uint32 * minor_status, + gss_const_name_t input_name, + gss_buffer_t exported_name + ) +{ + if (minor_status) + *minor_status = 0; + if (exported_name) { + exported_name->length = 0; + exported_name->value = NULL; + } + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/export_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/export_sec_context.c new file mode 100644 index 0000000..027a921 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/export_sec_context.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_export_sec_context ( + OM_uint32 * minor_status, + gss_ctx_id_t * context_handle, + gss_buffer_t interprocess_token + ) +{ + if (minor_status) + *minor_status = 0; + if (interprocess_token) { + interprocess_token->length = 0; + interprocess_token->value = NULL; + } + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/external.c b/third_party/heimdal/lib/gssapi/ntlm/external.c new file mode 100644 index 0000000..ff2cd2d --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/external.c @@ -0,0 +1,140 @@ +/* + * Copyright (c) 2006-2018 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +static gss_mo_desc ntlm_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + rk_UNCONST("NTLM"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + rk_UNCONST("NTLMSPP"), + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + rk_UNCONST("Heimdal NTLMSSP Mechanism"), + _gss_mo_get_ctx_as_string, + NULL + } +}; + +static gssapi_mech_interface_desc ntlm_mech = { + GMI_VERSION, + "ntlm", + {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") }, + 0, + NULL, + _gss_ntlm_release_cred, + _gss_ntlm_init_sec_context, + _gss_ntlm_accept_sec_context, + _gss_ntlm_process_context_token, + _gss_ntlm_delete_sec_context, + _gss_ntlm_context_time, + _gss_ntlm_get_mic, + _gss_ntlm_verify_mic, + _gss_ntlm_wrap, + _gss_ntlm_unwrap, + _gss_ntlm_display_status, + NULL, + _gss_ntlm_compare_name, + _gss_ntlm_display_name, + _gss_ntlm_import_name, + _gss_ntlm_export_name, + _gss_ntlm_release_name, + _gss_ntlm_inquire_cred, + _gss_ntlm_inquire_context, + _gss_ntlm_wrap_size_limit, + _gss_ntlm_add_cred, + _gss_ntlm_inquire_cred_by_mech, + _gss_ntlm_export_sec_context, + _gss_ntlm_import_sec_context, + _gss_ntlm_inquire_names_for_mech, + _gss_ntlm_inquire_mechs_for_name, + _gss_ntlm_canonicalize_name, + _gss_ntlm_duplicate_name, + _gss_ntlm_inquire_sec_context_by_oid, + NULL, + _gss_ntlm_set_sec_context_option, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + _gss_ntlm_acquire_cred_from, + NULL, /* gm_acquire_cred_impersonate_name */ + _gss_ntlm_iter_creds_f, + _gss_ntlm_destroy_cred, + NULL, + NULL, + NULL, + NULL, + ntlm_mo, + sizeof(ntlm_mo) / sizeof(ntlm_mo[0]), + NULL, /* gm_localname */ + NULL, /* gm_authorize_localname */ + NULL, /* gm_display_name_ext */ + NULL, /* gm_inquire_name */ + NULL, /* gm_get_name_attribute */ + NULL, /* gm_set_name_attribute */ + NULL, /* gm_delete_name_attribute */ + NULL, /* gm_export_name_composite */ + NULL, /* gm_duplicate_cred */ + NULL, /* gm_add_cred_from */ + NULL, /* gm_store_cred_into */ + NULL, /* gm_query_mechanism_info */ + NULL, /* gm_query_meta_data */ + NULL, /* gm_exchange_meta_data */ + NULL, /* gm_store_cred_into2 */ + NULL, /* gm_compat */ +}; + +gssapi_mech_interface +__gss_ntlm_initialize(void) +{ + return &ntlm_mech; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/import_name.c b/third_party/heimdal/lib/gssapi/ntlm/import_name.c new file mode 100644 index 0000000..e75388d --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/import_name.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_import_name + (OM_uint32 * minor_status, + const gss_buffer_t input_name_buffer, + const gss_OID input_name_type, + gss_name_t * output_name + ) +{ + char *name, *p, *p2; + int is_hostnamed; + int is_username; + ntlm_name n; + + *minor_status = 0; + + if (output_name == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *output_name = GSS_C_NO_NAME; + + is_hostnamed = gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE); + is_username = gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME); + + if (!is_hostnamed && !is_username) + return GSS_S_BAD_NAMETYPE; + + name = malloc(input_name_buffer->length + 1); + if (name == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(name, input_name_buffer->value, input_name_buffer->length); + name[input_name_buffer->length] = '\0'; + + /* find "domain" part of the name and uppercase it */ + p = strchr(name, '@'); + if (p == NULL) { + free(name); + return GSS_S_BAD_NAME; + } + p[0] = '\0'; + p++; + p2 = strchr(p, '.'); + if (p2 && p2[1] != '\0') { + if (is_hostnamed) { + p = p2 + 1; + p2 = strchr(p, '.'); + } + if (p2) + *p2 = '\0'; + } + strupr(p); + + n = calloc(1, sizeof(*n)); + if (n == NULL) { + free(name); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + n->user = strdup(name); + n->domain = strdup(p); + + free(name); + + if (n->user == NULL || n->domain == NULL) { + free(n->user); + free(n->domain); + free(n); + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + *output_name = (gss_name_t)n; + + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/import_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/import_sec_context.c new file mode 100644 index 0000000..fe637c0 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/import_sec_context.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_import_sec_context ( + OM_uint32 * minor_status, + const gss_buffer_t interprocess_token, + gss_ctx_id_t * context_handle + ) +{ + if (minor_status) + *minor_status = 0; + if (context_handle) + *context_handle = GSS_C_NO_CONTEXT; + return GSS_S_FAILURE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/indicate_mechs.c b/third_party/heimdal/lib/gssapi/ntlm/indicate_mechs.c new file mode 100644 index 0000000..7cda475 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/indicate_mechs.c @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 _gss_ntlm_indicate_mechs +(OM_uint32 * minor_status, + gss_OID_set * mech_set + ) +{ + if (minor_status) + *minor_status = 0; + if (mech_set) + *mech_set = GSS_C_NO_OID_SET; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/init_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/init_sec_context.c new file mode 100644 index 0000000..be9c987 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/init_sec_context.c @@ -0,0 +1,536 @@ +/* + * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +static int +from_file(const char *fn, const char *target_domain, + char **domainp, char **usernamep, struct ntlm_buf *key) +{ + char *str, buf[1024]; + FILE *f; + + *domainp = NULL; + + f = fopen(fn, "r"); + if (f == NULL) + return ENOENT; + rk_cloexec_file(f); + + while (fgets(buf, sizeof(buf), f) != NULL) { + char *d, *u, *p; + buf[strcspn(buf, "\r\n")] = '\0'; + if (buf[0] == '#') + continue; + str = NULL; + d = strtok_r(buf, ":", &str); + free(*domainp); + *domainp = NULL; + if (!d) + continue; + if (d && target_domain != NULL && strcasecmp(target_domain, d) != 0) + continue; + *domainp = strdup(d); + if (*domainp == NULL) { + fclose(f); + return ENOMEM; + } + u = strtok_r(NULL, ":", &str); + p = strtok_r(NULL, ":", &str); + if (u == NULL || p == NULL) + continue; + + *usernamep = strdup(u); + if (*usernamep == NULL) { + fclose(f); + return ENOMEM; + } + heim_ntlm_nt_key(p, key); + + memset_s(buf, sizeof(buf), 0, sizeof(buf)); + fclose(f); + return 0; + } + memset_s(buf, sizeof(buf), 0, sizeof(buf)); + fclose(f); + return ENOENT; +} + +static int +get_user_file(const ntlm_name target_name, + char **domainp, char **usernamep, struct ntlm_buf *key) +{ + const char *domain; + const char *fn; + + *domainp = NULL; + + domain = target_name != NULL ? target_name->domain : NULL; + + fn = secure_getenv("NTLM_USER_FILE"); + if (fn == NULL) + return ENOENT; + if (from_file(fn, domain, domainp, usernamep, key) == 0) + return 0; + + return ENOENT; +} + +/* + * Pick up the ntlm cred from the default krb5 credential cache. + */ + +static int +get_user_ccache(const ntlm_name name, char **domainp, char **usernamep, struct ntlm_buf *key) +{ + krb5_context context = NULL; + krb5_principal client; + krb5_ccache id = NULL; + krb5_error_code ret; + char *confname; + krb5_data data; + int aret; + + *domainp = NULL; + *usernamep = NULL; + krb5_data_zero(&data); + key->length = 0; + key->data = NULL; + + ret = krb5_init_context(&context); + if (ret) + return ret; + + ret = krb5_cc_default(context, &id); + if (ret) + goto out; + + ret = krb5_cc_get_principal(context, id, &client); + if (ret) + goto out; + + ret = krb5_unparse_name_flags(context, client, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, + usernamep); + krb5_free_principal(context, client); + if (ret) + goto out; + + if (name != NULL) { + *domainp = strdup(name->domain); + } else { + krb5_data data_domain; + + krb5_data_zero(&data_domain); + ret = krb5_cc_get_config(context, id, NULL, "default-ntlm-domain", + &data_domain); + if (ret) + goto out; + + *domainp = strndup(data_domain.data, data_domain.length); + krb5_data_free(&data_domain); + } + + if (*domainp == NULL) { + ret = krb5_enomem(context); + goto out; + } + + aret = asprintf(&confname, "ntlm-key-%s", *domainp); + if (aret == -1) { + ret = krb5_enomem(context); + goto out; + } + + ret = krb5_cc_get_config(context, id, NULL, confname, &data); + if (ret) + goto out; + + key->data = malloc(data.length); + if (key->data == NULL) { + ret = ENOMEM; + goto out; + } + key->length = data.length; + memcpy(key->data, data.data, data.length); + + out: + krb5_data_free(&data); + if (id) + krb5_cc_close(context, id); + + krb5_free_context(context); + + return ret; +} + +int +_gss_ntlm_get_user_cred(const ntlm_name target_name, + ntlm_cred *rcred) +{ + ntlm_cred cred; + int ret; + + cred = calloc(1, sizeof(*cred)); + if (cred == NULL) + return ENOMEM; + + ret = get_user_file(target_name, + &cred->domain, &cred->username, &cred->key); + if (ret) + ret = get_user_ccache(target_name, + &cred->domain, &cred->username, &cred->key); + if (ret) { + OM_uint32 tmp; + _gss_ntlm_release_cred(&tmp, (gss_cred_id_t *)&cred); + return ret; + } + + *rcred = cred; + + return ret; +} + +int +_gss_ntlm_copy_cred(ntlm_cred from, ntlm_cred *to) +{ + *to = calloc(1, sizeof(**to)); + if (*to == NULL) + return ENOMEM; + (*to)->usage = from->usage; + (*to)->username = strdup(from->username); + if ((*to)->username == NULL) { + free(*to); + return ENOMEM; + } + (*to)->domain = strdup(from->domain); + if ((*to)->domain == NULL) { + free((*to)->username); + free(*to); + return ENOMEM; + } + (*to)->key.data = malloc(from->key.length); + if ((*to)->key.data == NULL) { + free((*to)->domain); + free((*to)->username); + free(*to); + return ENOMEM; + } + memcpy((*to)->key.data, from->key.data, from->key.length); + (*to)->key.length = from->key.length; + + return 0; +} + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_init_sec_context + (OM_uint32 * minor_status, + gss_const_cred_id_t initiator_cred_handle, + gss_ctx_id_t * context_handle, + gss_const_name_t target_name, + const gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + const gss_channel_bindings_t input_chan_bindings, + const gss_buffer_t input_token, + gss_OID * actual_mech_type, + gss_buffer_t output_token, + OM_uint32 * ret_flags, + OM_uint32 * time_rec + ) +{ + ntlm_ctx ctx; + ntlm_name name = (ntlm_name)target_name; + + *minor_status = 0; + + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = 0; + if (actual_mech_type) + *actual_mech_type = GSS_C_NO_OID; + + if (*context_handle == GSS_C_NO_CONTEXT) { + struct ntlm_type1 type1; + struct ntlm_buf data; + uint32_t flags = 0; + int ret; + + ctx = calloc(1, sizeof(*ctx)); + if (ctx == NULL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + ctx->status = STATUS_CLIENT; + *context_handle = (gss_ctx_id_t)ctx; + + if (initiator_cred_handle != GSS_C_NO_CREDENTIAL) { + ntlm_cred cred = (ntlm_cred)initiator_cred_handle; + ret = _gss_ntlm_copy_cred(cred, &ctx->client); + } else + ret = _gss_ntlm_get_user_cred(name, &ctx->client); + + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + *minor_status = ret; + return GSS_S_FAILURE; + } + + if (req_flags & GSS_C_CONF_FLAG) + flags |= NTLM_NEG_SEAL; + if (req_flags & GSS_C_INTEG_FLAG) + flags |= NTLM_NEG_SIGN; + else + flags |= NTLM_NEG_ALWAYS_SIGN; + + flags |= NTLM_NEG_UNICODE; + flags |= NTLM_NEG_NTLM; + flags |= NTLM_NEG_NTLM2_SESSION; + flags |= NTLM_NEG_KEYEX; + + memset(&type1, 0, sizeof(type1)); + + type1.flags = flags; + type1.domain = name->domain; + type1.hostname = NULL; + type1.os[0] = 0; + type1.os[1] = 0; + + ret = heim_ntlm_encode_type1(&type1, &data); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + *minor_status = ret; + return GSS_S_FAILURE; + } + + output_token->value = data.data; + output_token->length = data.length; + + return GSS_S_CONTINUE_NEEDED; + } else { + krb5_error_code ret; + struct ntlm_type2 type2; + struct ntlm_type3 type3; + struct ntlm_buf data; + + ctx = (ntlm_ctx)*context_handle; + + data.data = input_token->value; + data.length = input_token->length; + + ret = heim_ntlm_decode_type2(&data, &type2); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + *minor_status = ret; + return GSS_S_DEFECTIVE_TOKEN; + } + + ctx->flags = type2.flags; + + /* XXX check that type2.targetinfo matches `target_name´ */ + /* XXX check verify targetinfo buffer */ + + memset(&type3, 0, sizeof(type3)); + + type3.username = ctx->client->username; + type3.flags = type2.flags; + type3.targetname = type2.targetname; + type3.ws = rk_UNCONST("workstation"); + + /* + * NTLM Version 1 if no targetinfo buffer. + */ + + if (1 || type2.targetinfo.length == 0) { + struct ntlm_buf sessionkey; + + if (type2.flags & NTLM_NEG_NTLM2_SESSION) { + unsigned char nonce[8]; + + if (RAND_bytes(nonce, sizeof(nonce)) != 1) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + heim_ntlm_free_type2(&type2); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = heim_ntlm_calculate_ntlm2_sess(nonce, + type2.challenge, + ctx->client->key.data, + &type3.lm, + &type3.ntlm); + } else { + ret = heim_ntlm_calculate_ntlm1(ctx->client->key.data, + ctx->client->key.length, + type2.challenge, + &type3.ntlm); + + } + if (ret) { + _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL); + heim_ntlm_free_type2(&type2); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = heim_ntlm_build_ntlm1_master(ctx->client->key.data, + ctx->client->key.length, + &sessionkey, + &type3.sessionkey); + if (ret) { + if (type3.lm.data) + free(type3.lm.data); + if (type3.ntlm.data) + free(type3.ntlm.data); + _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL); + heim_ntlm_free_type2(&type2); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_data_copy(&ctx->sessionkey, + sessionkey.data, sessionkey.length); + free(sessionkey.data); + if (ret) { + if (type3.lm.data) + free(type3.lm.data); + if (type3.ntlm.data) + free(type3.ntlm.data); + _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL); + heim_ntlm_free_type2(&type2); + *minor_status = ret; + return GSS_S_FAILURE; + } + ctx->status |= STATUS_SESSIONKEY; + + } else { + struct ntlm_buf sessionkey; + unsigned char ntlmv2[16]; + struct ntlm_targetinfo ti; + + /* verify infotarget */ + + ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti); + if(ret) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + heim_ntlm_free_type2(&type2); + *minor_status = ret; + return GSS_S_DEFECTIVE_TOKEN; + } + + if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + heim_ntlm_free_type2(&type2); + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + ret = heim_ntlm_calculate_ntlm2(ctx->client->key.data, + ctx->client->key.length, + ctx->client->username, + name->domain, + type2.challenge, + &type2.targetinfo, + ntlmv2, + &type3.ntlm); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + heim_ntlm_free_type2(&type2); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2), + &sessionkey, + &type3.sessionkey); + memset_s(ntlmv2, sizeof(ntlmv2), 0, sizeof(ntlmv2)); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + heim_ntlm_free_type2(&type2); + *minor_status = ret; + return GSS_S_FAILURE; + } + + ctx->flags |= NTLM_NEG_NTLM2_SESSION; + + ret = krb5_data_copy(&ctx->sessionkey, + sessionkey.data, sessionkey.length); + free(sessionkey.data); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, + context_handle, NULL); + heim_ntlm_free_type2(&type2); + *minor_status = ret; + return GSS_S_FAILURE; + } + } + + + _gss_ntlm_set_keys(ctx); + + + ret = heim_ntlm_encode_type3(&type3, &data, NULL); + free(type3.sessionkey.data); + if (type3.lm.data) + free(type3.lm.data); + if (type3.ntlm.data) + free(type3.ntlm.data); + if (ret) { + _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); + heim_ntlm_free_type2(&type2); + *minor_status = ret; + return GSS_S_FAILURE; + } + + output_token->length = data.length; + output_token->value = data.data; + + if (actual_mech_type) + *actual_mech_type = GSS_NTLM_MECHANISM; + if (ret_flags) + *ret_flags = 0; + if (time_rec) + *time_rec = GSS_C_INDEFINITE; + + ctx->status |= STATUS_OPEN; + + heim_ntlm_free_type2(&type2); + return GSS_S_COMPLETE; + } +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_context.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_context.c new file mode 100644 index 0000000..741ad6e --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_context.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_context ( + OM_uint32 * minor_status, + gss_const_ctx_id_t context_handle, + gss_name_t * src_name, + gss_name_t * targ_name, + OM_uint32 * lifetime_rec, + gss_OID * mech_type, + OM_uint32 * ctx_flags, + int * locally_initiated, + int * open_context + ) +{ + ntlm_ctx ctx = (ntlm_ctx)context_handle; + + *minor_status = 0; + if (src_name) + *src_name = GSS_C_NO_NAME; + if (targ_name) + *targ_name = GSS_C_NO_NAME; + if (lifetime_rec) + *lifetime_rec = GSS_C_INDEFINITE; + if (mech_type) + *mech_type = GSS_NTLM_MECHANISM; + if (ctx_flags) + *ctx_flags = ctx->gssflags; + if (locally_initiated) + *locally_initiated = (ctx->status & STATUS_CLIENT) ? 1 : 0; + if (open_context) + *open_context = (ctx->status & STATUS_OPEN) ? 1 : 0; + + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c new file mode 100644 index 0000000..ed42094 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_cred_by_mech ( + OM_uint32 * minor_status, + gss_const_cred_id_t cred_handle, + const gss_OID mech_type, + gss_name_t * name, + OM_uint32 * initiator_lifetime, + OM_uint32 * acceptor_lifetime, + gss_cred_usage_t * cred_usage + ) +{ + if (minor_status) + *minor_status = 0; + if (name) + *name = GSS_C_NO_NAME; + if (initiator_lifetime) + *initiator_lifetime = 0; + if (acceptor_lifetime) + *acceptor_lifetime = 0; + if (cred_usage) + *cred_usage = 0; + return GSS_S_UNAVAILABLE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c new file mode 100644 index 0000000..25450ab --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_mechs_for_name ( + OM_uint32 * minor_status, + gss_const_name_t input_name, + gss_OID_set * mech_types + ) +{ + if (minor_status) + *minor_status = 0; + if (mech_types) + *mech_types = GSS_C_NO_OID_SET; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c new file mode 100644 index 0000000..7f49b33 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_names_for_mech ( + OM_uint32 * minor_status, + const gss_OID mechanism, + gss_OID_set * name_types + ) +{ + OM_uint32 ret; + + ret = gss_create_empty_oid_set(minor_status, name_types); + if (ret != GSS_S_COMPLETE) + return ret; + + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c new file mode 100644 index 0000000..2b42b1f --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_inquire_sec_context_by_oid(OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + ntlm_ctx ctx = (ntlm_ctx)context_handle; + + if (ctx == NULL) { + *minor_status = 0; + return GSS_S_NO_CONTEXT; + } + + if (gss_oid_equal(desired_object, GSS_NTLM_GET_SESSION_KEY_X) || + gss_oid_equal(desired_object, GSS_C_INQ_SSPI_SESSION_KEY)) { + gss_buffer_desc value; + + value.length = ctx->sessionkey.length; + value.value = ctx->sessionkey.data; + + return gss_add_buffer_set_member(minor_status, + &value, + data_set); + } else if (gss_oid_equal(desired_object, GSS_C_INQ_WIN2K_PAC_X)) { + if (ctx->pac.length == 0) { + *minor_status = ENOENT; + return GSS_S_FAILURE; + } + + return gss_add_buffer_set_member(minor_status, + &ctx->pac, + data_set); + + } else if (gss_oid_equal(desired_object, GSS_C_NTLM_AVGUEST)) { + gss_buffer_desc value; + uint32_t num; + + if (ctx->kcmflags & KCM_NTLM_FLAG_AV_GUEST) + num = 1; + else + num = 0; + + value.length = sizeof(num); + value.value = # + + return gss_add_buffer_set_member(minor_status, + &value, + data_set); + } else { + *minor_status = 0; + return GSS_S_FAILURE; + } +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/iter_cred.c b/third_party/heimdal/lib/gssapi/ntlm/iter_cred.c new file mode 100644 index 0000000..ee5ec17 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/iter_cred.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +void GSSAPI_CALLCONV +_gss_ntlm_iter_creds_f(OM_uint32 flags, + void *userctx , + void (*cred_iter)(void *, gss_OID, gss_cred_id_t)) +{ +#ifdef HAVE_KCM + krb5_error_code ret; + krb5_context context = NULL; + krb5_storage *request, *response; + krb5_data response_data; + + ret = krb5_init_context(&context); + if (ret) + goto done; + + ret = krb5_kcm_storage_request(context, KCM_OP_GET_NTLM_USER_LIST, &request); + if (ret) + goto done; + + ret = krb5_kcm_call(context, request, &response, &response_data); + krb5_storage_free(request); + if (ret) + goto done; + + while (1) { + uint32_t morep; + char *user = NULL, *domain = NULL; + ntlm_cred dn; + + ret = krb5_ret_uint32(response, &morep); + if (ret) goto out; + + if (!morep) goto out; + + ret = krb5_ret_stringz(response, &user); + if (ret) goto out; + ret = krb5_ret_stringz(response, &domain); + if (ret) { + free(user); + goto out; + } + + dn = calloc(1, sizeof(*dn)); + if (dn == NULL) { + free(user); + free(domain); + goto out; + } + dn->username = user; + dn->domain = domain; + + cred_iter(userctx, GSS_NTLM_MECHANISM, (gss_cred_id_t)dn); + } + out: + krb5_storage_free(response); + krb5_data_free(&response_data); + done: + if (context) + krb5_free_context(context); +#endif /* HAVE_KCM */ + (*cred_iter)(userctx, NULL, NULL); +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/kdc.c b/third_party/heimdal/lib/gssapi/ntlm/kdc.c new file mode 100644 index 0000000..1bce00f --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/kdc.c @@ -0,0 +1,435 @@ +/* + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +#ifdef DIGEST + +/* + * + */ + +struct ntlmkrb5 { + krb5_context context; + krb5_ntlm ntlm; + krb5_realm kerberos_realm; + krb5_ccache id; + krb5_data opaque; + int destroy; + OM_uint32 flags; + struct ntlm_buf key; + krb5_data sessionkey; +}; + +static OM_uint32 kdc_destroy(OM_uint32 *, void *); + +/* + * Get credential cache that the ntlm code can use to talk to the KDC + * using the digest API. + */ + +static krb5_error_code +get_ccache(krb5_context context, int *destroy, krb5_ccache *id) +{ + krb5_principal principal = NULL; + krb5_error_code ret; + krb5_keytab kt = NULL; + const char *cache = secure_getenv("NTLM_ACCEPTOR_CCACHE"); + + *id = NULL; + + if (cache) { + ret = krb5_cc_resolve(context, cache, id); + if (ret) + goto out; + return 0; + } + + ret = krb5_sname_to_principal(context, NULL, "host", + KRB5_NT_SRV_HST, &principal); + if (ret) + goto out; + + ret = krb5_cc_cache_match(context, principal, id); + if (ret == 0) + return 0; + + /* did not find in default credcache, lets try default keytab */ + ret = krb5_kt_default(context, &kt); + if (ret) + goto out; + + /* XXX check in keytab */ + { + krb5_get_init_creds_opt *opt; + krb5_creds cred; + + memset(&cred, 0, sizeof(cred)); + + ret = krb5_cc_new_unique(context, "MEMORY", NULL, id); + if (ret) + goto out; + *destroy = 1; + ret = krb5_get_init_creds_opt_alloc(context, &opt); + if (ret) + goto out; + ret = krb5_get_init_creds_keytab (context, + &cred, + principal, + kt, + 0, + NULL, + opt); + krb5_get_init_creds_opt_free(context, opt); + if (ret) + goto out; + ret = krb5_cc_initialize (context, *id, cred.client); + if (ret) { + krb5_free_cred_contents (context, &cred); + goto out; + } + ret = krb5_cc_store_cred (context, *id, &cred); + krb5_free_cred_contents (context, &cred); + if (ret) + goto out; + } + + krb5_kt_close(context, kt); + + return 0; + +out: + if (*id) { + if (*destroy) + krb5_cc_destroy(context, *id); + else + krb5_cc_close(context, *id); + *id = NULL; + } + + if (kt) + krb5_kt_close(context, kt); + + if (principal) + krb5_free_principal(context, principal); + return ret; +} + +/* + * + */ + +static OM_uint32 +kdc_alloc(OM_uint32 *minor, void **ctx) +{ + krb5_error_code ret; + struct ntlmkrb5 *c; + OM_uint32 junk; + + c = calloc(1, sizeof(*c)); + if (c == NULL) { + *minor = ENOMEM; + return GSS_S_FAILURE; + } + + ret = krb5_init_context(&c->context); + if (ret) { + kdc_destroy(&junk, c); + *minor = ret; + return GSS_S_FAILURE; + } + + ret = get_ccache(c->context, &c->destroy, &c->id); + if (ret) { + kdc_destroy(&junk, c); + *minor = ret; + return GSS_S_FAILURE; + } + + ret = krb5_ntlm_alloc(c->context, &c->ntlm); + if (ret) { + kdc_destroy(&junk, c); + *minor = ret; + return GSS_S_FAILURE; + } + + *ctx = c; + + return GSS_S_COMPLETE; +} + +static int +kdc_probe(OM_uint32 *minor, void *ctx, const char *realm) +{ + struct ntlmkrb5 *c = ctx; + krb5_error_code ret; + unsigned flags; + + ret = krb5_digest_probe(c->context, rk_UNCONST(realm), c->id, &flags); + if (ret) + return ret; + + if ((flags & (1|2|4)) == 0) + return EINVAL; + + return 0; +} + +/* + * + */ + +static OM_uint32 +kdc_destroy(OM_uint32 *minor, void *ctx) +{ + struct ntlmkrb5 *c = ctx; + krb5_data_free(&c->opaque); + krb5_data_free(&c->sessionkey); + if (c->ntlm) + krb5_ntlm_free(c->context, c->ntlm); + if (c->id) { + if (c->destroy) + krb5_cc_destroy(c->context, c->id); + else + krb5_cc_close(c->context, c->id); + } + if (c->context) + krb5_free_context(c->context); + memset(c, 0, sizeof(*c)); + free(c); + + return GSS_S_COMPLETE; +} + +/* + * + */ + +static OM_uint32 +kdc_type2(OM_uint32 *minor_status, + void *ctx, + uint32_t flags, + const char *hostname, + const char *domain, + uint32_t *ret_flags, + struct ntlm_buf *out) +{ + struct ntlmkrb5 *c = ctx; + krb5_error_code ret; + struct ntlm_type2 type2; + krb5_data challenge; + struct ntlm_buf data; + krb5_data ti; + + memset(&type2, 0, sizeof(type2)); + memset(out, 0, sizeof(*out)); + + /* + * Request data for type 2 packet from the KDC. + */ + ret = krb5_ntlm_init_request(c->context, + c->ntlm, + NULL, + c->id, + flags, + hostname, + domain); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + /* + * + */ + + ret = krb5_ntlm_init_get_opaque(c->context, c->ntlm, &c->opaque); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + /* + * + */ + + ret = krb5_ntlm_init_get_flags(c->context, c->ntlm, &type2.flags); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + *ret_flags = type2.flags; + + ret = krb5_ntlm_init_get_challenge(c->context, c->ntlm, &challenge); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + if (challenge.length != sizeof(type2.challenge)) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + memcpy(type2.challenge, challenge.data, sizeof(type2.challenge)); + krb5_data_free(&challenge); + + ret = krb5_ntlm_init_get_targetname(c->context, c->ntlm, + &type2.targetname); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + ret = krb5_ntlm_init_get_targetinfo(c->context, c->ntlm, &ti); + if (ret) { + free(type2.targetname); + *minor_status = ret; + return GSS_S_FAILURE; + } + + type2.targetinfo.data = ti.data; + type2.targetinfo.length = ti.length; + + ret = heim_ntlm_encode_type2(&type2, &data); + free(type2.targetname); + krb5_data_free(&ti); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + out->data = data.data; + out->length = data.length; + + return GSS_S_COMPLETE; +} + +/* + * + */ + +static OM_uint32 +kdc_type3(OM_uint32 *minor_status, + void *ctx, + const struct ntlm_type3 *type3, + struct ntlm_buf *sessionkey) +{ + struct ntlmkrb5 *c = ctx; + krb5_error_code ret; + + sessionkey->data = NULL; + sessionkey->length = 0; + + ret = krb5_ntlm_req_set_flags(c->context, c->ntlm, type3->flags); + if (ret) goto out; + ret = krb5_ntlm_req_set_username(c->context, c->ntlm, type3->username); + if (ret) goto out; + ret = krb5_ntlm_req_set_targetname(c->context, c->ntlm, + type3->targetname); + if (ret) goto out; + ret = krb5_ntlm_req_set_lm(c->context, c->ntlm, + type3->lm.data, type3->lm.length); + if (ret) goto out; + ret = krb5_ntlm_req_set_ntlm(c->context, c->ntlm, + type3->ntlm.data, type3->ntlm.length); + if (ret) goto out; + ret = krb5_ntlm_req_set_opaque(c->context, c->ntlm, &c->opaque); + if (ret) goto out; + + if (type3->sessionkey.length) { + ret = krb5_ntlm_req_set_session(c->context, c->ntlm, + type3->sessionkey.data, + type3->sessionkey.length); + if (ret) goto out; + } + + /* + * Verify with the KDC the type3 packet is ok + */ + ret = krb5_ntlm_request(c->context, + c->ntlm, + NULL, + c->id); + if (ret) + goto out; + + if (krb5_ntlm_rep_get_status(c->context, c->ntlm) != TRUE) { + ret = EINVAL; + goto out; + } + + if (type3->sessionkey.length) { + ret = krb5_ntlm_rep_get_sessionkey(c->context, + c->ntlm, + &c->sessionkey); + if (ret) + goto out; + + sessionkey->data = c->sessionkey.data; + sessionkey->length = c->sessionkey.length; + } + + return 0; + + out: + *minor_status = ret; + return GSS_S_FAILURE; +} + +/* + * + */ + +static void +kdc_free_buffer(struct ntlm_buf *sessionkey) +{ + if (sessionkey->data) + free(sessionkey->data); + sessionkey->data = NULL; + sessionkey->length = 0; +} + +/* + * + */ + +struct ntlm_server_interface ntlmsspi_kdc_digest = { + kdc_alloc, + kdc_destroy, + kdc_probe, + kdc_type2, + kdc_type3, + kdc_free_buffer +}; + +#endif /* DIGEST */ diff --git a/third_party/heimdal/lib/gssapi/ntlm/ntlm.h b/third_party/heimdal/lib/gssapi/ntlm/ntlm.h new file mode 100644 index 0000000..a0ad815 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/ntlm.h @@ -0,0 +1,146 @@ +/* + * Copyright (c) 2006-2018 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id$ */ + +#ifndef NTLM_NTLM_H +#define NTLM_NTLM_H + +#include <config.h> + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> +#include <string.h> +#include <errno.h> + +#include <roken.h> + +#include <gssapi.h> +#include <gssapi_ntlm.h> +#include <gssapi_mech.h> +#include <gssapi_oid.h> + +#include <krb5.h> +#include <kcm.h> +#include <heim_threads.h> + +#include <heimntlm.h> + +#define HC_DEPRECATED_CRYPTO +#include "crypto-headers.h" + +typedef OM_uint32 +(*ntlm_interface_init)(OM_uint32 *, void **); + +typedef OM_uint32 +(*ntlm_interface_destroy)(OM_uint32 *, void *); + +typedef int +(*ntlm_interface_probe)(OM_uint32 *, void *, const char *); + +typedef OM_uint32 +(*ntlm_interface_type2)(OM_uint32 *, void *, uint32_t, const char *, + const char *, uint32_t *, struct ntlm_buf *); + +typedef OM_uint32 +(*ntlm_interface_type3)(OM_uint32 *, void *, const struct ntlm_type3 *, + struct ntlm_buf *); + +typedef void +(*ntlm_interface_free_buffer)(struct ntlm_buf *); + +struct ntlm_server_interface { + ntlm_interface_init nsi_init; + ntlm_interface_destroy nsi_destroy; + ntlm_interface_probe nsi_probe; + ntlm_interface_type2 nsi_type2; + ntlm_interface_type3 nsi_type3; + ntlm_interface_free_buffer nsi_free_buffer; +}; + + +struct ntlmv2_key { + uint32_t seq; + RC4_KEY sealkey; + RC4_KEY *signsealkey; + unsigned char signkey[16]; +}; + +extern struct ntlm_server_interface ntlmsspi_kdc_digest; + +typedef struct ntlm_cred { + gss_cred_usage_t usage; + char *username; + char *domain; + struct ntlm_buf key; +} *ntlm_cred; +typedef const struct ntlm_cred *ntlm_const_cred; + +typedef struct { + struct ntlm_server_interface *server; + void *ictx; + ntlm_cred client; + OM_uint32 gssflags; + uint32_t kcmflags; + uint32_t flags; + uint32_t status; +#define STATUS_OPEN 1 +#define STATUS_CLIENT 2 +#define STATUS_SESSIONKEY 4 + krb5_data sessionkey; + + gss_buffer_desc pac; + + union { + struct { + struct { + uint32_t seq; + RC4_KEY key; + } crypto_send, crypto_recv; + } v1; + struct { + struct ntlmv2_key send, recv; + } v2; + } u; +} *ntlm_ctx; + +typedef struct { + char *user; + char *domain; +} *ntlm_name; + +#include <ntlm-private.h> + + +#endif /* NTLM_NTLM_H */ diff --git a/third_party/heimdal/lib/gssapi/ntlm/process_context_token.c b/third_party/heimdal/lib/gssapi/ntlm/process_context_token.c new file mode 100644 index 0000000..2add53b --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/process_context_token.c @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_process_context_token ( + OM_uint32 *minor_status, + gss_const_ctx_id_t context_handle, + const gss_buffer_t token_buffer + ) +{ + *minor_status = 0; + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/release_cred.c b/third_party/heimdal/lib/gssapi/ntlm/release_cred.c new file mode 100644 index 0000000..e31a316 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/release_cred.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV _gss_ntlm_release_cred + (OM_uint32 * minor_status, + gss_cred_id_t * cred_handle + ) +{ + ntlm_cred cred; + + if (minor_status) + *minor_status = 0; + + if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_COMPLETE; + + cred = (ntlm_cred)*cred_handle; + *cred_handle = GSS_C_NO_CREDENTIAL; + + if (cred->username) + free(cred->username); + if (cred->domain) + free(cred->domain); + if (cred->key.data) { + memset(cred->key.data, 0, cred->key.length); + free(cred->key.data); + } + + memset(cred, 0, sizeof(*cred)); + free(cred); + + return GSS_S_COMPLETE; +} + diff --git a/third_party/heimdal/lib/gssapi/ntlm/release_name.c b/third_party/heimdal/lib/gssapi/ntlm/release_name.c new file mode 100644 index 0000000..4a5c56d --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/release_name.c @@ -0,0 +1,52 @@ +/* + * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_release_name + (OM_uint32 * minor_status, + gss_name_t * input_name + ) +{ + if (minor_status) + *minor_status = 0; + if (input_name && *input_name) { + ntlm_name n = (ntlm_name)*input_name; + *input_name = GSS_C_NO_NAME; + free(n->user); + free(n->domain); + free(n); + } + return GSS_S_COMPLETE; +} diff --git a/third_party/heimdal/lib/gssapi/ntlm/set_sec_context_option.c b/third_party/heimdal/lib/gssapi/ntlm/set_sec_context_option.c new file mode 100644 index 0000000..f97443d --- /dev/null +++ b/third_party/heimdal/lib/gssapi/ntlm/set_sec_context_option.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2006 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ntlm.h" + +OM_uint32 GSSAPI_CALLCONV +_gss_ntlm_set_sec_context_option(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID object, + const gss_buffer_t value) +{ + ntlm_ctx ctx; + + if (context_handle == NULL) + return GSS_S_UNAVAILABLE; + + *minor_status = 0; + + ctx = (ntlm_ctx)*context_handle; + if (ctx == NULL) + return GSS_S_NO_CONTEXT; + + if (gss_oid_equal(object, GSS_C_NTLM_RESET_CRYPTO)) { + _gss_ntlm_set_keys(ctx); + return GSS_S_COMPLETE; + } else + return GSS_S_UNAVAILABLE; +} |