summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/lib/gssapi/ntlm
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/lib/gssapi/ntlm')
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/accept_sec_context.c256
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/acquire_cred.c88
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/add_cred.c60
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/canonicalize_name.c45
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/compare_name.c45
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/context_time.c45
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/creds.c159
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/crypto.c636
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/delete_sec_context.c69
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/display_name.c71
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/display_status.c54
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/duplicate_cred.c57
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/duplicate_name.c48
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/export_name.c50
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/export_sec_context.c50
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/external.c140
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/import_name.c112
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/import_sec_context.c48
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/indicate_mechs.c46
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/init_sec_context.c536
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/inquire_context.c68
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c58
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c48
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c51
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c90
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/iter_cred.c99
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/kdc.c435
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/ntlm.h146
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/process_context_token.c44
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/release_cred.c66
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/release_name.c52
-rw-r--r--third_party/heimdal/lib/gssapi/ntlm/set_sec_context_option.c60
32 files changed, 3832 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/gssapi/ntlm/accept_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/accept_sec_context.c
new file mode 100644
index 0000000..6a3e889
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/accept_sec_context.c
@@ -0,0 +1,256 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+/*
+ *
+ */
+
+OM_uint32
+_gss_ntlm_allocate_ctx(OM_uint32 *minor_status, ntlm_ctx *ctx)
+{
+ OM_uint32 maj_stat;
+ struct ntlm_server_interface *ns_interface = NULL;
+
+#ifdef DIGEST
+ ns_interface = &ntlmsspi_kdc_digest;
+#endif
+ if (ns_interface == NULL)
+ return GSS_S_FAILURE;
+
+ *ctx = calloc(1, sizeof(**ctx));
+ if (*ctx == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ (*ctx)->server = ns_interface;
+
+ maj_stat = (*(*ctx)->server->nsi_init)(minor_status, &(*ctx)->ictx);
+ if (maj_stat == GSS_S_COMPLETE)
+ return GSS_S_COMPLETE;
+
+ if (*ctx)
+ free(*ctx);
+ (*ctx) = NULL;
+
+ return maj_stat;
+}
+
+/*
+ *
+ */
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_accept_sec_context
+(OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_const_cred_id_t acceptor_cred_handle,
+ const gss_buffer_t input_token_buffer,
+ const gss_channel_bindings_t input_chan_bindings,
+ gss_name_t * src_name,
+ gss_OID * mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec,
+ gss_cred_id_t * delegated_cred_handle
+ )
+{
+ krb5_error_code ret;
+ struct ntlm_buf data;
+ OM_uint32 junk;
+ ntlm_ctx ctx;
+
+ output_token->value = NULL;
+ output_token->length = 0;
+
+ *minor_status = 0;
+
+ if (context_handle == NULL)
+ return GSS_S_FAILURE;
+
+ if (input_token_buffer == GSS_C_NO_BUFFER)
+ return GSS_S_FAILURE;
+
+ if (src_name)
+ *src_name = GSS_C_NO_NAME;
+ if (mech_type)
+ *mech_type = GSS_C_NO_OID;
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = 0;
+ if (delegated_cred_handle)
+ *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ struct ntlm_type1 type1;
+ OM_uint32 major_status;
+ OM_uint32 retflags;
+ struct ntlm_buf out;
+
+ major_status = _gss_ntlm_allocate_ctx(minor_status, &ctx);
+ if (major_status)
+ return major_status;
+ *context_handle = (gss_ctx_id_t)ctx;
+
+ /* check if the mechs is allowed by remote service */
+ major_status = (*ctx->server->nsi_probe)(minor_status, ctx->ictx, NULL);
+ if (major_status) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ return major_status;
+ }
+
+ data.data = input_token_buffer->value;
+ data.length = input_token_buffer->length;
+
+ ret = heim_ntlm_decode_type1(&data, &type1);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ if ((type1.flags & NTLM_NEG_UNICODE) == 0) {
+ heim_ntlm_free_type1(&type1);
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ if (type1.flags & NTLM_NEG_SIGN)
+ ctx->gssflags |= GSS_C_CONF_FLAG;
+ if (type1.flags & NTLM_NEG_SIGN)
+ ctx->gssflags |= GSS_C_INTEG_FLAG;
+
+ major_status = (*ctx->server->nsi_type2)(minor_status,
+ ctx->ictx,
+ type1.flags,
+ type1.hostname,
+ type1.domain,
+ &retflags,
+ &out);
+ heim_ntlm_free_type1(&type1);
+ if (major_status != GSS_S_COMPLETE) {
+ OM_uint32 gunk;
+ _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL);
+ return major_status;
+ }
+
+ output_token->value = malloc(out.length);
+ if (output_token->value == NULL && out.length != 0) {
+ OM_uint32 gunk;
+ heim_ntlm_free_buf(&out);
+ _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy(output_token->value, out.data, out.length);
+ output_token->length = out.length;
+ heim_ntlm_free_buf(&out);
+
+ ctx->flags = retflags;
+
+ return GSS_S_CONTINUE_NEEDED;
+ } else {
+ OM_uint32 maj_stat;
+ struct ntlm_type3 type3;
+ struct ntlm_buf session;
+
+ ctx = (ntlm_ctx)*context_handle;
+
+ data.data = input_token_buffer->value;
+ data.length = input_token_buffer->length;
+
+ ret = heim_ntlm_decode_type3(&data, 1, &type3);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ maj_stat = (*ctx->server->nsi_type3)(minor_status,
+ ctx->ictx,
+ &type3,
+ &session);
+ if (maj_stat) {
+ heim_ntlm_free_type3(&type3);
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ return maj_stat;
+ }
+
+ if (src_name) {
+ ntlm_name n = calloc(1, sizeof(*n));
+ if (n) {
+ n->user = strdup(type3.username);
+ n->domain = strdup(type3.targetname);
+ }
+ if (n == NULL || n->user == NULL || n->domain == NULL) {
+ gss_name_t tempn = (gss_name_t)n;
+ _gss_ntlm_release_name(&junk, &tempn);
+ heim_ntlm_free_type3(&type3);
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ return maj_stat;
+ }
+ *src_name = (gss_name_t)n;
+ }
+
+ heim_ntlm_free_type3(&type3);
+
+ ret = krb5_data_copy(&ctx->sessionkey,
+ session.data, session.length);
+ if (ret) {
+ if (src_name)
+ _gss_ntlm_release_name(&junk, src_name);
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ _gss_ntlm_set_keys(ctx);
+
+ if (mech_type)
+ *mech_type = GSS_NTLM_MECHANISM;
+ if (time_rec)
+ *time_rec = GSS_C_INDEFINITE;
+
+ ctx->status |= STATUS_OPEN;
+
+ if (ret_flags)
+ *ret_flags = ctx->gssflags;
+
+ return GSS_S_COMPLETE;
+ }
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/acquire_cred.c b/third_party/heimdal/lib/gssapi/ntlm/acquire_cred.c
new file mode 100644
index 0000000..a6b151f
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/acquire_cred.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_acquire_cred_from(OM_uint32 *min_stat,
+ gss_const_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_const_key_value_set_t cred_store,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *time_rec)
+{
+ ntlm_name name = (ntlm_name) desired_name;
+ OM_uint32 maj_stat;
+ ntlm_ctx ctx;
+
+ *min_stat = 0;
+ *output_cred_handle = GSS_C_NO_CREDENTIAL;
+ if (actual_mechs)
+ *actual_mechs = GSS_C_NO_OID_SET;
+ if (time_rec)
+ *time_rec = GSS_C_INDEFINITE;
+
+ if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
+ int ret;
+
+ maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
+ if (maj_stat != GSS_S_COMPLETE)
+ return maj_stat;
+
+ ret = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, NULL);
+ {
+ gss_ctx_id_t context = (gss_ctx_id_t)ctx;
+ OM_uint32 junk;
+ _gss_ntlm_delete_sec_context(&junk, &context, NULL);
+ }
+ if (ret) {
+ *min_stat = ret;
+ return GSS_S_NO_CRED;
+ }
+ }
+ if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_INITIATE) {
+ ntlm_cred cred;
+
+ *min_stat = _gss_ntlm_get_user_cred(name, &cred);
+ if (*min_stat)
+ return GSS_S_NO_CRED;
+ cred->usage = cred_usage;
+
+ *output_cred_handle = (gss_cred_id_t)cred;
+ }
+
+ return (GSS_S_COMPLETE);
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/add_cred.c b/third_party/heimdal/lib/gssapi/ntlm/add_cred.c
new file mode 100644
index 0000000..1517232
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/add_cred.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV _gss_ntlm_add_cred (
+ OM_uint32 *minor_status,
+ gss_const_cred_id_t input_cred_handle,
+ gss_const_name_t desired_name,
+ const gss_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ OM_uint32 initiator_time_req,
+ OM_uint32 acceptor_time_req,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *initiator_time_rec,
+ OM_uint32 *acceptor_time_rec)
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (output_cred_handle)
+ *output_cred_handle = GSS_C_NO_CREDENTIAL;
+ if (actual_mechs)
+ *actual_mechs = GSS_C_NO_OID_SET;
+ if (initiator_time_rec)
+ *initiator_time_rec = 0;
+ if (acceptor_time_rec)
+ *acceptor_time_rec = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/canonicalize_name.c b/third_party/heimdal/lib/gssapi/ntlm/canonicalize_name.c
new file mode 100644
index 0000000..3409b3b
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/canonicalize_name.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1997 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_canonicalize_name (
+ OM_uint32 * minor_status,
+ gss_const_name_t input_name,
+ const gss_OID mech_type,
+ gss_name_t * output_name
+ )
+{
+ return gss_duplicate_name (minor_status, input_name, output_name);
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/compare_name.c b/third_party/heimdal/lib/gssapi/ntlm/compare_name.c
new file mode 100644
index 0000000..d185ab9
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/compare_name.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV _gss_ntlm_compare_name
+ (OM_uint32 * minor_status,
+ gss_const_name_t name1,
+ gss_const_name_t name2,
+ int * name_equal
+ )
+{
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/context_time.c b/third_party/heimdal/lib/gssapi/ntlm/context_time.c
new file mode 100644
index 0000000..589ee2a
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/context_time.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV _gss_ntlm_context_time
+ (OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ OM_uint32 * time_rec
+ )
+{
+ if (time_rec)
+ *time_rec = GSS_C_INDEFINITE;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/creds.c b/third_party/heimdal/lib/gssapi/ntlm/creds.c
new file mode 100644
index 0000000..5794015
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/creds.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_inquire_cred
+ (OM_uint32 * minor_status,
+ gss_const_cred_id_t cred_handle,
+ gss_name_t * name,
+ OM_uint32 * lifetime,
+ gss_cred_usage_t * cred_usage,
+ gss_OID_set * mechanisms
+ )
+{
+ OM_uint32 ret, junk;
+
+ *minor_status = 0;
+
+ if (cred_handle == NULL)
+ return GSS_S_NO_CRED;
+
+ if (name) {
+ ntlm_name n = calloc(1, sizeof(*n));
+ ntlm_cred c = (ntlm_cred)cred_handle;
+ if (n) {
+ n->user = strdup(c->username);
+ n->domain = strdup(c->domain);
+ }
+ if (n == NULL || n->user == NULL || n->domain == NULL) {
+ if (n) {
+ free(n->user);
+ free(n->domain);
+ free(n);
+ }
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ *name = (gss_name_t)n;
+ }
+ if (lifetime)
+ *lifetime = GSS_C_INDEFINITE;
+ if (cred_usage)
+ *cred_usage = 0;
+ if (mechanisms)
+ *mechanisms = GSS_C_NO_OID_SET;
+ if (mechanisms) {
+ ret = gss_create_empty_oid_set(minor_status, mechanisms);
+ if (ret)
+ goto out;
+ ret = gss_add_oid_set_member(minor_status,
+ GSS_NTLM_MECHANISM,
+ mechanisms);
+ if (ret)
+ goto out;
+ }
+
+ return GSS_S_COMPLETE;
+out:
+ gss_release_oid_set(&junk, mechanisms);
+ return ret;
+}
+
+#ifdef HAVE_KCM
+static OM_uint32
+_gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle)
+{
+ krb5_storage *request, *response;
+ krb5_data response_data;
+ krb5_context context;
+ krb5_error_code ret;
+ ntlm_cred cred;
+
+ cred = (ntlm_cred)*cred_handle;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return ret;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request);
+ if (ret)
+ goto out;
+
+ ret = krb5_store_stringz(request, cred->username);
+ if (ret)
+ goto out;
+
+ ret = krb5_store_stringz(request, cred->domain);
+ if (ret)
+ goto out;
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ if (ret)
+ goto out;
+
+ krb5_storage_free(request);
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+
+ out:
+ krb5_free_context(context);
+
+ return ret;
+}
+#endif /* HAVE_KCM */
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_destroy_cred(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle)
+{
+#ifdef HAVE_KCM
+ krb5_error_code ret;
+#endif
+
+ if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
+ return GSS_S_COMPLETE;
+
+#ifdef HAVE_KCM
+ ret = _gss_ntlm_destroy_kcm_cred(cred_handle);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+#endif
+
+ return _gss_ntlm_release_cred(minor_status, cred_handle);
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/crypto.c b/third_party/heimdal/lib/gssapi/ntlm/crypto.c
new file mode 100644
index 0000000..efa71d9
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/crypto.c
@@ -0,0 +1,636 @@
+/*
+ * Copyright (c) 2006-2016 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+struct hx509_certs_data;
+struct krb5_pk_identity;
+struct krb5_pk_cert;
+struct ContentInfo;
+struct AlgorithmIdentifier;
+struct _krb5_krb_auth_data;
+struct krb5_dh_moduli;
+struct _krb5_key_data;
+struct _krb5_encryption_type;
+struct _krb5_key_type;
+#include "krb5_locl.h"
+
+/*
+ *
+ */
+
+static void
+encode_le_uint32(uint32_t n, unsigned char *p)
+{
+ p[0] = (n >> 0) & 0xFF;
+ p[1] = (n >> 8) & 0xFF;
+ p[2] = (n >> 16) & 0xFF;
+ p[3] = (n >> 24) & 0xFF;
+}
+
+
+static void
+decode_le_uint32(const void *ptr, uint32_t *n)
+{
+ const unsigned char *p = ptr;
+ *n = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
+}
+
+/*
+ *
+ */
+
+const char a2i_signmagic[] =
+ "session key to server-to-client signing key magic constant";
+const char a2i_sealmagic[] =
+ "session key to server-to-client sealing key magic constant";
+const char i2a_signmagic[] =
+ "session key to client-to-server signing key magic constant";
+const char i2a_sealmagic[] =
+ "session key to client-to-server sealing key magic constant";
+
+
+void
+_gss_ntlm_set_key(struct ntlmv2_key *key, int acceptor, int sealsign,
+ unsigned char *data, size_t len)
+{
+ unsigned char out[16];
+ EVP_MD_CTX *ctx;
+ const char *signmagic;
+ const char *sealmagic;
+
+ if (acceptor) {
+ signmagic = a2i_signmagic;
+ sealmagic = a2i_sealmagic;
+ } else {
+ signmagic = i2a_signmagic;
+ sealmagic = i2a_sealmagic;
+ }
+
+ key->seq = 0;
+
+ ctx = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(ctx, data, len);
+ EVP_DigestUpdate(ctx, signmagic, strlen(signmagic) + 1);
+ EVP_DigestFinal_ex(ctx, key->signkey, NULL);
+
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(ctx, data, len);
+ EVP_DigestUpdate(ctx, sealmagic, strlen(sealmagic) + 1);
+ EVP_DigestFinal_ex(ctx, out, NULL);
+ EVP_MD_CTX_destroy(ctx);
+
+ RC4_set_key(&key->sealkey, 16, out);
+ if (sealsign)
+ key->signsealkey = &key->sealkey;
+}
+
+/*
+ * Set (or reset) keys
+ */
+
+void
+_gss_ntlm_set_keys(ntlm_ctx ctx)
+{
+ int acceptor;
+
+ if (ctx->sessionkey.length == 0)
+ return;
+
+ acceptor = !(ctx->status & STATUS_CLIENT);
+
+ ctx->status |= STATUS_SESSIONKEY;
+
+ if (ctx->flags & NTLM_NEG_NTLM2_SESSION) {
+ _gss_ntlm_set_key(&ctx->u.v2.send, acceptor,
+ (ctx->flags & NTLM_NEG_KEYEX),
+ ctx->sessionkey.data,
+ ctx->sessionkey.length);
+ _gss_ntlm_set_key(&ctx->u.v2.recv, !acceptor,
+ (ctx->flags & NTLM_NEG_KEYEX),
+ ctx->sessionkey.data,
+ ctx->sessionkey.length);
+ } else {
+ ctx->u.v1.crypto_send.seq = 0;
+ RC4_set_key(&ctx->u.v1.crypto_send.key,
+ ctx->sessionkey.length,
+ ctx->sessionkey.data);
+ ctx->u.v1.crypto_recv.seq = 0;
+ RC4_set_key(&ctx->u.v1.crypto_recv.key,
+ ctx->sessionkey.length,
+ ctx->sessionkey.data);
+ }
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+v1_sign_message(gss_buffer_t in,
+ RC4_KEY *signkey,
+ uint32_t seq,
+ unsigned char out[16])
+{
+ unsigned char sigature[12];
+ uint32_t crc;
+
+ _krb5_crc_init_table();
+ crc = _krb5_crc_update(in->value, in->length, 0);
+
+ encode_le_uint32(0, &sigature[0]);
+ encode_le_uint32(crc, &sigature[4]);
+ encode_le_uint32(seq, &sigature[8]);
+
+ encode_le_uint32(1, out); /* version */
+ RC4(signkey, sizeof(sigature), sigature, out + 4);
+
+ if (RAND_bytes(out + 4, 4) != 1)
+ return GSS_S_UNAVAILABLE;
+
+ return 0;
+}
+
+
+static OM_uint32
+v2_sign_message(gss_buffer_t in,
+ unsigned char signkey[16],
+ RC4_KEY *sealkey,
+ uint32_t seq,
+ unsigned char out[16])
+{
+ unsigned char hmac[16];
+ unsigned int hmaclen;
+ HMAC_CTX c;
+
+ HMAC_CTX_init(&c);
+ if (HMAC_Init_ex(&c, signkey, 16, EVP_md5(), NULL) == 0) {
+ HMAC_CTX_cleanup(&c);
+ return GSS_S_FAILURE;
+ }
+
+ encode_le_uint32(seq, hmac);
+ HMAC_Update(&c, hmac, 4);
+ HMAC_Update(&c, in->value, in->length);
+ HMAC_Final(&c, hmac, &hmaclen);
+ HMAC_CTX_cleanup(&c);
+
+ encode_le_uint32(1, &out[0]);
+ if (sealkey)
+ RC4(sealkey, 8, hmac, &out[4]);
+ else
+ memcpy(&out[4], hmac, 8);
+
+ memset(&out[12], 0, 4);
+
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+v2_verify_message(gss_buffer_t in,
+ unsigned char signkey[16],
+ RC4_KEY *sealkey,
+ uint32_t seq,
+ const unsigned char checksum[16])
+{
+ OM_uint32 ret;
+ unsigned char out[16];
+
+ ret = v2_sign_message(in, signkey, sealkey, seq, out);
+ if (ret)
+ return ret;
+
+ if (memcmp(checksum, out, 16) != 0)
+ return GSS_S_BAD_MIC;
+
+ return GSS_S_COMPLETE;
+}
+
+static OM_uint32
+v2_seal_message(const gss_buffer_t in,
+ unsigned char signkey[16],
+ uint32_t seq,
+ RC4_KEY *sealkey,
+ gss_buffer_t out)
+{
+ unsigned char *p;
+ OM_uint32 ret;
+
+ if (in->length + 16 < in->length)
+ return EINVAL;
+
+ p = malloc(in->length + 16);
+ if (p == NULL)
+ return ENOMEM;
+
+ RC4(sealkey, in->length, in->value, p);
+
+ ret = v2_sign_message(in, signkey, sealkey, seq, &p[in->length]);
+ if (ret) {
+ free(p);
+ return ret;
+ }
+
+ out->value = p;
+ out->length = in->length + 16;
+
+ return 0;
+}
+
+static OM_uint32
+v2_unseal_message(gss_buffer_t in,
+ unsigned char signkey[16],
+ uint32_t seq,
+ RC4_KEY *sealkey,
+ gss_buffer_t out)
+{
+ OM_uint32 ret;
+
+ if (in->length < 16)
+ return GSS_S_BAD_MIC;
+
+ out->length = in->length - 16;
+ out->value = malloc(out->length);
+ if (out->value == NULL)
+ return GSS_S_BAD_MIC;
+
+ RC4(sealkey, out->length, in->value, out->value);
+
+ ret = v2_verify_message(out, signkey, sealkey, seq,
+ ((const unsigned char *)in->value) + out->length);
+ if (ret) {
+ OM_uint32 junk;
+ gss_release_buffer(&junk, out);
+ }
+ return ret;
+}
+
+/*
+ *
+ */
+
+#define CTX_FLAGS_ISSET(_ctx,_flags) \
+ (((_ctx)->flags & (_flags)) == (_flags))
+
+/*
+ *
+ */
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_get_mic
+ (OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ const gss_buffer_t message_buffer,
+ gss_buffer_t message_token
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+ OM_uint32 junk;
+
+ *minor_status = 0;
+
+ message_token->value = malloc(16);
+ message_token->length = 16;
+ if (message_token->value == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) {
+ OM_uint32 ret;
+
+ if ((ctx->status & STATUS_SESSIONKEY) == 0) {
+ gss_release_buffer(&junk, message_token);
+ return GSS_S_UNAVAILABLE;
+ }
+
+ ret = v2_sign_message(message_buffer,
+ ctx->u.v2.send.signkey,
+ ctx->u.v2.send.signsealkey,
+ ctx->u.v2.send.seq++,
+ message_token->value);
+ if (ret)
+ gss_release_buffer(&junk, message_token);
+ return ret;
+
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) {
+ OM_uint32 ret;
+
+ if ((ctx->status & STATUS_SESSIONKEY) == 0) {
+ gss_release_buffer(&junk, message_token);
+ return GSS_S_UNAVAILABLE;
+ }
+
+ ret = v1_sign_message(message_buffer,
+ &ctx->u.v1.crypto_send.key,
+ ctx->u.v1.crypto_send.seq++,
+ message_token->value);
+ if (ret)
+ gss_release_buffer(&junk, message_token);
+ return ret;
+
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_ALWAYS_SIGN)) {
+ unsigned char *sigature;
+
+ sigature = message_token->value;
+
+ encode_le_uint32(1, &sigature[0]); /* version */
+ encode_le_uint32(0, &sigature[4]);
+ encode_le_uint32(0, &sigature[8]);
+ encode_le_uint32(0, &sigature[12]);
+
+ return GSS_S_COMPLETE;
+ }
+ gss_release_buffer(&junk, message_token);
+
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ *
+ */
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_verify_mic
+ (OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ const gss_buffer_t message_buffer,
+ const gss_buffer_t token_buffer,
+ gss_qop_t * qop_state
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+
+ if (qop_state != NULL)
+ *qop_state = GSS_C_QOP_DEFAULT;
+ *minor_status = 0;
+
+ if (token_buffer->length != 16)
+ return GSS_S_BAD_MIC;
+
+ if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN|NTLM_NEG_NTLM2_SESSION)) {
+ OM_uint32 ret;
+
+ if ((ctx->status & STATUS_SESSIONKEY) == 0)
+ return GSS_S_UNAVAILABLE;
+
+ ret = v2_verify_message(message_buffer,
+ ctx->u.v2.recv.signkey,
+ ctx->u.v2.recv.signsealkey,
+ ctx->u.v2.recv.seq++,
+ token_buffer->value);
+ if (ret)
+ return ret;
+
+ return GSS_S_COMPLETE;
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SIGN)) {
+
+ unsigned char sigature[12];
+ uint32_t crc, num;
+
+ if ((ctx->status & STATUS_SESSIONKEY) == 0)
+ return GSS_S_UNAVAILABLE;
+
+ decode_le_uint32(token_buffer->value, &num);
+ if (num != 1)
+ return GSS_S_BAD_MIC;
+
+ RC4(&ctx->u.v1.crypto_recv.key, sizeof(sigature),
+ ((unsigned char *)token_buffer->value) + 4, sigature);
+
+ _krb5_crc_init_table();
+ crc = _krb5_crc_update(message_buffer->value,
+ message_buffer->length, 0);
+ /* skip first 4 bytes in the encrypted checksum */
+ decode_le_uint32(&sigature[4], &num);
+ if (num != crc)
+ return GSS_S_BAD_MIC;
+ decode_le_uint32(&sigature[8], &num);
+ if (ctx->u.v1.crypto_recv.seq != num)
+ return GSS_S_BAD_MIC;
+ ctx->u.v1.crypto_recv.seq++;
+
+ return GSS_S_COMPLETE;
+ } else if (ctx->flags & NTLM_NEG_ALWAYS_SIGN) {
+ uint32_t num;
+ unsigned char *p;
+
+ p = (unsigned char*)(token_buffer->value);
+
+ decode_le_uint32(&p[0], &num); /* version */
+ if (num != 1) return GSS_S_BAD_MIC;
+ decode_le_uint32(&p[4], &num);
+ if (num != 0) return GSS_S_BAD_MIC;
+ decode_le_uint32(&p[8], &num);
+ if (num != 0) return GSS_S_BAD_MIC;
+ decode_le_uint32(&p[12], &num);
+ if (num != 0) return GSS_S_BAD_MIC;
+
+ return GSS_S_COMPLETE;
+ }
+
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ *
+ */
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_wrap_size_limit (
+ OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 * max_input_size
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+
+ *minor_status = 0;
+
+ if(ctx->flags & NTLM_NEG_SEAL) {
+
+ if (req_output_size < 16)
+ *max_input_size = 0;
+ else
+ *max_input_size = req_output_size - 16;
+
+ return GSS_S_COMPLETE;
+ }
+
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ *
+ */
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_wrap
+(OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ const gss_buffer_t input_message_buffer,
+ int * conf_state,
+ gss_buffer_t output_message_buffer
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+ OM_uint32 ret;
+
+ *minor_status = 0;
+ if (conf_state)
+ *conf_state = 0;
+ if (output_message_buffer == GSS_C_NO_BUFFER)
+ return GSS_S_FAILURE;
+
+
+ if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) {
+
+ return v2_seal_message(input_message_buffer,
+ ctx->u.v2.send.signkey,
+ ctx->u.v2.send.seq++,
+ &ctx->u.v2.send.sealkey,
+ output_message_buffer);
+
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) {
+ gss_buffer_desc trailer;
+ OM_uint32 junk;
+
+ output_message_buffer->length = input_message_buffer->length + 16;
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if (output_message_buffer->value == NULL) {
+ output_message_buffer->length = 0;
+ return GSS_S_FAILURE;
+ }
+
+
+ RC4(&ctx->u.v1.crypto_send.key, input_message_buffer->length,
+ input_message_buffer->value, output_message_buffer->value);
+
+ ret = _gss_ntlm_get_mic(minor_status, context_handle,
+ 0, input_message_buffer,
+ &trailer);
+ if (ret) {
+ gss_release_buffer(&junk, output_message_buffer);
+ return ret;
+ }
+ if (trailer.length != 16) {
+ gss_release_buffer(&junk, output_message_buffer);
+ gss_release_buffer(&junk, &trailer);
+ return GSS_S_FAILURE;
+ }
+ memcpy(((unsigned char *)output_message_buffer->value) +
+ input_message_buffer->length,
+ trailer.value, trailer.length);
+ gss_release_buffer(&junk, &trailer);
+
+ return GSS_S_COMPLETE;
+ }
+
+ return GSS_S_UNAVAILABLE;
+}
+
+/*
+ *
+ */
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_unwrap
+ (OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ const gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int * conf_state,
+ gss_qop_t * qop_state
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+ OM_uint32 ret;
+
+ *minor_status = 0;
+ output_message_buffer->value = NULL;
+ output_message_buffer->length = 0;
+
+ if (conf_state)
+ *conf_state = 0;
+ if (qop_state)
+ *qop_state = 0;
+
+ if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL|NTLM_NEG_NTLM2_SESSION)) {
+
+ return v2_unseal_message(input_message_buffer,
+ ctx->u.v2.recv.signkey,
+ ctx->u.v2.recv.seq++,
+ &ctx->u.v2.recv.sealkey,
+ output_message_buffer);
+
+ } else if (CTX_FLAGS_ISSET(ctx, NTLM_NEG_SEAL)) {
+
+ gss_buffer_desc trailer;
+ OM_uint32 junk;
+
+ if (input_message_buffer->length < 16)
+ return GSS_S_BAD_MIC;
+
+ output_message_buffer->length = input_message_buffer->length - 16;
+ output_message_buffer->value = malloc(output_message_buffer->length);
+ if (output_message_buffer->value == NULL) {
+ output_message_buffer->length = 0;
+ return GSS_S_FAILURE;
+ }
+
+ RC4(&ctx->u.v1.crypto_recv.key, output_message_buffer->length,
+ input_message_buffer->value, output_message_buffer->value);
+
+ trailer.value = ((unsigned char *)input_message_buffer->value) +
+ output_message_buffer->length;
+ trailer.length = 16;
+
+ ret = _gss_ntlm_verify_mic(minor_status, context_handle,
+ output_message_buffer,
+ &trailer, NULL);
+ if (ret) {
+ gss_release_buffer(&junk, output_message_buffer);
+ return ret;
+ }
+
+ return GSS_S_COMPLETE;
+ }
+
+ return GSS_S_UNAVAILABLE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/delete_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/delete_sec_context.c
new file mode 100644
index 0000000..57587a0
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/delete_sec_context.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV _gss_ntlm_delete_sec_context
+ (OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_buffer_t output_token
+ )
+{
+ OM_uint32 min;
+
+ if (context_handle) {
+ ntlm_ctx ctx = (ntlm_ctx)*context_handle;
+ gss_cred_id_t cred = (gss_cred_id_t)ctx->client;
+
+ *context_handle = GSS_C_NO_CONTEXT;
+
+ if (ctx->server)
+ (*ctx->server->nsi_destroy)(minor_status, ctx->ictx);
+
+ _gss_ntlm_release_cred(NULL, &cred);
+ memset_s(ctx->sessionkey.data, ctx->sessionkey.length, 0,
+ ctx->sessionkey.length);
+ krb5_data_free(&ctx->sessionkey);
+ gss_release_buffer(&min, &ctx->pac);
+
+ memset(ctx, 0, sizeof(*ctx));
+ free(ctx);
+ }
+ if (output_token) {
+ output_token->length = 0;
+ output_token->value = NULL;
+ }
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/display_name.c b/third_party/heimdal/lib/gssapi/ntlm/display_name.c
new file mode 100644
index 0000000..59d2c84
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/display_name.c
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_display_name
+ (OM_uint32 * minor_status,
+ gss_const_name_t input_name,
+ gss_buffer_t output_name_buffer,
+ gss_OID * output_name_type
+ )
+{
+ *minor_status = 0;
+
+ if (output_name_type)
+ *output_name_type = GSS_NTLM_MECHANISM;
+
+ if (output_name_buffer) {
+ ntlm_name n = (ntlm_name)input_name;
+ char *str = NULL;
+ int len;
+
+ output_name_buffer->length = 0;
+ output_name_buffer->value = NULL;
+
+ if (n == NULL) {
+ *minor_status = 0;
+ return GSS_S_BAD_NAME;
+ }
+
+ len = asprintf(&str, "%s@%s", n->user, n->domain);
+ if (len < 0 || str == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ output_name_buffer->length = len;
+ output_name_buffer->value = str;
+ }
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/display_status.c b/third_party/heimdal/lib/gssapi/ntlm/display_status.c
new file mode 100644
index 0000000..c9e1792
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/display_status.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_display_status
+ (OM_uint32 *minor_status,
+ OM_uint32 status_value,
+ int status_type,
+ const gss_OID mech_type,
+ OM_uint32 *message_context,
+ gss_buffer_t status_string)
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (status_string) {
+ status_string->length = 0;
+ status_string->value = NULL;
+ }
+ if (message_context)
+ *message_context = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/duplicate_cred.c b/third_party/heimdal/lib/gssapi/ntlm/duplicate_cred.c
new file mode 100644
index 0000000..d05f9fa
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/duplicate_cred.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2006-2018 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_duplicate_cred(OM_uint32 *minor_status,
+ gss_const_cred_id_t input_cred_handle,
+ gss_cred_id_t *output_cred_handle)
+{
+ ntlm_const_cred cred = (ntlm_const_cred)input_cred_handle;
+ ntlm_cred new_cred;
+ OM_uint32 junk;
+
+ if (input_cred_handle == GSS_C_NO_CREDENTIAL)
+ return _gss_ntlm_acquire_cred_from(minor_status, GSS_C_NO_NAME,
+ GSS_C_INDEFINITE, GSS_C_NO_OID_SET,
+ GSS_C_BOTH, GSS_C_NO_CRED_STORE,
+ output_cred_handle, NULL, NULL);
+
+ *output_cred_handle = GSS_C_NO_CREDENTIAL;
+
+ *minor_status = _gss_ntlm_copy_cred((ntlm_cred)input_cred_handle,
+ (ntlm_cred *)output_cred_handle);
+
+ return *minor_status == 0 ? GSS_S_COMPLETE : GSS_S_FAILURE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/duplicate_name.c b/third_party/heimdal/lib/gssapi/ntlm/duplicate_name.c
new file mode 100644
index 0000000..060fa55
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/duplicate_name.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_duplicate_name (
+ OM_uint32 * minor_status,
+ gss_const_name_t src_name,
+ gss_name_t * dest_name
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (dest_name)
+ *dest_name = NULL;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/export_name.c b/third_party/heimdal/lib/gssapi/ntlm/export_name.c
new file mode 100644
index 0000000..e5bdca4
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/export_name.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1997, 1999, 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_export_name
+ (OM_uint32 * minor_status,
+ gss_const_name_t input_name,
+ gss_buffer_t exported_name
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (exported_name) {
+ exported_name->length = 0;
+ exported_name->value = NULL;
+ }
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/export_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/export_sec_context.c
new file mode 100644
index 0000000..027a921
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/export_sec_context.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_export_sec_context (
+ OM_uint32 * minor_status,
+ gss_ctx_id_t * context_handle,
+ gss_buffer_t interprocess_token
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (interprocess_token) {
+ interprocess_token->length = 0;
+ interprocess_token->value = NULL;
+ }
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/external.c b/third_party/heimdal/lib/gssapi/ntlm/external.c
new file mode 100644
index 0000000..ff2cd2d
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/external.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 2006-2018 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+static gss_mo_desc ntlm_mo[] = {
+ {
+ GSS_C_MA_SASL_MECH_NAME,
+ GSS_MO_MA,
+ "SASL mech name",
+ rk_UNCONST("NTLM"),
+ _gss_mo_get_ctx_as_string,
+ NULL
+ },
+ {
+ GSS_C_MA_MECH_NAME,
+ GSS_MO_MA,
+ "Mechanism name",
+ rk_UNCONST("NTLMSPP"),
+ _gss_mo_get_ctx_as_string,
+ NULL
+ },
+ {
+ GSS_C_MA_MECH_DESCRIPTION,
+ GSS_MO_MA,
+ "Mechanism description",
+ rk_UNCONST("Heimdal NTLMSSP Mechanism"),
+ _gss_mo_get_ctx_as_string,
+ NULL
+ }
+};
+
+static gssapi_mech_interface_desc ntlm_mech = {
+ GMI_VERSION,
+ "ntlm",
+ {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") },
+ 0,
+ NULL,
+ _gss_ntlm_release_cred,
+ _gss_ntlm_init_sec_context,
+ _gss_ntlm_accept_sec_context,
+ _gss_ntlm_process_context_token,
+ _gss_ntlm_delete_sec_context,
+ _gss_ntlm_context_time,
+ _gss_ntlm_get_mic,
+ _gss_ntlm_verify_mic,
+ _gss_ntlm_wrap,
+ _gss_ntlm_unwrap,
+ _gss_ntlm_display_status,
+ NULL,
+ _gss_ntlm_compare_name,
+ _gss_ntlm_display_name,
+ _gss_ntlm_import_name,
+ _gss_ntlm_export_name,
+ _gss_ntlm_release_name,
+ _gss_ntlm_inquire_cred,
+ _gss_ntlm_inquire_context,
+ _gss_ntlm_wrap_size_limit,
+ _gss_ntlm_add_cred,
+ _gss_ntlm_inquire_cred_by_mech,
+ _gss_ntlm_export_sec_context,
+ _gss_ntlm_import_sec_context,
+ _gss_ntlm_inquire_names_for_mech,
+ _gss_ntlm_inquire_mechs_for_name,
+ _gss_ntlm_canonicalize_name,
+ _gss_ntlm_duplicate_name,
+ _gss_ntlm_inquire_sec_context_by_oid,
+ NULL,
+ _gss_ntlm_set_sec_context_option,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ _gss_ntlm_acquire_cred_from,
+ NULL, /* gm_acquire_cred_impersonate_name */
+ _gss_ntlm_iter_creds_f,
+ _gss_ntlm_destroy_cred,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ ntlm_mo,
+ sizeof(ntlm_mo) / sizeof(ntlm_mo[0]),
+ NULL, /* gm_localname */
+ NULL, /* gm_authorize_localname */
+ NULL, /* gm_display_name_ext */
+ NULL, /* gm_inquire_name */
+ NULL, /* gm_get_name_attribute */
+ NULL, /* gm_set_name_attribute */
+ NULL, /* gm_delete_name_attribute */
+ NULL, /* gm_export_name_composite */
+ NULL, /* gm_duplicate_cred */
+ NULL, /* gm_add_cred_from */
+ NULL, /* gm_store_cred_into */
+ NULL, /* gm_query_mechanism_info */
+ NULL, /* gm_query_meta_data */
+ NULL, /* gm_exchange_meta_data */
+ NULL, /* gm_store_cred_into2 */
+ NULL, /* gm_compat */
+};
+
+gssapi_mech_interface
+__gss_ntlm_initialize(void)
+{
+ return &ntlm_mech;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/import_name.c b/third_party/heimdal/lib/gssapi/ntlm/import_name.c
new file mode 100644
index 0000000..e75388d
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/import_name.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_import_name
+ (OM_uint32 * minor_status,
+ const gss_buffer_t input_name_buffer,
+ const gss_OID input_name_type,
+ gss_name_t * output_name
+ )
+{
+ char *name, *p, *p2;
+ int is_hostnamed;
+ int is_username;
+ ntlm_name n;
+
+ *minor_status = 0;
+
+ if (output_name == NULL)
+ return GSS_S_CALL_INACCESSIBLE_WRITE;
+
+ *output_name = GSS_C_NO_NAME;
+
+ is_hostnamed = gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE);
+ is_username = gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME);
+
+ if (!is_hostnamed && !is_username)
+ return GSS_S_BAD_NAMETYPE;
+
+ name = malloc(input_name_buffer->length + 1);
+ if (name == NULL) {
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+ memcpy(name, input_name_buffer->value, input_name_buffer->length);
+ name[input_name_buffer->length] = '\0';
+
+ /* find "domain" part of the name and uppercase it */
+ p = strchr(name, '@');
+ if (p == NULL) {
+ free(name);
+ return GSS_S_BAD_NAME;
+ }
+ p[0] = '\0';
+ p++;
+ p2 = strchr(p, '.');
+ if (p2 && p2[1] != '\0') {
+ if (is_hostnamed) {
+ p = p2 + 1;
+ p2 = strchr(p, '.');
+ }
+ if (p2)
+ *p2 = '\0';
+ }
+ strupr(p);
+
+ n = calloc(1, sizeof(*n));
+ if (n == NULL) {
+ free(name);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ n->user = strdup(name);
+ n->domain = strdup(p);
+
+ free(name);
+
+ if (n->user == NULL || n->domain == NULL) {
+ free(n->user);
+ free(n->domain);
+ free(n);
+ *minor_status = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ *output_name = (gss_name_t)n;
+
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/import_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/import_sec_context.c
new file mode 100644
index 0000000..fe637c0
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/import_sec_context.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_import_sec_context (
+ OM_uint32 * minor_status,
+ const gss_buffer_t interprocess_token,
+ gss_ctx_id_t * context_handle
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (context_handle)
+ *context_handle = GSS_C_NO_CONTEXT;
+ return GSS_S_FAILURE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/indicate_mechs.c b/third_party/heimdal/lib/gssapi/ntlm/indicate_mechs.c
new file mode 100644
index 0000000..7cda475
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/indicate_mechs.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 _gss_ntlm_indicate_mechs
+(OM_uint32 * minor_status,
+ gss_OID_set * mech_set
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (mech_set)
+ *mech_set = GSS_C_NO_OID_SET;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/init_sec_context.c b/third_party/heimdal/lib/gssapi/ntlm/init_sec_context.c
new file mode 100644
index 0000000..be9c987
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/init_sec_context.c
@@ -0,0 +1,536 @@
+/*
+ * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+static int
+from_file(const char *fn, const char *target_domain,
+ char **domainp, char **usernamep, struct ntlm_buf *key)
+{
+ char *str, buf[1024];
+ FILE *f;
+
+ *domainp = NULL;
+
+ f = fopen(fn, "r");
+ if (f == NULL)
+ return ENOENT;
+ rk_cloexec_file(f);
+
+ while (fgets(buf, sizeof(buf), f) != NULL) {
+ char *d, *u, *p;
+ buf[strcspn(buf, "\r\n")] = '\0';
+ if (buf[0] == '#')
+ continue;
+ str = NULL;
+ d = strtok_r(buf, ":", &str);
+ free(*domainp);
+ *domainp = NULL;
+ if (!d)
+ continue;
+ if (d && target_domain != NULL && strcasecmp(target_domain, d) != 0)
+ continue;
+ *domainp = strdup(d);
+ if (*domainp == NULL) {
+ fclose(f);
+ return ENOMEM;
+ }
+ u = strtok_r(NULL, ":", &str);
+ p = strtok_r(NULL, ":", &str);
+ if (u == NULL || p == NULL)
+ continue;
+
+ *usernamep = strdup(u);
+ if (*usernamep == NULL) {
+ fclose(f);
+ return ENOMEM;
+ }
+ heim_ntlm_nt_key(p, key);
+
+ memset_s(buf, sizeof(buf), 0, sizeof(buf));
+ fclose(f);
+ return 0;
+ }
+ memset_s(buf, sizeof(buf), 0, sizeof(buf));
+ fclose(f);
+ return ENOENT;
+}
+
+static int
+get_user_file(const ntlm_name target_name,
+ char **domainp, char **usernamep, struct ntlm_buf *key)
+{
+ const char *domain;
+ const char *fn;
+
+ *domainp = NULL;
+
+ domain = target_name != NULL ? target_name->domain : NULL;
+
+ fn = secure_getenv("NTLM_USER_FILE");
+ if (fn == NULL)
+ return ENOENT;
+ if (from_file(fn, domain, domainp, usernamep, key) == 0)
+ return 0;
+
+ return ENOENT;
+}
+
+/*
+ * Pick up the ntlm cred from the default krb5 credential cache.
+ */
+
+static int
+get_user_ccache(const ntlm_name name, char **domainp, char **usernamep, struct ntlm_buf *key)
+{
+ krb5_context context = NULL;
+ krb5_principal client;
+ krb5_ccache id = NULL;
+ krb5_error_code ret;
+ char *confname;
+ krb5_data data;
+ int aret;
+
+ *domainp = NULL;
+ *usernamep = NULL;
+ krb5_data_zero(&data);
+ key->length = 0;
+ key->data = NULL;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ return ret;
+
+ ret = krb5_cc_default(context, &id);
+ if (ret)
+ goto out;
+
+ ret = krb5_cc_get_principal(context, id, &client);
+ if (ret)
+ goto out;
+
+ ret = krb5_unparse_name_flags(context, client,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM,
+ usernamep);
+ krb5_free_principal(context, client);
+ if (ret)
+ goto out;
+
+ if (name != NULL) {
+ *domainp = strdup(name->domain);
+ } else {
+ krb5_data data_domain;
+
+ krb5_data_zero(&data_domain);
+ ret = krb5_cc_get_config(context, id, NULL, "default-ntlm-domain",
+ &data_domain);
+ if (ret)
+ goto out;
+
+ *domainp = strndup(data_domain.data, data_domain.length);
+ krb5_data_free(&data_domain);
+ }
+
+ if (*domainp == NULL) {
+ ret = krb5_enomem(context);
+ goto out;
+ }
+
+ aret = asprintf(&confname, "ntlm-key-%s", *domainp);
+ if (aret == -1) {
+ ret = krb5_enomem(context);
+ goto out;
+ }
+
+ ret = krb5_cc_get_config(context, id, NULL, confname, &data);
+ if (ret)
+ goto out;
+
+ key->data = malloc(data.length);
+ if (key->data == NULL) {
+ ret = ENOMEM;
+ goto out;
+ }
+ key->length = data.length;
+ memcpy(key->data, data.data, data.length);
+
+ out:
+ krb5_data_free(&data);
+ if (id)
+ krb5_cc_close(context, id);
+
+ krb5_free_context(context);
+
+ return ret;
+}
+
+int
+_gss_ntlm_get_user_cred(const ntlm_name target_name,
+ ntlm_cred *rcred)
+{
+ ntlm_cred cred;
+ int ret;
+
+ cred = calloc(1, sizeof(*cred));
+ if (cred == NULL)
+ return ENOMEM;
+
+ ret = get_user_file(target_name,
+ &cred->domain, &cred->username, &cred->key);
+ if (ret)
+ ret = get_user_ccache(target_name,
+ &cred->domain, &cred->username, &cred->key);
+ if (ret) {
+ OM_uint32 tmp;
+ _gss_ntlm_release_cred(&tmp, (gss_cred_id_t *)&cred);
+ return ret;
+ }
+
+ *rcred = cred;
+
+ return ret;
+}
+
+int
+_gss_ntlm_copy_cred(ntlm_cred from, ntlm_cred *to)
+{
+ *to = calloc(1, sizeof(**to));
+ if (*to == NULL)
+ return ENOMEM;
+ (*to)->usage = from->usage;
+ (*to)->username = strdup(from->username);
+ if ((*to)->username == NULL) {
+ free(*to);
+ return ENOMEM;
+ }
+ (*to)->domain = strdup(from->domain);
+ if ((*to)->domain == NULL) {
+ free((*to)->username);
+ free(*to);
+ return ENOMEM;
+ }
+ (*to)->key.data = malloc(from->key.length);
+ if ((*to)->key.data == NULL) {
+ free((*to)->domain);
+ free((*to)->username);
+ free(*to);
+ return ENOMEM;
+ }
+ memcpy((*to)->key.data, from->key.data, from->key.length);
+ (*to)->key.length = from->key.length;
+
+ return 0;
+}
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_init_sec_context
+ (OM_uint32 * minor_status,
+ gss_const_cred_id_t initiator_cred_handle,
+ gss_ctx_id_t * context_handle,
+ gss_const_name_t target_name,
+ const gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ const gss_channel_bindings_t input_chan_bindings,
+ const gss_buffer_t input_token,
+ gss_OID * actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 * ret_flags,
+ OM_uint32 * time_rec
+ )
+{
+ ntlm_ctx ctx;
+ ntlm_name name = (ntlm_name)target_name;
+
+ *minor_status = 0;
+
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = 0;
+ if (actual_mech_type)
+ *actual_mech_type = GSS_C_NO_OID;
+
+ if (*context_handle == GSS_C_NO_CONTEXT) {
+ struct ntlm_type1 type1;
+ struct ntlm_buf data;
+ uint32_t flags = 0;
+ int ret;
+
+ ctx = calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ ctx->status = STATUS_CLIENT;
+ *context_handle = (gss_ctx_id_t)ctx;
+
+ if (initiator_cred_handle != GSS_C_NO_CREDENTIAL) {
+ ntlm_cred cred = (ntlm_cred)initiator_cred_handle;
+ ret = _gss_ntlm_copy_cred(cred, &ctx->client);
+ } else
+ ret = _gss_ntlm_get_user_cred(name, &ctx->client);
+
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ if (req_flags & GSS_C_CONF_FLAG)
+ flags |= NTLM_NEG_SEAL;
+ if (req_flags & GSS_C_INTEG_FLAG)
+ flags |= NTLM_NEG_SIGN;
+ else
+ flags |= NTLM_NEG_ALWAYS_SIGN;
+
+ flags |= NTLM_NEG_UNICODE;
+ flags |= NTLM_NEG_NTLM;
+ flags |= NTLM_NEG_NTLM2_SESSION;
+ flags |= NTLM_NEG_KEYEX;
+
+ memset(&type1, 0, sizeof(type1));
+
+ type1.flags = flags;
+ type1.domain = name->domain;
+ type1.hostname = NULL;
+ type1.os[0] = 0;
+ type1.os[1] = 0;
+
+ ret = heim_ntlm_encode_type1(&type1, &data);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ output_token->value = data.data;
+ output_token->length = data.length;
+
+ return GSS_S_CONTINUE_NEEDED;
+ } else {
+ krb5_error_code ret;
+ struct ntlm_type2 type2;
+ struct ntlm_type3 type3;
+ struct ntlm_buf data;
+
+ ctx = (ntlm_ctx)*context_handle;
+
+ data.data = input_token->value;
+ data.length = input_token->length;
+
+ ret = heim_ntlm_decode_type2(&data, &type2);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ *minor_status = ret;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ ctx->flags = type2.flags;
+
+ /* XXX check that type2.targetinfo matches `target_name´ */
+ /* XXX check verify targetinfo buffer */
+
+ memset(&type3, 0, sizeof(type3));
+
+ type3.username = ctx->client->username;
+ type3.flags = type2.flags;
+ type3.targetname = type2.targetname;
+ type3.ws = rk_UNCONST("workstation");
+
+ /*
+ * NTLM Version 1 if no targetinfo buffer.
+ */
+
+ if (1 || type2.targetinfo.length == 0) {
+ struct ntlm_buf sessionkey;
+
+ if (type2.flags & NTLM_NEG_NTLM2_SESSION) {
+ unsigned char nonce[8];
+
+ if (RAND_bytes(nonce, sizeof(nonce)) != 1) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ ret = heim_ntlm_calculate_ntlm2_sess(nonce,
+ type2.challenge,
+ ctx->client->key.data,
+ &type3.lm,
+ &type3.ntlm);
+ } else {
+ ret = heim_ntlm_calculate_ntlm1(ctx->client->key.data,
+ ctx->client->key.length,
+ type2.challenge,
+ &type3.ntlm);
+
+ }
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = heim_ntlm_build_ntlm1_master(ctx->client->key.data,
+ ctx->client->key.length,
+ &sessionkey,
+ &type3.sessionkey);
+ if (ret) {
+ if (type3.lm.data)
+ free(type3.lm.data);
+ if (type3.ntlm.data)
+ free(type3.ntlm.data);
+ _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_data_copy(&ctx->sessionkey,
+ sessionkey.data, sessionkey.length);
+ free(sessionkey.data);
+ if (ret) {
+ if (type3.lm.data)
+ free(type3.lm.data);
+ if (type3.ntlm.data)
+ free(type3.ntlm.data);
+ _gss_ntlm_delete_sec_context(minor_status,context_handle,NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ ctx->status |= STATUS_SESSIONKEY;
+
+ } else {
+ struct ntlm_buf sessionkey;
+ unsigned char ntlmv2[16];
+ struct ntlm_targetinfo ti;
+
+ /* verify infotarget */
+
+ ret = heim_ntlm_decode_targetinfo(&type2.targetinfo, 1, &ti);
+ if(ret) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = ret;
+ return GSS_S_DEFECTIVE_TOKEN;
+ }
+
+ if (ti.domainname && strcmp(ti.domainname, name->domain) != 0) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+
+ ret = heim_ntlm_calculate_ntlm2(ctx->client->key.data,
+ ctx->client->key.length,
+ ctx->client->username,
+ name->domain,
+ type2.challenge,
+ &type2.targetinfo,
+ ntlmv2,
+ &type3.ntlm);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2),
+ &sessionkey,
+ &type3.sessionkey);
+ memset_s(ntlmv2, sizeof(ntlmv2), 0, sizeof(ntlmv2));
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ctx->flags |= NTLM_NEG_NTLM2_SESSION;
+
+ ret = krb5_data_copy(&ctx->sessionkey,
+ sessionkey.data, sessionkey.length);
+ free(sessionkey.data);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status,
+ context_handle, NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ }
+
+
+ _gss_ntlm_set_keys(ctx);
+
+
+ ret = heim_ntlm_encode_type3(&type3, &data, NULL);
+ free(type3.sessionkey.data);
+ if (type3.lm.data)
+ free(type3.lm.data);
+ if (type3.ntlm.data)
+ free(type3.ntlm.data);
+ if (ret) {
+ _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL);
+ heim_ntlm_free_type2(&type2);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ output_token->length = data.length;
+ output_token->value = data.data;
+
+ if (actual_mech_type)
+ *actual_mech_type = GSS_NTLM_MECHANISM;
+ if (ret_flags)
+ *ret_flags = 0;
+ if (time_rec)
+ *time_rec = GSS_C_INDEFINITE;
+
+ ctx->status |= STATUS_OPEN;
+
+ heim_ntlm_free_type2(&type2);
+ return GSS_S_COMPLETE;
+ }
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_context.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_context.c
new file mode 100644
index 0000000..741ad6e
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_context.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_inquire_context (
+ OM_uint32 * minor_status,
+ gss_const_ctx_id_t context_handle,
+ gss_name_t * src_name,
+ gss_name_t * targ_name,
+ OM_uint32 * lifetime_rec,
+ gss_OID * mech_type,
+ OM_uint32 * ctx_flags,
+ int * locally_initiated,
+ int * open_context
+ )
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+
+ *minor_status = 0;
+ if (src_name)
+ *src_name = GSS_C_NO_NAME;
+ if (targ_name)
+ *targ_name = GSS_C_NO_NAME;
+ if (lifetime_rec)
+ *lifetime_rec = GSS_C_INDEFINITE;
+ if (mech_type)
+ *mech_type = GSS_NTLM_MECHANISM;
+ if (ctx_flags)
+ *ctx_flags = ctx->gssflags;
+ if (locally_initiated)
+ *locally_initiated = (ctx->status & STATUS_CLIENT) ? 1 : 0;
+ if (open_context)
+ *open_context = (ctx->status & STATUS_OPEN) ? 1 : 0;
+
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c
new file mode 100644
index 0000000..ed42094
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_inquire_cred_by_mech (
+ OM_uint32 * minor_status,
+ gss_const_cred_id_t cred_handle,
+ const gss_OID mech_type,
+ gss_name_t * name,
+ OM_uint32 * initiator_lifetime,
+ OM_uint32 * acceptor_lifetime,
+ gss_cred_usage_t * cred_usage
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (name)
+ *name = GSS_C_NO_NAME;
+ if (initiator_lifetime)
+ *initiator_lifetime = 0;
+ if (acceptor_lifetime)
+ *acceptor_lifetime = 0;
+ if (cred_usage)
+ *cred_usage = 0;
+ return GSS_S_UNAVAILABLE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c
new file mode 100644
index 0000000..25450ab
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_inquire_mechs_for_name (
+ OM_uint32 * minor_status,
+ gss_const_name_t input_name,
+ gss_OID_set * mech_types
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (mech_types)
+ *mech_types = GSS_C_NO_OID_SET;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c
new file mode 100644
index 0000000..7f49b33
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_inquire_names_for_mech (
+ OM_uint32 * minor_status,
+ const gss_OID mechanism,
+ gss_OID_set * name_types
+ )
+{
+ OM_uint32 ret;
+
+ ret = gss_create_empty_oid_set(minor_status, name_types);
+ if (ret != GSS_S_COMPLETE)
+ return ret;
+
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c b/third_party/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c
new file mode 100644
index 0000000..2b42b1f
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/inquire_sec_context_by_oid.c
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_inquire_sec_context_by_oid(OM_uint32 *minor_status,
+ gss_const_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+{
+ ntlm_ctx ctx = (ntlm_ctx)context_handle;
+
+ if (ctx == NULL) {
+ *minor_status = 0;
+ return GSS_S_NO_CONTEXT;
+ }
+
+ if (gss_oid_equal(desired_object, GSS_NTLM_GET_SESSION_KEY_X) ||
+ gss_oid_equal(desired_object, GSS_C_INQ_SSPI_SESSION_KEY)) {
+ gss_buffer_desc value;
+
+ value.length = ctx->sessionkey.length;
+ value.value = ctx->sessionkey.data;
+
+ return gss_add_buffer_set_member(minor_status,
+ &value,
+ data_set);
+ } else if (gss_oid_equal(desired_object, GSS_C_INQ_WIN2K_PAC_X)) {
+ if (ctx->pac.length == 0) {
+ *minor_status = ENOENT;
+ return GSS_S_FAILURE;
+ }
+
+ return gss_add_buffer_set_member(minor_status,
+ &ctx->pac,
+ data_set);
+
+ } else if (gss_oid_equal(desired_object, GSS_C_NTLM_AVGUEST)) {
+ gss_buffer_desc value;
+ uint32_t num;
+
+ if (ctx->kcmflags & KCM_NTLM_FLAG_AV_GUEST)
+ num = 1;
+ else
+ num = 0;
+
+ value.length = sizeof(num);
+ value.value = &num;
+
+ return gss_add_buffer_set_member(minor_status,
+ &value,
+ data_set);
+ } else {
+ *minor_status = 0;
+ return GSS_S_FAILURE;
+ }
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/iter_cred.c b/third_party/heimdal/lib/gssapi/ntlm/iter_cred.c
new file mode 100644
index 0000000..ee5ec17
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/iter_cred.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+void GSSAPI_CALLCONV
+_gss_ntlm_iter_creds_f(OM_uint32 flags,
+ void *userctx ,
+ void (*cred_iter)(void *, gss_OID, gss_cred_id_t))
+{
+#ifdef HAVE_KCM
+ krb5_error_code ret;
+ krb5_context context = NULL;
+ krb5_storage *request, *response;
+ krb5_data response_data;
+
+ ret = krb5_init_context(&context);
+ if (ret)
+ goto done;
+
+ ret = krb5_kcm_storage_request(context, KCM_OP_GET_NTLM_USER_LIST, &request);
+ if (ret)
+ goto done;
+
+ ret = krb5_kcm_call(context, request, &response, &response_data);
+ krb5_storage_free(request);
+ if (ret)
+ goto done;
+
+ while (1) {
+ uint32_t morep;
+ char *user = NULL, *domain = NULL;
+ ntlm_cred dn;
+
+ ret = krb5_ret_uint32(response, &morep);
+ if (ret) goto out;
+
+ if (!morep) goto out;
+
+ ret = krb5_ret_stringz(response, &user);
+ if (ret) goto out;
+ ret = krb5_ret_stringz(response, &domain);
+ if (ret) {
+ free(user);
+ goto out;
+ }
+
+ dn = calloc(1, sizeof(*dn));
+ if (dn == NULL) {
+ free(user);
+ free(domain);
+ goto out;
+ }
+ dn->username = user;
+ dn->domain = domain;
+
+ cred_iter(userctx, GSS_NTLM_MECHANISM, (gss_cred_id_t)dn);
+ }
+ out:
+ krb5_storage_free(response);
+ krb5_data_free(&response_data);
+ done:
+ if (context)
+ krb5_free_context(context);
+#endif /* HAVE_KCM */
+ (*cred_iter)(userctx, NULL, NULL);
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/kdc.c b/third_party/heimdal/lib/gssapi/ntlm/kdc.c
new file mode 100644
index 0000000..1bce00f
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/kdc.c
@@ -0,0 +1,435 @@
+/*
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+#ifdef DIGEST
+
+/*
+ *
+ */
+
+struct ntlmkrb5 {
+ krb5_context context;
+ krb5_ntlm ntlm;
+ krb5_realm kerberos_realm;
+ krb5_ccache id;
+ krb5_data opaque;
+ int destroy;
+ OM_uint32 flags;
+ struct ntlm_buf key;
+ krb5_data sessionkey;
+};
+
+static OM_uint32 kdc_destroy(OM_uint32 *, void *);
+
+/*
+ * Get credential cache that the ntlm code can use to talk to the KDC
+ * using the digest API.
+ */
+
+static krb5_error_code
+get_ccache(krb5_context context, int *destroy, krb5_ccache *id)
+{
+ krb5_principal principal = NULL;
+ krb5_error_code ret;
+ krb5_keytab kt = NULL;
+ const char *cache = secure_getenv("NTLM_ACCEPTOR_CCACHE");
+
+ *id = NULL;
+
+ if (cache) {
+ ret = krb5_cc_resolve(context, cache, id);
+ if (ret)
+ goto out;
+ return 0;
+ }
+
+ ret = krb5_sname_to_principal(context, NULL, "host",
+ KRB5_NT_SRV_HST, &principal);
+ if (ret)
+ goto out;
+
+ ret = krb5_cc_cache_match(context, principal, id);
+ if (ret == 0)
+ return 0;
+
+ /* did not find in default credcache, lets try default keytab */
+ ret = krb5_kt_default(context, &kt);
+ if (ret)
+ goto out;
+
+ /* XXX check in keytab */
+ {
+ krb5_get_init_creds_opt *opt;
+ krb5_creds cred;
+
+ memset(&cred, 0, sizeof(cred));
+
+ ret = krb5_cc_new_unique(context, "MEMORY", NULL, id);
+ if (ret)
+ goto out;
+ *destroy = 1;
+ ret = krb5_get_init_creds_opt_alloc(context, &opt);
+ if (ret)
+ goto out;
+ ret = krb5_get_init_creds_keytab (context,
+ &cred,
+ principal,
+ kt,
+ 0,
+ NULL,
+ opt);
+ krb5_get_init_creds_opt_free(context, opt);
+ if (ret)
+ goto out;
+ ret = krb5_cc_initialize (context, *id, cred.client);
+ if (ret) {
+ krb5_free_cred_contents (context, &cred);
+ goto out;
+ }
+ ret = krb5_cc_store_cred (context, *id, &cred);
+ krb5_free_cred_contents (context, &cred);
+ if (ret)
+ goto out;
+ }
+
+ krb5_kt_close(context, kt);
+
+ return 0;
+
+out:
+ if (*id) {
+ if (*destroy)
+ krb5_cc_destroy(context, *id);
+ else
+ krb5_cc_close(context, *id);
+ *id = NULL;
+ }
+
+ if (kt)
+ krb5_kt_close(context, kt);
+
+ if (principal)
+ krb5_free_principal(context, principal);
+ return ret;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+kdc_alloc(OM_uint32 *minor, void **ctx)
+{
+ krb5_error_code ret;
+ struct ntlmkrb5 *c;
+ OM_uint32 junk;
+
+ c = calloc(1, sizeof(*c));
+ if (c == NULL) {
+ *minor = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_init_context(&c->context);
+ if (ret) {
+ kdc_destroy(&junk, c);
+ *minor = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = get_ccache(c->context, &c->destroy, &c->id);
+ if (ret) {
+ kdc_destroy(&junk, c);
+ *minor = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_ntlm_alloc(c->context, &c->ntlm);
+ if (ret) {
+ kdc_destroy(&junk, c);
+ *minor = ret;
+ return GSS_S_FAILURE;
+ }
+
+ *ctx = c;
+
+ return GSS_S_COMPLETE;
+}
+
+static int
+kdc_probe(OM_uint32 *minor, void *ctx, const char *realm)
+{
+ struct ntlmkrb5 *c = ctx;
+ krb5_error_code ret;
+ unsigned flags;
+
+ ret = krb5_digest_probe(c->context, rk_UNCONST(realm), c->id, &flags);
+ if (ret)
+ return ret;
+
+ if ((flags & (1|2|4)) == 0)
+ return EINVAL;
+
+ return 0;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+kdc_destroy(OM_uint32 *minor, void *ctx)
+{
+ struct ntlmkrb5 *c = ctx;
+ krb5_data_free(&c->opaque);
+ krb5_data_free(&c->sessionkey);
+ if (c->ntlm)
+ krb5_ntlm_free(c->context, c->ntlm);
+ if (c->id) {
+ if (c->destroy)
+ krb5_cc_destroy(c->context, c->id);
+ else
+ krb5_cc_close(c->context, c->id);
+ }
+ if (c->context)
+ krb5_free_context(c->context);
+ memset(c, 0, sizeof(*c));
+ free(c);
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+kdc_type2(OM_uint32 *minor_status,
+ void *ctx,
+ uint32_t flags,
+ const char *hostname,
+ const char *domain,
+ uint32_t *ret_flags,
+ struct ntlm_buf *out)
+{
+ struct ntlmkrb5 *c = ctx;
+ krb5_error_code ret;
+ struct ntlm_type2 type2;
+ krb5_data challenge;
+ struct ntlm_buf data;
+ krb5_data ti;
+
+ memset(&type2, 0, sizeof(type2));
+ memset(out, 0, sizeof(*out));
+
+ /*
+ * Request data for type 2 packet from the KDC.
+ */
+ ret = krb5_ntlm_init_request(c->context,
+ c->ntlm,
+ NULL,
+ c->id,
+ flags,
+ hostname,
+ domain);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ /*
+ *
+ */
+
+ ret = krb5_ntlm_init_get_opaque(c->context, c->ntlm, &c->opaque);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ /*
+ *
+ */
+
+ ret = krb5_ntlm_init_get_flags(c->context, c->ntlm, &type2.flags);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+ *ret_flags = type2.flags;
+
+ ret = krb5_ntlm_init_get_challenge(c->context, c->ntlm, &challenge);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ if (challenge.length != sizeof(type2.challenge)) {
+ *minor_status = EINVAL;
+ return GSS_S_FAILURE;
+ }
+ memcpy(type2.challenge, challenge.data, sizeof(type2.challenge));
+ krb5_data_free(&challenge);
+
+ ret = krb5_ntlm_init_get_targetname(c->context, c->ntlm,
+ &type2.targetname);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ ret = krb5_ntlm_init_get_targetinfo(c->context, c->ntlm, &ti);
+ if (ret) {
+ free(type2.targetname);
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ type2.targetinfo.data = ti.data;
+ type2.targetinfo.length = ti.length;
+
+ ret = heim_ntlm_encode_type2(&type2, &data);
+ free(type2.targetname);
+ krb5_data_free(&ti);
+ if (ret) {
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+ }
+
+ out->data = data.data;
+ out->length = data.length;
+
+ return GSS_S_COMPLETE;
+}
+
+/*
+ *
+ */
+
+static OM_uint32
+kdc_type3(OM_uint32 *minor_status,
+ void *ctx,
+ const struct ntlm_type3 *type3,
+ struct ntlm_buf *sessionkey)
+{
+ struct ntlmkrb5 *c = ctx;
+ krb5_error_code ret;
+
+ sessionkey->data = NULL;
+ sessionkey->length = 0;
+
+ ret = krb5_ntlm_req_set_flags(c->context, c->ntlm, type3->flags);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_username(c->context, c->ntlm, type3->username);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_targetname(c->context, c->ntlm,
+ type3->targetname);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_lm(c->context, c->ntlm,
+ type3->lm.data, type3->lm.length);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_ntlm(c->context, c->ntlm,
+ type3->ntlm.data, type3->ntlm.length);
+ if (ret) goto out;
+ ret = krb5_ntlm_req_set_opaque(c->context, c->ntlm, &c->opaque);
+ if (ret) goto out;
+
+ if (type3->sessionkey.length) {
+ ret = krb5_ntlm_req_set_session(c->context, c->ntlm,
+ type3->sessionkey.data,
+ type3->sessionkey.length);
+ if (ret) goto out;
+ }
+
+ /*
+ * Verify with the KDC the type3 packet is ok
+ */
+ ret = krb5_ntlm_request(c->context,
+ c->ntlm,
+ NULL,
+ c->id);
+ if (ret)
+ goto out;
+
+ if (krb5_ntlm_rep_get_status(c->context, c->ntlm) != TRUE) {
+ ret = EINVAL;
+ goto out;
+ }
+
+ if (type3->sessionkey.length) {
+ ret = krb5_ntlm_rep_get_sessionkey(c->context,
+ c->ntlm,
+ &c->sessionkey);
+ if (ret)
+ goto out;
+
+ sessionkey->data = c->sessionkey.data;
+ sessionkey->length = c->sessionkey.length;
+ }
+
+ return 0;
+
+ out:
+ *minor_status = ret;
+ return GSS_S_FAILURE;
+}
+
+/*
+ *
+ */
+
+static void
+kdc_free_buffer(struct ntlm_buf *sessionkey)
+{
+ if (sessionkey->data)
+ free(sessionkey->data);
+ sessionkey->data = NULL;
+ sessionkey->length = 0;
+}
+
+/*
+ *
+ */
+
+struct ntlm_server_interface ntlmsspi_kdc_digest = {
+ kdc_alloc,
+ kdc_destroy,
+ kdc_probe,
+ kdc_type2,
+ kdc_type3,
+ kdc_free_buffer
+};
+
+#endif /* DIGEST */
diff --git a/third_party/heimdal/lib/gssapi/ntlm/ntlm.h b/third_party/heimdal/lib/gssapi/ntlm/ntlm.h
new file mode 100644
index 0000000..a0ad815
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/ntlm.h
@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 2006-2018 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* $Id$ */
+
+#ifndef NTLM_NTLM_H
+#define NTLM_NTLM_H
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
+#include <errno.h>
+
+#include <roken.h>
+
+#include <gssapi.h>
+#include <gssapi_ntlm.h>
+#include <gssapi_mech.h>
+#include <gssapi_oid.h>
+
+#include <krb5.h>
+#include <kcm.h>
+#include <heim_threads.h>
+
+#include <heimntlm.h>
+
+#define HC_DEPRECATED_CRYPTO
+#include "crypto-headers.h"
+
+typedef OM_uint32
+(*ntlm_interface_init)(OM_uint32 *, void **);
+
+typedef OM_uint32
+(*ntlm_interface_destroy)(OM_uint32 *, void *);
+
+typedef int
+(*ntlm_interface_probe)(OM_uint32 *, void *, const char *);
+
+typedef OM_uint32
+(*ntlm_interface_type2)(OM_uint32 *, void *, uint32_t, const char *,
+ const char *, uint32_t *, struct ntlm_buf *);
+
+typedef OM_uint32
+(*ntlm_interface_type3)(OM_uint32 *, void *, const struct ntlm_type3 *,
+ struct ntlm_buf *);
+
+typedef void
+(*ntlm_interface_free_buffer)(struct ntlm_buf *);
+
+struct ntlm_server_interface {
+ ntlm_interface_init nsi_init;
+ ntlm_interface_destroy nsi_destroy;
+ ntlm_interface_probe nsi_probe;
+ ntlm_interface_type2 nsi_type2;
+ ntlm_interface_type3 nsi_type3;
+ ntlm_interface_free_buffer nsi_free_buffer;
+};
+
+
+struct ntlmv2_key {
+ uint32_t seq;
+ RC4_KEY sealkey;
+ RC4_KEY *signsealkey;
+ unsigned char signkey[16];
+};
+
+extern struct ntlm_server_interface ntlmsspi_kdc_digest;
+
+typedef struct ntlm_cred {
+ gss_cred_usage_t usage;
+ char *username;
+ char *domain;
+ struct ntlm_buf key;
+} *ntlm_cred;
+typedef const struct ntlm_cred *ntlm_const_cred;
+
+typedef struct {
+ struct ntlm_server_interface *server;
+ void *ictx;
+ ntlm_cred client;
+ OM_uint32 gssflags;
+ uint32_t kcmflags;
+ uint32_t flags;
+ uint32_t status;
+#define STATUS_OPEN 1
+#define STATUS_CLIENT 2
+#define STATUS_SESSIONKEY 4
+ krb5_data sessionkey;
+
+ gss_buffer_desc pac;
+
+ union {
+ struct {
+ struct {
+ uint32_t seq;
+ RC4_KEY key;
+ } crypto_send, crypto_recv;
+ } v1;
+ struct {
+ struct ntlmv2_key send, recv;
+ } v2;
+ } u;
+} *ntlm_ctx;
+
+typedef struct {
+ char *user;
+ char *domain;
+} *ntlm_name;
+
+#include <ntlm-private.h>
+
+
+#endif /* NTLM_NTLM_H */
diff --git a/third_party/heimdal/lib/gssapi/ntlm/process_context_token.c b/third_party/heimdal/lib/gssapi/ntlm/process_context_token.c
new file mode 100644
index 0000000..2add53b
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/process_context_token.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV _gss_ntlm_process_context_token (
+ OM_uint32 *minor_status,
+ gss_const_ctx_id_t context_handle,
+ const gss_buffer_t token_buffer
+ )
+{
+ *minor_status = 0;
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/release_cred.c b/third_party/heimdal/lib/gssapi/ntlm/release_cred.c
new file mode 100644
index 0000000..e31a316
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/release_cred.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV _gss_ntlm_release_cred
+ (OM_uint32 * minor_status,
+ gss_cred_id_t * cred_handle
+ )
+{
+ ntlm_cred cred;
+
+ if (minor_status)
+ *minor_status = 0;
+
+ if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
+ return GSS_S_COMPLETE;
+
+ cred = (ntlm_cred)*cred_handle;
+ *cred_handle = GSS_C_NO_CREDENTIAL;
+
+ if (cred->username)
+ free(cred->username);
+ if (cred->domain)
+ free(cred->domain);
+ if (cred->key.data) {
+ memset(cred->key.data, 0, cred->key.length);
+ free(cred->key.data);
+ }
+
+ memset(cred, 0, sizeof(*cred));
+ free(cred);
+
+ return GSS_S_COMPLETE;
+}
+
diff --git a/third_party/heimdal/lib/gssapi/ntlm/release_name.c b/third_party/heimdal/lib/gssapi/ntlm/release_name.c
new file mode 100644
index 0000000..4a5c56d
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/release_name.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_release_name
+ (OM_uint32 * minor_status,
+ gss_name_t * input_name
+ )
+{
+ if (minor_status)
+ *minor_status = 0;
+ if (input_name && *input_name) {
+ ntlm_name n = (ntlm_name)*input_name;
+ *input_name = GSS_C_NO_NAME;
+ free(n->user);
+ free(n->domain);
+ free(n);
+ }
+ return GSS_S_COMPLETE;
+}
diff --git a/third_party/heimdal/lib/gssapi/ntlm/set_sec_context_option.c b/third_party/heimdal/lib/gssapi/ntlm/set_sec_context_option.c
new file mode 100644
index 0000000..f97443d
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/ntlm/set_sec_context_option.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ntlm.h"
+
+OM_uint32 GSSAPI_CALLCONV
+_gss_ntlm_set_sec_context_option(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ const gss_OID object,
+ const gss_buffer_t value)
+{
+ ntlm_ctx ctx;
+
+ if (context_handle == NULL)
+ return GSS_S_UNAVAILABLE;
+
+ *minor_status = 0;
+
+ ctx = (ntlm_ctx)*context_handle;
+ if (ctx == NULL)
+ return GSS_S_NO_CONTEXT;
+
+ if (gss_oid_equal(object, GSS_C_NTLM_RESET_CRYPTO)) {
+ _gss_ntlm_set_keys(ctx);
+ return GSS_S_COMPLETE;
+ } else
+ return GSS_S_UNAVAILABLE;
+}