Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/bsd/openldap/dist/libraries/libldap Put back gssapi.c



details:   https://anonhg.NetBSD.org/src/rev/0958fc234bdd
branches:  trunk
changeset: 985224:0958fc234bdd
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Aug 14 16:15:46 2021 +0000

description:
Put back gssapi.c

diffstat:

 external/bsd/openldap/dist/libraries/libldap/gssapi.c |  1015 +++++++++++++++++
 1 files changed, 1015 insertions(+), 0 deletions(-)

diffs (truncated from 1019 to 300 lines):

diff -r 4291e061e8c5 -r 0958fc234bdd external/bsd/openldap/dist/libraries/libldap/gssapi.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/bsd/openldap/dist/libraries/libldap/gssapi.c     Sat Aug 14 16:15:46 2021 +0000
@@ -0,0 +1,1015 @@
+/*     $NetBSD: gssapi.c,v 1.4 2021/08/14 16:15:46 christos Exp $      */
+
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2020 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Author: Stefan Metzmacher <metze%sernet.de@localhost>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: gssapi.c,v 1.4 2021/08/14 16:15:46 christos Exp $");
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/socket.h>
+#include <ac/stdlib.h>
+#include <ac/string.h>
+#include <ac/time.h>
+#include <ac/errno.h>
+#include <ac/ctype.h>
+#include <ac/unistd.h>
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "ldap-int.h"
+
+#ifdef HAVE_GSSAPI
+
+#ifdef HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#else
+#include <gssapi.h>
+#endif
+
+static char *
+gsserrstr(
+       char *buf,
+       ber_len_t buf_len,
+       gss_OID mech,
+       int gss_rc,
+       OM_uint32 minor_status )
+{
+       OM_uint32 min2;
+       gss_buffer_desc mech_msg = GSS_C_EMPTY_BUFFER;
+       gss_buffer_desc gss_msg = GSS_C_EMPTY_BUFFER;
+       gss_buffer_desc minor_msg = GSS_C_EMPTY_BUFFER;
+       OM_uint32 msg_ctx = 0;
+
+       if (buf == NULL) {
+               return NULL;
+       }
+
+       if (buf_len == 0) {
+               return NULL;
+       }
+
+#ifdef HAVE_GSS_OID_TO_STR
+       gss_oid_to_str(&min2, mech, &mech_msg);
+#endif
+       gss_display_status(&min2, gss_rc, GSS_C_GSS_CODE,
+                          mech, &msg_ctx, &gss_msg);
+       gss_display_status(&min2, minor_status, GSS_C_MECH_CODE,
+                          mech, &msg_ctx, &minor_msg);
+
+       snprintf(buf, buf_len, "gss_rc[%d:%*s] mech[%*s] minor[%u:%*s]",
+                gss_rc, (int)gss_msg.length,
+                (const char *)(gss_msg.value?gss_msg.value:""),
+                (int)mech_msg.length,
+                (const char *)(mech_msg.value?mech_msg.value:""),
+                minor_status, (int)minor_msg.length,
+                (const char *)(minor_msg.value?minor_msg.value:""));
+
+       gss_release_buffer(&min2, &mech_msg);
+       gss_release_buffer(&min2, &gss_msg);
+       gss_release_buffer(&min2, &minor_msg);
+
+       buf[buf_len-1] = '\0';
+
+       return buf;
+}
+
+static void
+sb_sasl_gssapi_init(
+       struct sb_sasl_generic_data *p,
+       ber_len_t *min_send,
+       ber_len_t *max_send,
+       ber_len_t *max_recv )
+{
+       gss_ctx_id_t gss_ctx = (gss_ctx_id_t)p->ops_private;
+       int gss_rc;
+       OM_uint32 minor_status;
+       gss_OID ctx_mech = GSS_C_NO_OID;
+       OM_uint32 ctx_flags = 0;
+       int conf_req_flag = 0;
+       OM_uint32 max_input_size;
+
+       gss_inquire_context(&minor_status,
+                           gss_ctx,
+                           NULL,
+                           NULL,
+                           NULL,
+                           &ctx_mech,
+                           &ctx_flags,
+                           NULL,
+                           NULL);
+
+       if (ctx_flags & (GSS_C_CONF_FLAG)) {
+               conf_req_flag = 1;
+       }
+
+#if defined(HAVE_CYRUS_SASL)
+#define SEND_PREALLOC_SIZE     SASL_MIN_BUFF_SIZE
+#else
+#define SEND_PREALLOC_SIZE      4096
+#endif
+#define SEND_MAX_WIRE_SIZE     0x00A00000
+#define RECV_MAX_WIRE_SIZE     0x0FFFFFFF
+#define FALLBACK_SEND_MAX_SIZE 0x009FFFB8 /* from MIT 1.5.x */
+
+       gss_rc = gss_wrap_size_limit(&minor_status, gss_ctx,
+                                    conf_req_flag, GSS_C_QOP_DEFAULT,
+                                    SEND_MAX_WIRE_SIZE, &max_input_size);
+       if ( gss_rc != GSS_S_COMPLETE ) {
+               char msg[256];
+               ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+                               "sb_sasl_gssapi_init: failed to wrap size limit: %s\n",
+                               gsserrstr( msg, sizeof(msg), ctx_mech, gss_rc, minor_status ) );
+               ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+                               "sb_sasl_gssapi_init: fallback to default wrap size limit\n");
+               /*
+                * some libgssglue/libgssapi versions
+                * have a broken gss_wrap_size_limit()
+                * implementation
+                */
+               max_input_size = FALLBACK_SEND_MAX_SIZE;
+       }
+
+       *min_send = SEND_PREALLOC_SIZE;
+       *max_send = max_input_size;
+       *max_recv = RECV_MAX_WIRE_SIZE;
+}
+
+static ber_int_t
+sb_sasl_gssapi_encode(
+       struct sb_sasl_generic_data *p,
+       unsigned char *buf,
+       ber_len_t len,
+       Sockbuf_Buf *dst )
+{
+       gss_ctx_id_t gss_ctx = (gss_ctx_id_t)p->ops_private;
+       int gss_rc;
+       OM_uint32 minor_status;
+       gss_buffer_desc unwrapped, wrapped;
+       gss_OID ctx_mech = GSS_C_NO_OID;
+       OM_uint32 ctx_flags = 0;
+       int conf_req_flag = 0;
+       int conf_state;
+       unsigned char *b;
+       ber_len_t pkt_len;
+
+       unwrapped.value         = buf;
+       unwrapped.length        = len;
+
+       gss_inquire_context(&minor_status,
+                           gss_ctx,
+                           NULL,
+                           NULL,
+                           NULL,
+                           &ctx_mech,
+                           &ctx_flags,
+                           NULL,
+                           NULL);
+
+       if (ctx_flags & (GSS_C_CONF_FLAG)) {
+               conf_req_flag = 1;
+       }
+
+       gss_rc = gss_wrap(&minor_status, gss_ctx,
+                         conf_req_flag, GSS_C_QOP_DEFAULT,
+                         &unwrapped, &conf_state,
+                         &wrapped);
+       if ( gss_rc != GSS_S_COMPLETE ) {
+               char msg[256];
+               ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+                               "sb_sasl_gssapi_encode: failed to encode packet: %s\n",
+                               gsserrstr( msg, sizeof(msg), ctx_mech, gss_rc, minor_status ) );
+               return -1;
+       }
+
+       if ( conf_req_flag && conf_state == 0 ) {
+               ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+                               "sb_sasl_gssapi_encode: GSS_C_CONF_FLAG was ignored by our gss_wrap()\n" );
+               return -1;
+       }
+
+       pkt_len = 4 + wrapped.length;
+
+       /* Grow the packet buffer if neccessary */
+       if ( dst->buf_size < pkt_len &&
+               ber_pvt_sb_grow_buffer( dst, pkt_len ) < 0 )
+       {
+               ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+                               "sb_sasl_gssapi_encode: failed to grow the buffer to %lu bytes\n",
+                               pkt_len );
+               return -1;
+       }
+
+       dst->buf_end = pkt_len;
+
+       b = (unsigned char *)dst->buf_base;
+
+       b[0] = (unsigned char)(wrapped.length >> 24);
+       b[1] = (unsigned char)(wrapped.length >> 16);
+       b[2] = (unsigned char)(wrapped.length >>  8);
+       b[3] = (unsigned char)(wrapped.length >>  0);
+
+       /* copy the wrapped blob to the right location */
+       memcpy(b + 4, wrapped.value, wrapped.length);
+
+       gss_release_buffer(&minor_status, &wrapped);
+
+       return 0;
+}
+
+static ber_int_t
+sb_sasl_gssapi_decode(
+       struct sb_sasl_generic_data *p,
+       const Sockbuf_Buf *src,
+       Sockbuf_Buf *dst )
+{
+       gss_ctx_id_t gss_ctx = (gss_ctx_id_t)p->ops_private;
+       int gss_rc;
+       OM_uint32 minor_status;
+       gss_buffer_desc unwrapped, wrapped;
+       gss_OID ctx_mech = GSS_C_NO_OID;
+       OM_uint32 ctx_flags = 0;
+       int conf_req_flag = 0;
+       int conf_state;
+       unsigned char *b;
+
+       wrapped.value   = src->buf_base + 4;
+       wrapped.length  = src->buf_end - 4;
+
+       gss_inquire_context(&minor_status,
+                           gss_ctx,
+                           NULL,
+                           NULL,
+                           NULL,
+                           &ctx_mech,
+                           &ctx_flags,
+                           NULL,
+                           NULL);
+
+       if (ctx_flags & (GSS_C_CONF_FLAG)) {
+               conf_req_flag = 1;
+       }
+
+       gss_rc = gss_unwrap(&minor_status, gss_ctx,
+                           &wrapped, &unwrapped,
+                           &conf_state, GSS_C_QOP_DEFAULT);
+       if ( gss_rc != GSS_S_COMPLETE ) {
+               char msg[256];
+               ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+                               "sb_sasl_gssapi_decode: failed to decode packet: %s\n",
+                               gsserrstr( msg, sizeof(msg), ctx_mech, gss_rc, minor_status ) );
+               return -1;
+       }
+
+       if ( conf_req_flag && conf_state == 0 ) {
+               ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+                               "sb_sasl_gssapi_encode: GSS_C_CONF_FLAG was ignored by our peer\n" );
+               return -1;
+       }
+
+       /* Grow the packet buffer if neccessary */
+       if ( dst->buf_size < unwrapped.length &&
+               ber_pvt_sb_grow_buffer( dst, unwrapped.length ) < 0 )
+       {
+               ber_log_printf( LDAP_DEBUG_ANY, p->sbiod->sbiod_sb->sb_debug,
+                               "sb_sasl_gssapi_decode: failed to grow the buffer to %lu bytes\n",
+                               unwrapped.length );
+               return -1;



Home | Main Index | Thread Index | Old Index