| auth_gss.c | auth_gss.c | |||
|---|---|---|---|---|
| /* ======================================================================== | ||||
| * Copyright 1988-2006 University of Washington | ||||
| * | ||||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| * you may not use this file except in compliance with the License. | ||||
| * You may obtain a copy of the License at | ||||
| * | ||||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||||
| * | ||||
| * | ||||
| * ======================================================================== | ||||
| */ | ||||
| /* | /* | |||
| * Program: GSSAPI authenticator | * Program: GSSAPI authenticator | |||
| * | * | |||
| * Author: Mark Crispin | * Author: Mark Crispin | |||
| * Networks and Distributed Computing | * Networks and Distributed Computing | |||
| * Computing & Communications | * Computing & Communications | |||
| * University of Washington | * University of Washington | |||
| * Administration Building, AG-44 | * Administration Building, AG-44 | |||
| * Seattle, WA 98195 | * Seattle, WA 98195 | |||
| * Internet: MRC@CAC.Washington.EDU | * Internet: MRC@CAC.Washington.EDU | |||
| * | * | |||
| * Date: 12 January 1998 | * Date: 12 January 1998 | |||
| * Last Edited: 15 March 2004 | * Last Edited: 30 August 2006 | |||
| * | ||||
| * The IMAP toolkit provided in this Distribution is | ||||
| * Copyright 1988-2004 University of Washington. | ||||
| * The full text of our legal notices is contained in the file called | ||||
| * CPYRIGHT, included with this Distribution. | ||||
| */ | */ | |||
| long auth_gssapi_valid (void); | long auth_gssapi_valid (void); | |||
| long auth_gssapi_client (authchallenge_t challenger,authrespond_t responder , | long auth_gssapi_client (authchallenge_t challenger,authrespond_t responder , | |||
| char *service,NETMBX *mb,void *stream, | char *service,NETMBX *mb,void *stream, | |||
| unsigned long *trial,char *user); | unsigned long *trial,char *user); | |||
| long auth_gssapi_client_work (authchallenge_t challenger,gss_buffer_desc ch al, | long auth_gssapi_client_work (authchallenge_t challenger,gss_buffer_desc ch al, | |||
| authrespond_t responder,char *service,NETMBX * mb, | authrespond_t responder,char *service,NETMBX * mb, | |||
| void *stream,char *user,kinit_t ki); | void *stream,char *user,kinit_t ki); | |||
| char *auth_gssapi_server (authresponse_t responder,int argc,char *argv[]); | char *auth_gssapi_server (authresponse_t responder,int argc,char *argv[]); | |||
| skipping to change at line 143 | skipping to change at line 151 | |||
| /* get service name */ | /* get service name */ | |||
| if (gss_import_name (&smn,&buf,GSS_C_NT_HOSTBASED_SERVICE,&crname) != | if (gss_import_name (&smn,&buf,GSS_C_NT_HOSTBASED_SERVICE,&crname) != | |||
| GSS_S_COMPLETE) { | GSS_S_COMPLETE) { | |||
| mm_log ("Can't import Kerberos service name",WARN); | mm_log ("Can't import Kerberos service name",WARN); | |||
| (*responder) (stream,NIL,0); | (*responder) (stream,NIL,0); | |||
| } | } | |||
| else { | else { | |||
| data = (*bn) (BLOCK_SENSITIVE,NIL); | data = (*bn) (BLOCK_SENSITIVE,NIL); | |||
| /* negotiate with KDC */ | /* negotiate with KDC */ | |||
| smj = gss_init_sec_context (&smn,GSS_C_NO_CREDENTIAL,&ctx,crname,NIL, | smj = gss_init_sec_context (&smn,GSS_C_NO_CREDENTIAL,&ctx,crname,NIL, | |||
| GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,0, | GSS_C_INTEG_FLAG | GSS_C_MUTUAL_FLAG | | |||
| GSS_C_NO_CHANNEL_BINDINGS,GSS_C_NO_BUFFER,NI | GSS_C_REPLAY_FLAG,0,GSS_C_NO_CHANNEL_BINDING | |||
| L, | S, | |||
| &resp,NIL,NIL); | GSS_C_NO_BUFFER,NIL,&resp,NIL,NIL); | |||
| (*bn) (BLOCK_NONSENSITIVE,data); | (*bn) (BLOCK_NONSENSITIVE,data); | |||
| /* while continuation needed */ | /* while continuation needed */ | |||
| while (smj == GSS_S_CONTINUE_NEEDED) { | while (smj == GSS_S_CONTINUE_NEEDED) { | |||
| if (chal.value) fs_give ((void **) &chal.value); | if (chal.value) fs_give ((void **) &chal.value); | |||
| /* send response, get next challenge */ | /* send response, get next challenge */ | |||
| i = (*responder) (stream,resp.value,resp.length) && | i = (*responder) (stream,resp.value,resp.length) && | |||
| (chal.value = (*challenger) (stream,(unsigned long *) &chal.length)) ; | (chal.value = (*challenger) (stream,(unsigned long *) &chal.length)) ; | |||
| gss_release_buffer (&smn,&resp); | gss_release_buffer (&smn,&resp); | |||
| if (i) { /* negotiate continuation with KDC */ | if (i) { /* negotiate continuation with KDC */ | |||
| data = (*bn) (BLOCK_SENSITIVE,NIL); | data = (*bn) (BLOCK_SENSITIVE,NIL); | |||
| switch (smj = /* make sure continuation going OK */ | switch (smj = /* make sure continuation going OK */ | |||
| gss_init_sec_context (&smn,GSS_C_NO_CREDENTIAL,&ctx, | gss_init_sec_context (&smn,GSS_C_NO_CREDENTIAL,&ctx, | |||
| crname,GSS_C_NO_OID, | crname,GSS_C_NO_OID,GSS_C_INTEG_FLAG | | |||
| GSS_C_MUTUAL_FLAG|GSS_C_REPLAY_FLAG,0, | GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, | |||
| 0, | ||||
| GSS_C_NO_CHANNEL_BINDINGS,&chal,NIL, | GSS_C_NO_CHANNEL_BINDINGS,&chal,NIL, | |||
| &resp,NIL,NIL)) { | &resp,NIL,NIL)) { | |||
| case GSS_S_CONTINUE_NEEDED: | case GSS_S_CONTINUE_NEEDED: | |||
| case GSS_S_COMPLETE: | case GSS_S_COMPLETE: | |||
| break; | break; | |||
| default: /* error, don't need context any more */ | default: /* error, don't need context any more */ | |||
| gss_delete_sec_context (&smn,&ctx,NIL); | gss_delete_sec_context (&smn,&ctx,NIL); | |||
| } | } | |||
| (*bn) (BLOCK_NONSENSITIVE,data); | (*bn) (BLOCK_NONSENSITIVE,data); | |||
| } | } | |||
| End of changes. 4 change blocks. | ||||
| 12 lines changed or deleted | 21 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||