diff options
Diffstat (limited to 'src/lib/gssapi/krb5/inq_context.c')
-rw-r--r-- | src/lib/gssapi/krb5/inq_context.c | 95 |
1 files changed, 66 insertions, 29 deletions
diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c index 51be202..97678e3 100644 --- a/src/lib/gssapi/krb5/inq_context.c +++ b/src/lib/gssapi/krb5/inq_context.c @@ -186,58 +186,95 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, return GSS_S_COMPLETE; } -OM_uint32 -gss_krb5int_inq_session_key( - OM_uint32 *minor_status, - const gss_ctx_id_t context_handle, - const gss_OID desired_object, - gss_buffer_set_t *data_set) +/* Add two buffers to data_set giving the contents and enctype of key. */ +static OM_uint32 +inq_session_key_result(OM_uint32 *minor_status, krb5_key key, + gss_buffer_set_t *data_set) { - krb5_gss_ctx_id_rec *ctx; - krb5_key key; gss_buffer_desc keyvalue, keyinfo; - OM_uint32 major_status, minor; + OM_uint32 major, tmpmin; unsigned char oid_buf[GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH + 6]; gss_OID_desc oid; - ctx = (krb5_gss_ctx_id_rec *) context_handle; - key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey : ctx->subkey; - keyvalue.value = key->keyblock.contents; keyvalue.length = key->keyblock.length; - - major_status = generic_gss_add_buffer_set_member(minor_status, &keyvalue, data_set); - if (GSS_ERROR(major_status)) + major = generic_gss_add_buffer_set_member(minor_status, &keyvalue, + data_set); + if (GSS_ERROR(major)) goto cleanup; oid.elements = oid_buf; oid.length = sizeof(oid_buf); - - major_status = generic_gss_oid_compose(minor_status, - GSS_KRB5_SESSION_KEY_ENCTYPE_OID, - GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH, - key->keyblock.enctype, - &oid); - if (GSS_ERROR(major_status)) + major = generic_gss_oid_compose(minor_status, + GSS_KRB5_SESSION_KEY_ENCTYPE_OID, + GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH, + key->keyblock.enctype, &oid); + if (GSS_ERROR(major)) goto cleanup; keyinfo.value = oid.elements; keyinfo.length = oid.length; - - major_status = generic_gss_add_buffer_set_member(minor_status, &keyinfo, data_set); - if (GSS_ERROR(major_status)) + major = generic_gss_add_buffer_set_member(minor_status, &keyinfo, + data_set); + if (GSS_ERROR(major)) goto cleanup; return GSS_S_COMPLETE; cleanup: if (*data_set != GSS_C_NO_BUFFER_SET) { - if ((*data_set)->count != 0) - memset((*data_set)->elements[0].value, 0, (*data_set)->elements[0].length); - gss_release_buffer_set(&minor, data_set); + if ((*data_set)->count != 0) { + zap((*data_set)->elements[0].value, + (*data_set)->elements[0].length); + } + gss_release_buffer_set(&tmpmin, data_set); } - return major_status; + return major; +} + +OM_uint32 +gss_krb5int_inq_sspi_session_key(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + krb5_gss_ctx_id_t ctx = (krb5_gss_ctx_id_t)context_handle; + krb5_key key; + + if (ctx->terminated || !ctx->established) { + *minor_status = KG_CTX_INCOMPLETE; + return GSS_S_NO_CONTEXT; + } + key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey : ctx->subkey; + return inq_session_key_result(minor_status, key, data_set); +} + +OM_uint32 +gss_krb5int_inq_odbc_session_key(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + OM_uint32 major; + krb5_error_code ret; + krb5_gss_ctx_id_t ctx = (krb5_gss_ctx_id_t)context_handle; + krb5_key key; + + if (ctx->terminated || !ctx->established) { + *minor_status = KG_CTX_INCOMPLETE; + return GSS_S_NO_CONTEXT; + } + + ret = krb5_auth_con_getkey_k(ctx->k5_context, ctx->auth_context, &key); + if (ret) { + *minor_status = ret; + return GSS_S_FAILURE; + } + + major = inq_session_key_result(minor_status, key, data_set); + krb5_k_free_key(ctx->k5_context, key); + return major; } OM_uint32 |