spnego.c

代理服务器 squid-2.6.STABLE16

   return nReturn;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    spnegoIsMechTypeAvailable
//
// Parameters:
//    [in]  hSpnegoToken      -  Initialized SPNEGO_TOKEN_HANDLE
//    [in]  MechOID           -  MechOID to search MechTypeList for
//    [out] piMechTypeIndex   -  Filled out with index in MechTypeList
//                               element if MechOID is found.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    hSpnegoToken must reference a token of type NegTokenInit.  The
//    function will search the MechTypeList element for an OID corresponding
//    to the specified MechOID.  If one is found, the index (0 based) will
//    be passed into the piMechTypeIndex parameter.
//
////////////////////////////////////////////////////////////////////////////

// Returns the Initial Mech Type in the MechList element in the NegInitToken.
int spnegoIsMechTypeAvailable( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID MechOID, int * piMechTypeIndex )
{
   int   nReturn = SPNEGO_E_INVALID_PARAMETER;
   SPNEGO_TOKEN*  pSpnegoToken = (SPNEGO_TOKEN*) hSpnegoToken;
   
   // Check parameters
   if (  IsValidSpnegoToken( pSpnegoToken ) &&
         NULL != piMechTypeIndex &&
         IsValidMechOid( MechOID ) && 
         SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType )
   {

      // Check if MechList is available
      if ( pSpnegoToken->aElementArray[SPNEGO_INIT_MECHTYPES_ELEMENT].iElementPresent
            == SPNEGO_TOKEN_ELEMENT_AVAILABLE )
      {
         // Locate the MechOID in the list element
         nReturn = FindMechOIDInMechList(
                     &pSpnegoToken->aElementArray[SPNEGO_INIT_MECHTYPES_ELEMENT],
                     MechOID, piMechTypeIndex );
      }
      else
      {
         nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE;
      }

   }  // IF parameters OK

   LOG(("spnegoIsMechTypeAvailable returned %d\n",nReturn));
   return nReturn;;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    spnegoGetContextFlags
//
// Parameters:
//    [in]  hSpnegoToken      -  Initialized SPNEGO_TOKEN_HANDLE
//    [out] pucContextFlags   -  Filled out with ContextFlags value.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    hSpnegoToken must reference a token of type NegTokenInit.  The
//    function will copy data from the ContextFlags element into the
//    location pucContextFlags points to.  Note that the function will
//    fail if the actual ContextFlags data appears invalid.
//
////////////////////////////////////////////////////////////////////////////

int spnegoGetContextFlags( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pucContextFlags )
{
   int   nReturn = SPNEGO_E_INVALID_PARAMETER;
   SPNEGO_TOKEN*  pSpnegoToken = (SPNEGO_TOKEN*) hSpnegoToken;
   
   // Check parameters
   if (  IsValidSpnegoToken( pSpnegoToken ) &&
         NULL != pucContextFlags &&
         SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType )
   {

      // Check if ContextFlags is available
      if ( pSpnegoToken->aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT].iElementPresent
            == SPNEGO_TOKEN_ELEMENT_AVAILABLE )
      {
         // The length should be two, the value should show a 1 bit difference in the difference byte, and
         // the value must be valid
         if ( pSpnegoToken->aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT].nDatalength == SPNEGO_NEGINIT_MAXLEN_REQFLAGS &&
               pSpnegoToken->aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT].pbData[0] == SPNEGO_NEGINIT_REQFLAGS_BITDIFF &&
               IsValidContextFlags( pSpnegoToken->aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT].pbData[1] ) )
         {
            *pucContextFlags = pSpnegoToken->aElementArray[SPNEGO_INIT_REQFLAGS_ELEMENT].pbData[1];
            nReturn = SPNEGO_E_SUCCESS;
         }
         else
         {
            nReturn = SPNEGO_E_INVALID_ELEMENT;
         }

      }
      else
      {
         nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE;
      }

   }  // IF parameters OK

   LOG(("spnegoGetContextFlags returned %d\n",nReturn));
   return nReturn;;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    spnegoGetNegotiationResult
//
// Parameters:
//    [in]  hSpnegoToken      -  Initialized SPNEGO_TOKEN_HANDLE
//    [out] pnegResult        -  Filled out with NegResult value.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    hSpnegoToken must reference a token of type NegTokenTarg.  The
//    function will copy data from the NegResult element into the
//    location pointed to by pnegResult.  Note that the function will
//    fail if the actual NegResult data appears invalid.
//
////////////////////////////////////////////////////////////////////////////

int spnegoGetNegotiationResult( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_NEGRESULT* pnegResult )
{
   int   nReturn = SPNEGO_E_INVALID_PARAMETER;
   SPNEGO_TOKEN*  pSpnegoToken = (SPNEGO_TOKEN*) hSpnegoToken;
   
   // Check parameters
   if (  IsValidSpnegoToken( pSpnegoToken ) &&
         NULL != pnegResult &&
         SPNEGO_TOKEN_TARG == pSpnegoToken->ucTokenType )
   {

      // Check if NegResult is available
      if ( pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].iElementPresent
            == SPNEGO_TOKEN_ELEMENT_AVAILABLE )
      {
         // Must be 1 byte long and a valid value
         if ( pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].nDatalength == SPNEGO_NEGTARG_MAXLEN_NEGRESULT &&
               IsValidNegResult( *pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].pbData ) )
         {
            *pnegResult = *pSpnegoToken->aElementArray[SPNEGO_TARG_NEGRESULT_ELEMENT].pbData;
            nReturn = SPNEGO_E_SUCCESS;
         }
         else
         {
            nReturn = SPNEGO_E_INVALID_ELEMENT;
         }
      }
      else
      {
         nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE;
      }

   }  // IF parameters OK

   LOG(("spnegoGetNegotiationResult returned %d\n",nReturn));
   return nReturn;;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    spnegoGetSupportedMechType
//
// Parameters:
//    [in]  hSpnegoToken      -  Initialized SPNEGO_TOKEN_HANDLE
//    [out] pMechOID          -  Filled out with Supported MechType value.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    hSpnegoToken must reference a token of type NegTokenTarg.  The
//    function will check the Supported MechType element, and if it
//    corresponds to a supported MechType ( spnego_mech_oid_Kerberos_V5_Legacy
//    or spnego_mech_oid_Kerberos_V5 ), will set the location pointed
//    to by pMechOID equal to the appropriate value.
//
////////////////////////////////////////////////////////////////////////////

int spnegoGetSupportedMechType( SPNEGO_TOKEN_HANDLE hSpnegoToken, SPNEGO_MECH_OID* pMechOID  )
{
   int   nReturn = SPNEGO_E_INVALID_PARAMETER;
   int   nCtr = 0L;
   long  nLength = 0L;
   SPNEGO_TOKEN*  pSpnegoToken = (SPNEGO_TOKEN*) hSpnegoToken;
   
   // Check parameters
   if (  IsValidSpnegoToken( pSpnegoToken ) &&
         NULL != pMechOID &&
         SPNEGO_TOKEN_TARG == pSpnegoToken->ucTokenType )
   {

      // Check if MechList is available
      if ( pSpnegoToken->aElementArray[SPNEGO_TARG_SUPPMECH_ELEMENT].iElementPresent
            == SPNEGO_TOKEN_ELEMENT_AVAILABLE )
      {
         
         for ( nCtr = 0;
               nReturn != SPNEGO_E_SUCCESS &&
               g_stcMechOIDList[nCtr].eMechanismOID != spnego_mech_oid_NotUsed;
               nCtr++ )
         {

            if ( ( nReturn = ASNDerCheckOID(
                        pSpnegoToken->aElementArray[SPNEGO_TARG_SUPPMECH_ELEMENT].pbData,
                        nCtr,
                        pSpnegoToken->aElementArray[SPNEGO_TARG_SUPPMECH_ELEMENT].nDatalength,
                        &nLength ) ) == SPNEGO_E_SUCCESS )
            {
               *pMechOID = nCtr;
            }

         }  // For enum MechOIDs


      }
      else
      {
         nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE;
      }

   }  // IF parameters OK

   LOG(("spnegoGetSupportedMechType returned %d\n",nReturn));
   return nReturn;;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    spnegoTokenGetMechToken
//
// Parameters:
//    [in]     hSpnegoToken   -  Initialized SPNEGO_TOKEN_HANDLE
//    [out]    pbTokenData    -  Buffer to copy MechToken into
//    [in/out] pulDataLen     -  Length of pbTokenData buffer, filled out
//                               with actual size used upon function return.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    hSpnegoToken can point to either NegTokenInit or a NegTokenTarg token.
//    The function will copy the MechToken (the initial MechToken if
//    NegTokenInit, the response MechToken if NegTokenTarg) from the
//    underlying token into the buffer pointed to by pbTokenData.  If
//    pbTokenData is NULL, or the value in pulDataLen is too small, the
//    function will return SPNEGO_E_BUFFER_TOO_SMALL and fill out pulDataLen
//    with the minimum required buffer size.  The token can then be passed
//    to a GSS-API function for processing.
//
////////////////////////////////////////////////////////////////////////////

int spnegoGetMechToken( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbTokenData, unsigned long* pulDataLen )
{
   int   nReturn = SPNEGO_E_INVALID_PARAMETER;
   SPNEGO_TOKEN*  pSpnegoToken = (SPNEGO_TOKEN*) hSpnegoToken;
   SPNEGO_ELEMENT*   pSpnegoElement = NULL;
   
   // Check parameters
   if (  IsValidSpnegoToken( pSpnegoToken ) &&
         NULL != pulDataLen )
   {

      // Point at the proper Element
      if ( SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType )
      {
         pSpnegoElement = &pSpnegoToken->aElementArray[SPNEGO_INIT_MECHTOKEN_ELEMENT];
      }
      else
      {
         pSpnegoElement = &pSpnegoToken->aElementArray[SPNEGO_TARG_RESPTOKEN_ELEMENT];
      }

      // Check if MechType is available
      if ( SPNEGO_TOKEN_ELEMENT_AVAILABLE == pSpnegoElement->iElementPresent  )
      {
         // Check for Buffer too small conditions
         if ( NULL == pbTokenData ||
               pSpnegoElement->nDatalength > *pulDataLen )
         {
            *pulDataLen = pSpnegoElement->nDatalength;
            nReturn = SPNEGO_E_BUFFER_TOO_SMALL;
         }
         else
         {
            // Copy Memory
            memcpy( pbTokenData, pSpnegoElement->pbData, pSpnegoElement->nDatalength );
            *pulDataLen = pSpnegoElement->nDatalength;
            nReturn = SPNEGO_E_SUCCESS;
         }
      }
      else
      {
         nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE;
      }

   }  // IF parameters OK

   LOG(("spnegoGetMechToken returned %d\n",nReturn));
   return nReturn;;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    spnegoTokenGetMechListMIC
//
// Parameters:
//    [in]     hSpnegoToken   -  Initialized SPNEGO_TOKEN_HANDLE
//    [out]    pbTokenData    -  Buffer to copy MechListMIC data into
//    [in/out] pulDataLen     -  Length of pbTokenData buffer, filled out
//                               with actual size used upon function return.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    hSpnegoToken can point to either NegTokenInit or a NegTokenTarg token.
//    The function will copy the MechListMIC data from the underlying token
//    into the buffer pointed to by pbTokenData.  If pbTokenData is NULL,
//    or the value in pulDataLen is too small, the function will return
//    SPNEGO_E_BUFFER_TOO_SMALL and fill out pulDataLen with the minimum
//    required buffer size.
//
////////////////////////////////////////////////////////////////////////////

int spnegoGetMechListMIC( SPNEGO_TOKEN_HANDLE hSpnegoToken, unsigned char* pbMICData, unsigned long* pulDataLen )
{
   int   nReturn = SPNEGO_E_INVALID_PARAMETER;
   SPNEGO_TOKEN*  pSpnegoToken = (SPNEGO_TOKEN*) hSpnegoToken;
   SPNEGO_ELEMENT*   pSpnegoElement = NULL;
   
   // Check parameters
   if (  IsValidSpnegoToken( pSpnegoToken ) &&
         NULL != pulDataLen )
   {

      // Point at the proper Element
      if ( SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType )
      {
         pSpnegoElement = &pSpnegoToken->aElementArray[SPNEGO_INIT_MECHLISTMIC_ELEMENT];
      }
      else
      {
         pSpnegoElement = &pSpnegoToken->aElementArray[SPNEGO_TARG_MECHLISTMIC_ELEMENT];
      }

      // Check if MechType is available
      if ( SPNEGO_TOKEN_ELEMENT_AVAILABLE == pSpnegoElement->iElementPresent  )
      {
         // Check for Buffer too small conditions
         if ( NULL == pbMICData ||
               pSpnegoElement->nDatalength > *pulDataLen )
         {
            *pulDataLen = pSpnegoElement->nDatalength;
            nReturn = SPNEGO_E_BUFFER_TOO_SMALL;
         }
         else
         {
            // Copy Memory
            memcpy( pbMICData, pSpnegoElement->pbData, pSpnegoElement->nDatalength );
            *pulDataLen = pSpnegoElement->nDatalength;
            nReturn = SPNEGO_E_SUCCESS;
         }
      }
      else
      {
         nReturn = SPNEGO_E_ELEMENT_UNAVAILABLE;
      }

   }  // IF parameters OK

   LOG(("spnegoGetMechListMIC returned %d\n",nReturn));
   return nReturn;;
}