spnegoparse.c

代理服务器 squid-2.6.STABLE16

   // number of bytes left to write).

   if ( nTotalBytesWritten == nTokenLength && nInternalTokenLength == 0 &&
         pbWriteTokenData == pbTokenData )
   {
      nReturn = SPNEGO_E_SUCCESS;
   }


xEndWriteNegTokenTarg:

   LOG(("CreateSpnegoTargToken returned %d\n",nReturn));
   return nReturn;


}


/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    AllocEmptySpnegoToken
//
// Parameters:
//    [in]  ucCopyData        -  Flag to copy data or pointer.
//    [in]  ulFlags           -  Flags for SPNEGO_TOKEN data member.
//    [in]  pbTokenData       -  Binary token data.
//    [in]  ulTokenSize       -  Size of pbTokenData.
//
// Returns:
//    SPNEGO_TOKEN*  Success - Pointer to initialized SPNEGO_TOKEN struct
//                   Failure - NULL
//
// Comments :
//    Allocates a SPNEGO_TOKEN data structure and initializes it.  Based on
//    the value of ucCopyData, if non-zero, we copy the data into a buffer
//    we allocate in this function, otherwise, we copy the data pointer
//    direcly.
//
////////////////////////////////////////////////////////////////////////////

SPNEGO_TOKEN* AllocEmptySpnegoToken( unsigned char ucCopyData, unsigned long ulFlags,
                                    unsigned char * pbTokenData, unsigned long ulTokenSize )
{
   SPNEGO_TOKEN*  pSpnegoToken = (SPNEGO_TOKEN*) calloc( 1, sizeof(SPNEGO_TOKEN) );

   if ( NULL != pSpnegoToken )
   {
      // Set the token size
      pSpnegoToken->nStructSize = SPNEGO_TOKEN_SIZE;

      // Initialize the element array
      InitSpnegoTokenElementArray( pSpnegoToken );

      // Assign the flags value
      pSpnegoToken->ulFlags = ulFlags;

      //
      // IF ucCopyData is TRUE, we will allocate a buffer and copy data into it.
      // Otherwise, we will just copy the pointer and the length.  This is so we
      // can cut out additional allocations for performance reasons
      //

      if ( SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA == ucCopyData )
      {
         // Alloc the internal buffer.  Cleanup on failure.
         pSpnegoToken->pbBinaryData = (unsigned char*) calloc( ulTokenSize, sizeof(unsigned char) );

         if ( NULL != pSpnegoToken->pbBinaryData )
         {
            // We must ALWAYS free this buffer
            pSpnegoToken->ulFlags |= SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA;

            // Copy the data locally
            memcpy( pSpnegoToken->pbBinaryData, pbTokenData, ulTokenSize );
            pSpnegoToken->ulBinaryDataLen = ulTokenSize;
         }
         else
         {
            free( pSpnegoToken );
            pSpnegoToken = NULL;
         }

      }  // IF ucCopyData
      else
      {
         // Copy the pointer and the length directly - ulFlags will control whether or not
         // we are allowed to free the value
         
         pSpnegoToken->pbBinaryData = pbTokenData;
         pSpnegoToken->ulBinaryDataLen = ulTokenSize;
      }

   }

   return pSpnegoToken;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    FreeSpnegoToken
//
// Parameters:
//    [in]  pSpnegoToken      -  Points to SPNEGO_TOKEN to free.
//
// Returns:
//    void
//
// Comments :
//    If non-NULL, interprets pSpnegoToken, freeing any internal allocations
//    and finally the actual structure.
//
////////////////////////////////////////////////////////////////////////////

void FreeSpnegoToken( SPNEGO_TOKEN* pSpnegoToken )
{
   if ( NULL != pSpnegoToken )
   {

      // Cleanup internal allocation per the flags
      if ( pSpnegoToken->ulFlags & SPNEGO_TOKEN_INTERNAL_FLAGS_FREEDATA &&
         NULL != pSpnegoToken->pbBinaryData )
      {
         free( pSpnegoToken->pbBinaryData );
         pSpnegoToken->pbBinaryData = NULL;
      }

      free ( pSpnegoToken );
   }
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    InitSpnegoTokenElementArray
//
// Parameters:
//    [in]  pSpnegoToken      -  Points to SPNEGO_TOKEN structure.
//
// Returns:
//    void
//
// Comments :
//    Initializes the element array data member of a SPNEGO_TOKEN data
//    structure.
//
////////////////////////////////////////////////////////////////////////////

void InitSpnegoTokenElementArray( SPNEGO_TOKEN* pSpnegoToken )
{
   int   nCtr;

   // Set the number of elemnts
   pSpnegoToken->nNumElements = MAX_NUM_TOKEN_ELEMENTS;

   //
   // Initially, all elements are unavailable
   //

   for ( nCtr = 0; nCtr < MAX_NUM_TOKEN_ELEMENTS; nCtr++ )
   {
      // Set the element size as well
      pSpnegoToken->aElementArray[ nCtr ].nStructSize = SPNEGO_ELEMENT_SIZE;
      pSpnegoToken->aElementArray[ nCtr ].iElementPresent = SPNEGO_TOKEN_ELEMENT_UNAVAILABLE;
   }
   
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    InitSpnegoTokenType
//
// Parameters:
//    [in]  pSpnegoToken            -  Points to SPNEGO_TOKEN structure.
//    [out] pnTokenLength           -  Filled out with total token length
//    [out] pnRemainingTokenLength  -  Filled out with remaining length
//                                     after header is parsed
//    [out] ppbFirstElement         -  Filled out with pointer to first
//                                     element after header info.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    Walks the underlying binary data for a SPNEGO_TOKEN data structure
//    and determines the type of the underlying token based on token header
//    information.
//
////////////////////////////////////////////////////////////////////////////

int InitSpnegoTokenType( SPNEGO_TOKEN* pSpnegoToken, long* pnTokenLength,
                           long* pnRemainingTokenLength, unsigned char** ppbFirstElement )
{
   int   nReturn = SPNEGO_E_INVALID_TOKEN;
   long  nActualTokenLength = 0L;
   long  nBoundaryLength = pSpnegoToken->ulBinaryDataLen;
   unsigned char* pbTokenData = pSpnegoToken->pbBinaryData;

   //
   // First byte MUST be either an APP_CONSTRUCT or the NEGTARG_TOKEN_TARG
   //

   if ( SPNEGO_NEGINIT_APP_CONSTRUCT == *pbTokenData )
   {
      // Validate the above token - this will tell us the actual length of the token
      // per the encoding (minus the actual token bytes)
      if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_NEGINIT_APP_CONSTRUCT, 0L, nBoundaryLength,
                                          pnTokenLength, &nActualTokenLength ) )
                       == SPNEGO_E_SUCCESS )
      {
         // Initialize the remaining token length value.  This will be used
         // to tell the caller how much token there is left once we've parsed
         // the header (they could calculate it from the other values, but this
         // is a bit friendlier)
         *pnRemainingTokenLength = *pnTokenLength;

         // Make adjustments to next token
         pbTokenData += nActualTokenLength;
         nBoundaryLength -= nActualTokenLength;

         // The next token should be an OID
         if ( ( nReturn = ASNDerCheckOID( pbTokenData, spnego_mech_oid_Spnego, nBoundaryLength,
                                          &nActualTokenLength ) ) == SPNEGO_E_SUCCESS )
         {
            // Make adjustments to next token
            pbTokenData += nActualTokenLength;
            nBoundaryLength -= nActualTokenLength;
            *pnRemainingTokenLength -= nActualTokenLength;

            // The next token should specify the NegTokenInit
            if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_NEGINIT_TOKEN_IDENTIFIER,
                                                *pnRemainingTokenLength, nBoundaryLength, pnTokenLength,
                                                &nActualTokenLength ) )
                             == SPNEGO_E_SUCCESS )
            {
               // Make adjustments to next token
               pbTokenData += nActualTokenLength;
               nBoundaryLength -= nActualTokenLength;
               *pnRemainingTokenLength -= nActualTokenLength;

               // The next token should specify the start of a sequence
               if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_CONSTRUCTED_SEQUENCE,
                                                   *pnRemainingTokenLength, nBoundaryLength, pnTokenLength,
                                                   &nActualTokenLength ) )
                                == SPNEGO_E_SUCCESS )
               {
                  // NegTokenInit header is now checked out!

                  // Make adjustments to next token
                  *pnRemainingTokenLength -= nActualTokenLength;

                  // Store pointer to first element
                  *ppbFirstElement = pbTokenData + nActualTokenLength;
                  pSpnegoToken->ucTokenType = SPNEGO_TOKEN_INIT;
               }  // IF Check Sequence Token

            }  // IF Check NegTokenInit token


         }  // IF Check for SPNEGO OID


      }  // IF check app construct token

   }
   else if ( SPNEGO_NEGTARG_TOKEN_IDENTIFIER == *pbTokenData )
   {

      // The next token should specify the NegTokenInit
      if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_NEGTARG_TOKEN_IDENTIFIER,
                                          *pnRemainingTokenLength, nBoundaryLength, pnTokenLength,
                                          &nActualTokenLength ) )
                       == SPNEGO_E_SUCCESS )
      {
         // Initialize the remaining token length value.  This will be used
         // to tell the caller how much token there is left once we've parsed
         // the header (they could calculate it from the other values, but this
         // is a bit friendlier)
         *pnRemainingTokenLength = *pnTokenLength;

         // Make adjustments to next token
         pbTokenData += nActualTokenLength;
         nBoundaryLength -= nActualTokenLength;

         // The next token should specify the start of a sequence
         if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_CONSTRUCTED_SEQUENCE,
                                             *pnRemainingTokenLength, nBoundaryLength, pnTokenLength,
                                             &nActualTokenLength ) )
                          == SPNEGO_E_SUCCESS )
         {
            // NegTokenInit header is now checked out!

            // Make adjustments to next token
            *pnRemainingTokenLength -= nActualTokenLength;

            // Store pointer to first element
            *ppbFirstElement = pbTokenData + nActualTokenLength;
            pSpnegoToken->ucTokenType = SPNEGO_TOKEN_TARG;
         }  // IF Check Sequence Token

      }  // IF Check NegTokenInit token

   }  // ELSE IF it's a NegTokenTarg

   LOG(("InitSpnegoTokenType returned %d\n",nReturn));
   return nReturn;
}


/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    GetSpnegoInitTokenMechList
//
// Parameters:
//    [in]  pbTokenData             -  Points to binary MechList element
//                                     in NegTokenInit.
//    [in]  nMechListLength         -  Length of the MechList
//    [out] pSpnegoElement          -  Filled out with MechList Element
//                                     data.
//
// Returns:
//    int   Success - SPNEGO_E_SUCCESS
//          Failure - SPNEGO API Error code
//
// Comments :
//    Checks that pbTokenData is pointing at something that at least
//    *looks* like a MechList and then fills out the supplied
//    SPNEGO_ELEMENT structure.
//
////////////////////////////////////////////////////////////////////////////

int GetSpnegoInitTokenMechList( unsigned char* pbTokenData, int nMechListLength,
                                 SPNEGO_ELEMENT* pSpnegoElement )
{
   int   nReturn = SPNEGO_E_INVALID_TOKEN;
   long  nLength = 0L;
   long  nActualTokenLength = 0L;

   // Actual MechList is prepended by a Constructed Sequence Token
   if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_CONSTRUCTED_SEQUENCE,
                                       nMechListLength, nMechListLength,
                                       &nLength, &nActualTokenLength ) )
                             == SPNEGO_E_SUCCESS )
   {
      // Adjust for this token
      nMechListLength -= nActualTokenLength;
      pbTokenData += nActualTokenLength;

      // Perform simple validation of the actual MechList (i.e. ensure that
      // the OIDs in the MechList are reasonable).

      if ( ( nReturn = ValidateMechList( pbTokenData, nLength ) ) == SPNEGO_E_SUCCESS )
      {
         // Initialize the element now
         pSpnegoElement->eElementType = spnego_init_mechtypes;
         pSpnegoElement->iElementPresent = SPNEGO_TOKEN_ELEMENT_AVAILABLE;
         pSpnegoElement->type = SPNEGO_MECHLIST_TYPE;
         pSpnegoElement->nDatalength = nLength;
         pSpnegoElement->pbData = pbTokenData;
      }

   }  // IF Check Token

   LOG(("GetSpnegoInitTokenMechList returned %d\n",nReturn));
   return nReturn;
}

/////////////////////////////////////////////////////////////////////////////
//
// Function:
//    InitSpnegoTokenElementFromBasicType
//
// Parameters: