📄 spnegoparse.c
字号:
// [in] pbTokenData - Points to binary element data in// a SPNEGO token.// [in] nElementLength - Length of the element// [in] ucExpectedType - Expected DER type.// [in] spnegoElementType - Which element is this?// [out] pSpnegoElement - Filled out with element data.//// Returns:// int Success - SPNEGO_E_SUCCESS// Failure - SPNEGO API Error code//// Comments :// Checks that pbTokenData is pointing at the specified DER type. If so,// then we verify that lengths are proper and then fill out the // SPNEGO_ELEMENT data structure.//////////////////////////////////////////////////////////////////////////////int InitSpnegoTokenElementFromBasicType( unsigned char* pbTokenData, int nElementLength, unsigned char ucExpectedType, SPNEGO_ELEMENT_TYPE spnegoElementType, SPNEGO_ELEMENT* pSpnegoElement ){ int nReturn = SPNEGO_E_UNEXPECTED_TYPE; long nLength = 0L; long nActualTokenLength = 0L; // The type BYTE must match our token data or something is badly wrong if ( *pbTokenData == ucExpectedType ) { // Check that we are pointing at the specified type if ( ( nReturn = ASNDerCheckToken( pbTokenData, ucExpectedType, nElementLength, nElementLength, &nLength, &nActualTokenLength ) ) == SPNEGO_E_SUCCESS ) { // Adjust for this token nElementLength -= nActualTokenLength; pbTokenData += nActualTokenLength; // Initialize the element now pSpnegoElement->eElementType = spnegoElementType; pSpnegoElement->iElementPresent = SPNEGO_TOKEN_ELEMENT_AVAILABLE; pSpnegoElement->type = ucExpectedType; pSpnegoElement->nDatalength = nLength; pSpnegoElement->pbData = pbTokenData; } } // IF type makes sense LOG(("InitSpnegoTokenElementFromBasicType returned %d\n",nReturn)); return nReturn;}///////////////////////////////////////////////////////////////////////////////// Function:// InitSpnegoTokenElementFromOID//// Parameters:// [in] pbTokenData - Points to binary element data in// a SPNEGO token.// [in] nElementLength - Length of the element// [in] spnegoElementType - Which element is this?// [out] pSpnegoElement - Filled out with element data.//// Returns:// int Success - SPNEGO_E_SUCCESS// Failure - SPNEGO API Error code//// Comments :// Initializes a SpnegoElement from an OID - normally, this would have// used the Basic Type function above, but since we do binary compares// on the OIDs against the DER information as well as the OID, we need// to account for that.//////////////////////////////////////////////////////////////////////////////int InitSpnegoTokenElementFromOID( unsigned char* pbTokenData, int nElementLength, SPNEGO_ELEMENT_TYPE spnegoElementType, SPNEGO_ELEMENT* pSpnegoElement ){ int nReturn = SPNEGO_E_UNEXPECTED_TYPE; long nLength = 0L; long nActualTokenLength = 0L; // The type BYTE must match our token data or something is badly wrong if ( *pbTokenData == OID ) { // Check that we are pointing at an OID type if ( ( nReturn = ASNDerCheckToken( pbTokenData, OID, nElementLength, nElementLength, &nLength, &nActualTokenLength ) ) == SPNEGO_E_SUCCESS ) { // Don't adjust any values for this function // Initialize the element now pSpnegoElement->eElementType = spnegoElementType; pSpnegoElement->iElementPresent = SPNEGO_TOKEN_ELEMENT_AVAILABLE; pSpnegoElement->type = OID; pSpnegoElement->nDatalength = nElementLength; pSpnegoElement->pbData = pbTokenData; } } // IF type makes sense LOG(("InitSpnegoTokenElementFromBasicType returned %d\n",nReturn)); return nReturn;}///////////////////////////////////////////////////////////////////////////////// Function:// InitSpnegoTokenElements//// Parameters:// [in] pSpnegoToken - Points to SPNEGO_TOKEN struct// [in] pbTokenData - Points to initial binary element// data in a SPNEGO token.// [in] nRemainingTokenLength - Length remaining past header//// Returns:// int Success - SPNEGO_E_SUCCESS// Failure - SPNEGO API Error code//// Comments :// Interprets the data at pbTokenData based on the TokenType in// pSpnegoToken. Since some elements are optional (technically all are// but the token becomes quite useless if this is so), we check if// an element exists before filling out the element in the array.//////////////////////////////////////////////////////////////////////////////int InitSpnegoTokenElements( SPNEGO_TOKEN* pSpnegoToken, unsigned char* pbTokenData, long nRemainingTokenLength ){ // // The following arrays contain the token identifiers for the elements // comprising the actual token. All values are optional, and there are // no defaults. // static unsigned char abNegTokenInitElements[] = { SPNEGO_NEGINIT_ELEMENT_MECHTYPES, SPNEGO_NEGINIT_ELEMENT_REQFLAGS, SPNEGO_NEGINIT_ELEMENT_MECHTOKEN, SPNEGO_NEGINIT_ELEMENT_MECHLISTMIC }; static unsigned char abNegTokenTargElements[] = { SPNEGO_NEGTARG_ELEMENT_NEGRESULT, SPNEGO_NEGTARG_ELEMENT_SUPPORTEDMECH, SPNEGO_NEGTARG_ELEMENT_RESPONSETOKEN, SPNEGO_NEGTARG_ELEMENT_MECHLISTMIC }; int nReturn = SPNEGO_E_SUCCESS; int nCtr = 0L; long nElementLength = 0L; long nActualTokenLength = 0L; unsigned char* pbElements = NULL; // Point to the correct array switch( pSpnegoToken->ucTokenType ) { case SPNEGO_TOKEN_INIT: { pbElements = abNegTokenInitElements; } break; case SPNEGO_TOKEN_TARG: { pbElements = abNegTokenTargElements; } break; } // SWITCH tokentype // // Enumerate the element arrays and look for the tokens at our current location // for ( nCtr = 0L; SPNEGO_E_SUCCESS == nReturn && nCtr < MAX_NUM_TOKEN_ELEMENTS && nRemainingTokenLength > 0L; nCtr++ ) { // Check if the token exists if ( ( nReturn = ASNDerCheckToken( pbTokenData, pbElements[nCtr], 0L, nRemainingTokenLength, &nElementLength, &nActualTokenLength ) ) == SPNEGO_E_SUCCESS ) { // Token data should skip over the sequence token and then // call the appropriate function to initialize the element pbTokenData += nActualTokenLength; // Lengths in the elements should NOT go beyond the element // length // Different tokens mean different elements if ( SPNEGO_TOKEN_INIT == pSpnegoToken->ucTokenType ) { // Handle each element as appropriate switch( pbElements[nCtr] ) { case SPNEGO_NEGINIT_ELEMENT_MECHTYPES: { // // This is a Mech List that specifies which OIDs the // originator of the Init Token supports. // nReturn = GetSpnegoInitTokenMechList( pbTokenData, nElementLength, &pSpnegoToken->aElementArray[nCtr] ); } break; case SPNEGO_NEGINIT_ELEMENT_REQFLAGS: { // // This is a BITSTRING which specifies the flags that the receiver // pass to the gss_accept_sec_context() function. // nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength, BITSTRING, spnego_init_reqFlags, &pSpnegoToken->aElementArray[nCtr] ); } break; case SPNEGO_NEGINIT_ELEMENT_MECHTOKEN: { // // This is an OCTETSTRING which contains a GSSAPI token corresponding // to the first OID in the MechList. // nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength, OCTETSTRING, spnego_init_mechToken, &pSpnegoToken->aElementArray[nCtr] ); } break; case SPNEGO_NEGINIT_ELEMENT_MECHLISTMIC: { // // This is an OCTETSTRING which contains a message integrity BLOB. // nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength, OCTETSTRING, spnego_init_mechListMIC, &pSpnegoToken->aElementArray[nCtr] ); } break; } // SWITCH Element } else { switch( pbElements[nCtr] ) { case SPNEGO_NEGTARG_ELEMENT_NEGRESULT: { // // This is an ENUMERATION which specifies result of the last GSS // token negotiation call. // nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength, ENUMERATED, spnego_targ_negResult, &pSpnegoToken->aElementArray[nCtr] ); } break; case SPNEGO_NEGTARG_ELEMENT_SUPPORTEDMECH: { // // This is an OID which specifies a supported mechanism. // nReturn = InitSpnegoTokenElementFromOID( pbTokenData, nElementLength, spnego_targ_mechListMIC, &pSpnegoToken->aElementArray[nCtr] ); } break; case SPNEGO_NEGTARG_ELEMENT_RESPONSETOKEN: { // // This is an OCTETSTRING which specifies results of the last GSS // token negotiation call. // nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength, OCTETSTRING, spnego_targ_responseToken, &pSpnegoToken->aElementArray[nCtr] ); } break; case SPNEGO_NEGTARG_ELEMENT_MECHLISTMIC: { // // This is an OCTETSTRING which specifies a message integrity BLOB. // nReturn = InitSpnegoTokenElementFromBasicType( pbTokenData, nElementLength, OCTETSTRING, spnego_targ_mechListMIC, &pSpnegoToken->aElementArray[nCtr] ); } break; } // SWITCH Element } // ELSE !NegTokenInit // Account for the entire token and following data nRemainingTokenLength -= ( nActualTokenLength + nElementLength ); // Token data should skip past the element length now pbTokenData += nElementLength; } // IF Token found else if ( SPNEGO_E_TOKEN_NOT_FOUND == nReturn ) { // For now, this is a benign error (remember, all elements are optional, so // if we don't find one, it's okay). nReturn = SPNEGO_E_SUCCESS; } } // FOR enum elements // // We should always run down to 0 remaining bytes in the token. If not, we've got // a bad token. // if ( SPNEGO_E_SUCCESS == nReturn && nRemainingTokenLength != 0L ) { nReturn = SPNEGO_E_INVALID_TOKEN; } LOG(("InitSpnegoTokenElements returned %d\n",nReturn)); return nReturn;}///////////////////////////////////////////////////////////////////////////////// Function:// FindMechOIDInMechList//// Parameters:// [in] pSpnegoElement - SPNEGO_ELEMENT for MechList// [in] MechOID - OID we're looking for.// [out] piMechTypeIndex - Index in the list where OID was// found//// Returns:// int Success - SPNEGO_E_SUCCESS// Failure - SPNEGO API Error code//// Comments :// Walks the MechList for MechOID. When it is found, the index in the// list is written to piMechTypeIndex.//////////////////////////////////////////////////////////////////////////////⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -