📄 kerb_w2k.c

📁 广泛使用的邮件服务器！同时
💻 C
📖 第 1 页 / 共 2 页
字号:
上一页 12
					      *context_handle,&obufs,					      ret_flags ? ret_flags : &i,					      &expiry);  }				/* return output */  output_token->value = obuf[0].pvBuffer;  output_token->length = obuf[0].cbBuffer;				/* in case client wanted lifetime returned */  if (time_rec) *time_rec = expiry.LowPart;  return major_status;}/* GSSAPI display status text * Accepts: pointer to return minor status *	    status to display *	    status type *	    message context for continuation *	    buffer to write status string * Returns: major status, always */OM_uint32 gss_display_status (OM_uint32 *minor_status,OM_uint32 status_value,			      int status_type,gss_OID mech_type,			      OM_uint32 *message_context,			      gss_buffer_t status_string){  char *s,tmp[MAILTMPLEN];  *minor_status = 0;		/* never any minor status */  if (*message_context) return GSS_S_FAILURE;  switch (status_type) {	/* what type of status code? */  case GSS_C_GSS_CODE:		/* major_status */    switch (status_value) {	/* analyze status value */    case GSS_S_FAILURE:      s = "Unspecified failure"; break;    case GSS_S_CREDENTIALS_EXPIRED:      s = "Credentials expired"; break;    case GSS_S_BAD_BINDINGS:      s = "Bad bindings"; break;    case GSS_S_BAD_MECH:      s = "Bad mechanism type"; break;    case GSS_S_BAD_NAME:      s = "Bad name"; break;    case GSS_S_BAD_NAMETYPE:      s = "Bad name type"; break;    case GSS_S_BAD_STATUS:      s = "Bad status"; break;    case GSS_S_NO_CONTEXT:      s = "Invalid context handle"; break;    case GSS_S_NO_CRED:      s = "Unable to authenticate to Kerberos service";      mail_parameters (NIL,DISABLE_AUTHENTICATOR,"GSSAPI");      break;    case SEC_E_NO_AUTHENTICATING_AUTHORITY:      s = "No authenticating authority"; break;    case SEC_E_TARGET_UNKNOWN:      s = "Destination server unknown to Kerberos service"; break;    default:      sprintf (s = tmp,"SSPI code %lx",status_value);    }    break;  case GSS_C_MECH_CODE:		/* minor status - drop into default */  default:    return GSS_S_BAD_STATUS;	/* bad status type */  }				/* return status string */  status_string->length = strlen (status_string->value = cpystr (s));  return GSS_S_COMPLETE;}/* GSSAPI delete security context * Accepts: pointer to return minor status *	    context to delete *	    output context token * Returns: major status, always */OM_uint32 gss_delete_sec_context (OM_uint32 *minor_status,				  gss_ctx_id_t *context_handle,				  gss_buffer_t output_token){  OM_uint32 major_status;  *minor_status = 0;		/* never any minor status */				/* output token not supported */  major_status = output_token ? GSS_S_FAILURE :    DeleteSecurityContext (*context_handle);  fs_give ((void **) context_handle);  return major_status;}/* GSSAPI release buffer * Accepts: pointer to return minor status *	    buffer to release * Returns: GSS_S_COMPLETE, always */OM_uint32 gss_release_buffer (OM_uint32 *minor_status,gss_buffer_t buffer){  *minor_status = 0;		/* never any minor status */  fs_give (&buffer->value);  return GSS_S_COMPLETE;}/* GSSAPI release name * Accepts: pointer to return minor status *	    pointer to name to release * Returns: GSS_S_COMPLETE, always */OM_uint32 gss_release_name (OM_uint32 *minor_status,gss_name_t *input_name){  *minor_status = 0;		/* never any minor status */  fs_give (input_name);  return GSS_S_COMPLETE;}/* GSSAPI wrap data * Accepts: pointer to return minor status *	    context handle *	    requested confidentiality *	    requested quality of protection *	    input message buffer *	    pointer to return confidentiality state *	    output message buffer * Returns: major status, always */OM_uint32 gss_wrap (OM_uint32 *minor_status,gss_ctx_id_t context_handle,		    int conf_req_flag,gss_qop_t qop_req,		    gss_buffer_t input_message_buffer,int *conf_state,		    gss_buffer_t output_message_buffer){  OM_uint32 major_status;  SecBuffer buf[3];  SecBufferDesc bufs;  SecPkgContext_Sizes sizes;  *minor_status = NIL;		/* never any minor status */  *conf_state = conf_req_flag;	/* same as requested */  if ((major_status =		/* get trailer and padding sizes */       QueryContextAttributes (context_handle,SECPKG_ATTR_SIZES,&sizes)) ==      SEC_E_OK) {				/* create big enough output buffer */    output_message_buffer->value =      fs_get (sizes.cbSecurityTrailer + input_message_buffer->length +	      sizes.cbBlockSize);    /* MSDN claims that for EncryptMessage() in Kerberos, you need an     * uninitialized SECBUFFER_STREAM_HEADER; a SECBUFFER_DATA that "contains     * the message to be encrypted.  The message is encrypted in place,     * overwriting the original contents of its buffer"; an uninitialized     * SECBUFFER_STREAM_TRAILER, and an uninitialized SECBUFFER_EMPTY.  I've     * never been able to get it to work that way.     */    bufs.cBuffers = 3;		/* set up buffer descriptor */    bufs.pBuffers = buf;    bufs.ulVersion = SECBUFFER_VERSION;    buf[0].BufferType = SECBUFFER_TOKEN;    buf[0].pvBuffer = output_message_buffer->value;    buf[0].cbBuffer = sizes.cbSecurityTrailer;				/* I/O buffer */    buf[1].BufferType = SECBUFFER_DATA;    buf[1].pvBuffer = ((char *) buf[0].pvBuffer) + buf[0].cbBuffer;    buf[1].cbBuffer = input_message_buffer->length;    memcpy (buf[1].pvBuffer,input_message_buffer->value,buf[1].cbBuffer);    buf[2].BufferType = SECBUFFER_PADDING;    buf[2].pvBuffer = ((char *) buf[1].pvBuffer) + buf[1].cbBuffer;    buf[2].cbBuffer = sizes.cbBlockSize;    if ((major_status = EncryptMessage (context_handle,qop_req,&bufs,0)) ==	GSS_S_COMPLETE) {				/* slide data as necessary (how annoying!) */      unsigned long i = sizes.cbSecurityTrailer - buf[0].cbBuffer;      if (i) buf[1].pvBuffer =	       memmove (((char *) buf[0].pvBuffer) + buf[0].cbBuffer,			buf[1].pvBuffer,buf[1].cbBuffer);      if (i += (input_message_buffer->length - buf[1].cbBuffer))	buf[1].pvBuffer = memmove (((char *)buf[1].pvBuffer) + buf[1].cbBuffer,		   buf[2].pvBuffer,buf[2].cbBuffer);      output_message_buffer->length = buf[0].cbBuffer + buf[1].cbBuffer +	buf[2].cbBuffer;    }    else fs_give (&output_message_buffer->value);  }  return major_status;		/* return status */}/* GSSAPI unwrap data * Accepts: pointer to return minor status *	    context handle *	    input message buffer *	    output message buffer *	    pointer to return confidentiality state *	    pointer to return quality of protection * Returns: major status, always */OM_uint32 gss_unwrap (OM_uint32 *minor_status,gss_ctx_id_t context_handle,		      gss_buffer_t input_message_buffer,		      gss_buffer_t output_message_buffer,int *conf_state,		      gss_qop_t *qop_state){  OM_uint32 major_status;  SecBuffer buf[2];  SecBufferDesc bufs;  *minor_status = NIL;		/* never any minor status */  *conf_state = NIL;		/* or confidentiality state */  /* MSDN implies that all that is needed for DecryptMessage() in Kerberos   * is a single SECBUFFER_DATA which "contains the encrypted message.  The   * encrypted message is decrypted in place, overwriting the original   * contents of its buffer."  I've never been able to get it to work without   * using a SECBUFFER_STREAM for input and an uninitialized SECBUFFER_DATA   * for output.   * It *does* overwrite the input buffer, but not at the same point; e.g.   * with an input pointer of 0xa140a8 and size of 53, the output ends up   * at 0xa140d5 and size of 4.   */  bufs.cBuffers = 2;		/* set up buffer descriptor */  bufs.pBuffers = buf;  bufs.ulVersion = SECBUFFER_VERSION;				/* input buffer */  buf[0].BufferType = SECBUFFER_STREAM;  buf[0].pvBuffer = input_message_buffer->value;  buf[0].cbBuffer = input_message_buffer->length;				/* output buffer */  buf[1].BufferType = SECBUFFER_DATA;  buf[1].pvBuffer = NIL;  buf[1].cbBuffer = 0;				/* decrypt and copy to output buffer */  if ((major_status = DecryptMessage (context_handle,&bufs,0,qop_state)) ==      SEC_E_OK)   memcpy (output_message_buffer->value = fs_get (buf[1].cbBuffer),	   buf[1].pvBuffer,output_message_buffer->length = buf[1].cbBuffer);  return major_status;		/* return status */}/* From here on are server-only functions, currently unused *//* GSSAPI acquire credentials * Accepts: pointer to return minor status *	    desired principal *	    desired lifetime *	    desired mechanisms *	    credentials usage *	    pointer to return credentials handle *	    pointer to return mechanisms *	    pointer to return lifetime * Returns: GSS_S_FAILURE, always */OM_uint32 gss_acquire_cred (OM_uint32 *minor_status,gss_name_t desired_name,			    OM_uint32 time_req,gss_OID_set desired_mechs,			    gss_cred_usage_t cred_usage,			    gss_cred_id_t *output_cred_handle,			    gss_OID_set *actual_mechs,OM_uint32 *time_rec){  *minor_status = 0;		/* never any minor status */  return GSS_S_FAILURE;		/* server only */}/* GSSAPI release credentials * Accepts: pointer to return minor status *	    credentials handle to free * Returns: GSS_S_COMPLETE, always */OM_uint32 gss_release_cred (OM_uint32 *minor_status,gss_cred_id_t *cred_handle){  *minor_status = 0;		/* never any minor status */  return GSS_S_FAILURE;		/* server only */}/* GSSAPI Accept security context * Accepts: pointer to return minor status *	    context *	    acceptor credentials *	    input token buffer *	    input channel bindings *	    pointer to return source name *	    pointer to return mechanism type *	    buffer to return output token *	    pointer to return flags *	    pointer to return context lifetime *	    pointer to return delegated credentials * Returns: GSS_S_FAILURE, always */OM_uint32 gss_accept_sec_context (OM_uint32 *minor_status,				  gss_ctx_id_t *context_handle,				  gss_cred_id_t acceptor_cred_handle,				  gss_buffer_t input_token_buffer,				  gss_channel_bindings_t input_chan_bindings,				  gss_name_t *src_name,gss_OID *mech_type,				  gss_buffer_t output_token,				  OM_uint32 *ret_flags,OM_uint32 *time_rec,				  gss_cred_id_t *delegated_cred_handle){  *minor_status = 0;		/* never any minor status */  return GSS_S_FAILURE;		/* server only */}/* GSSAPI return printable name * Accepts: pointer to return minor status *	    internal name *	    buffer to return output name *	    output name type * Returns: GSS_S_FAILURE, always */OM_uint32 gss_display_name (OM_uint32 *minor_status,gss_name_t input_name,			    gss_buffer_t output_name_buffer,			    gss_OID *output_name_type){  *minor_status = 0;		/* never any minor status */  return GSS_S_FAILURE;		/* server only */}/* Kerberos server valid check * Returns: T if have keytab, NIL otherwise */long kerberos_server_valid (){  return NIL;}/* Kerberos check for missing or expired credentials * Returns: T if should suggest running kinit, NIL otherwise */long kerberos_try_kinit (OM_uint32 error){  return NIL;}/* Kerberos server log in * Accepts: authorization ID as user name *	    authentication ID as Kerberos principal *	    argument count *	    argument vector * Returns: logged in user name if logged in, NIL otherwise */char *kerberos_login (char *user,char *authuser,int argc,char *argv[]){  return NIL;}
上一页 12
💿 文件大小 1945 K
👤 上传用户 anniesprite
📂 所属分类 Linux/Unix编程
🏷️ 相关标签

#服务器
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -