Author: abartlet Date: 2006-11-04 06:43:11 +0000 (Sat, 04 Nov 2006) New Revision: 648
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=648 Log: Add functions to access subkeys. Andrew Bartlett Modified: trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h trunk/heimdal/lib/gssapi/mech/gss_krb5.c trunk/heimdal/lib/gssapi/test_context.c Changeset: Modified: trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h =================================================================== --- trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h 2006-11-03 23:58:56 UTC (rev 647) +++ trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h 2006-11-04 06:43:11 UTC (rev 648) @@ -137,7 +137,15 @@ OM_uint32 gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, gss_ctx_id_t context_handle, - struct EncryptionKey *out); + struct EncryptionKey **out); +OM_uint32 +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out); +OM_uint32 +gsskrb5_get_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + struct EncryptionKey **out); /* * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to Modified: trunk/heimdal/lib/gssapi/mech/gss_krb5.c =================================================================== --- trunk/heimdal/lib/gssapi/mech/gss_krb5.c 2006-11-03 23:58:56 UTC (rev 647) +++ trunk/heimdal/lib/gssapi/mech/gss_krb5.c 2006-11-04 06:43:11 UTC (rev 648) @@ -27,6 +27,7 @@ */ #include "mech_locl.h" +#include "krb5/gsskrb5_locl.h" RCSID("$Id: gss_krb5.c,v 1.13 2006/10/20 22:05:02 lha Exp $"); #include <krb5.h> @@ -581,10 +582,11 @@ return GSS_S_COMPLETE; } -OM_uint32 -gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_keyblock *keyblock) +static OM_uint32 +gsskrb5_extract_key(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + const gss_OID oid, + krb5_keyblock **keyblock) { krb5_error_code ret; gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; @@ -596,10 +598,14 @@ return GSS_S_FAILURE; } + ret = _gsskrb5_init(); + if(ret) + return GSS_S_FAILURE; + major_status = gss_inquire_sec_context_by_oid (minor_status, context_handle, - GSS_KRB5_GET_SERVICE_KEYBLOCK_X, + oid, &data_set); if (major_status) return major_status; @@ -617,13 +623,22 @@ goto out; } - ret = krb5_ret_keyblock(sp, keyblock); + *keyblock = calloc(1, sizeof(**keyblock)); + if (keyblock == NULL) { + ret = ENOMEM; + goto out; + } + ret = krb5_ret_keyblock(sp, *keyblock); + out: - gss_release_buffer_set(minor_status, &data_set); + gss_release_buffer_set(minor_status, &data_set); if (sp) krb5_storage_free(sp); if (ret) { + if (keyblock) { + krb5_free_keyblock(_gsskrb5_context, *keyblock); + } *minor_status = ret; return GSS_S_FAILURE; @@ -632,3 +647,35 @@ return GSS_S_COMPLETE; } +OM_uint32 +gsskrb5_extract_service_keyblock(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_SERVICE_KEYBLOCK_X, + keyblock); +} + +OM_uint32 +gsskrb5_get_initiator_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_INITIATOR_SUBKEY_X, + keyblock); +} + +OM_uint32 +gsskrb5_get_subkey(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_keyblock **keyblock) +{ + return gsskrb5_extract_key(minor_status, + context_handle, + GSS_KRB5_GET_ACCEPTOR_SUBKEY_X, + keyblock); +} Modified: trunk/heimdal/lib/gssapi/test_context.c =================================================================== --- trunk/heimdal/lib/gssapi/test_context.c 2006-11-03 23:58:56 UTC (rev 647) +++ trunk/heimdal/lib/gssapi/test_context.c 2006-11-04 06:43:11 UTC (rev 648) @@ -232,7 +232,7 @@ if (gss_oid_equal(mechoid, GSS_KRB5_MECHANISM)) { time_t time; gss_buffer_desc authz_data; - krb5_keyblock keyblock; + krb5_keyblock *keyblock; /* client */ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &cctx, @@ -275,8 +275,26 @@ errx(1, "gss_krb5_export_service_keyblock failed: %s", gssapi_err(maj_stat, min_stat, mechoid)); - krb5_free_keyblock_contents(_gsskrb5_context, &keyblock); + krb5_free_keyblock(_gsskrb5_context, keyblock); + maj_stat = gsskrb5_get_subkey(&min_stat, + sctx, + &keyblock); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_krb5_get_subkey failed: %s", + gssapi_err(maj_stat, min_stat, mechoid)); + + krb5_free_keyblock(_gsskrb5_context, keyblock); + + maj_stat = gsskrb5_get_initiator_subkey(&min_stat, + sctx, + &keyblock); + if (maj_stat != GSS_S_COMPLETE) + errx(1, "gss_krb5_get_initiator_subkey failed: %s", + gssapi_err(maj_stat, min_stat, mechoid)); + + krb5_free_keyblock(_gsskrb5_context, keyblock); + maj_stat = gsskrb5_extract_authz_data_from_sec_context(&min_stat, sctx, 128,