diff options
author | Eduardo Chappa <echappa@gmx.com> | 2013-02-03 00:59:38 -0700 |
---|---|---|
committer | Eduardo Chappa <echappa@gmx.com> | 2013-02-03 00:59:38 -0700 |
commit | 094ca96844842928810f14844413109fc6cdd890 (patch) | |
tree | e60efbb980f38ba9308ccb4fb2b77b87bbc115f3 /imap/src/osdep/nt/kerb_w2k.c | |
download | alpine-094ca96844842928810f14844413109fc6cdd890.tar.xz |
Initial Alpine Version
Diffstat (limited to 'imap/src/osdep/nt/kerb_w2k.c')
-rw-r--r-- | imap/src/osdep/nt/kerb_w2k.c | 699 |
1 files changed, 699 insertions, 0 deletions
diff --git a/imap/src/osdep/nt/kerb_w2k.c b/imap/src/osdep/nt/kerb_w2k.c new file mode 100644 index 00000000..38d0ce30 --- /dev/null +++ b/imap/src/osdep/nt/kerb_w2k.c @@ -0,0 +1,699 @@ +/* ======================================================================== + * Copyright 1988-2006 University of Washington + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * + * ======================================================================== + */ + +/* + * Program: GSSAPI Kerberos Shim 5 for Windows 2000/XP IMAP Toolkit + * + * Author: Mark Crispin + * Networks and Distributed Computing + * Computing & Communications + * University of Washington + * Administration Building, AG-44 + * Seattle, WA 98195 + * Internet: MRC@CAC.Washington.EDU + * + * Date: 6 March 2000 + * Last Edited: 30 August 2006 + */ + +/* The purpose of this module is to be a shim, so that the auth_gss.c module + * (written for MIT Kerberos) will compile, link, and run with SSPI Kerberos + * on Windows 2000 systems. + * There is no attempt whatsoever to make this be a complete implementation + * of GSSAPI. A number of shortcuts were taken that a real GSSAPI + * implementation for SSPI can't do. + * Nor is there any attempt to make the types identical with MIT Kerberos; + * you can't link this library with object files compiled with the MIT + * Kerberos .h files. + */ + + +/* GSSAPI generic definitions */ + + +#define SECURITY_WIN32 +#include <security.h> + + +/* GSSAPI types for which we use SSPI equivalent types */ + +typedef ULONG OM_uint32; +typedef PCredHandle gss_cred_id_t; +typedef ULONG gss_cred_usage_t; +typedef PCtxtHandle gss_ctx_id_t; +typedef SEC_CHAR * gss_name_t; +typedef ULONG gss_qop_t; + + +/* Major status codes */ + +#define GSS_S_COMPLETE SEC_E_OK +#define GSS_S_BAD_MECH SEC_E_SECPKG_NOT_FOUND +#define GSS_S_CONTINUE_NEEDED SEC_I_CONTINUE_NEEDED +#define GSS_S_CREDENTIALS_EXPIRED SEC_E_CERT_EXPIRED +#define GSS_S_FAILURE SEC_E_INTERNAL_ERROR +#define GSS_S_NO_CRED SEC_E_NO_CREDENTIALS +#define GSS_S_NO_CONTEXT SEC_E_INVALID_HANDLE + + +/* Flag bits for context-level services */ + +#define GSS_C_DELEG_FLAG ISC_REQ_DELEGATE +#define GSS_C_MUTUAL_FLAG ISC_REQ_MUTUAL_AUTH +#define GSS_C_REPLAY_FLAG ISC_REQ_REPLAY_DETECT +#define GSS_C_SEQUENCE_FLAG ISC_REQ_SEQUENCE_DETECT +#define GSS_C_CONF_FLAG ISC_REQ_CONFIDENTIALITY +#define GSS_C_INTEG_FLAG ISC_REQ_INTEGRITY + + +/* Credential usage options */ + +#define GSS_C_BOTH SECPKG_CRED_BOTH +#define GSS_C_INITIATE SECPKG_CRED_OUTBOUND +#define GSS_C_ACCEPT SECPKG_CRED_INBOUND + + +/* Major status codes defined by shim */ + +#define GSS_S_BAD_BINDINGS 100 +#define GSS_S_BAD_NAME 101 +#define GSS_S_BAD_NAMETYPE 102 +#define GSS_S_BAD_STATUS 103 + +/* GSSAPI types as used in GSSAPI */ + + +/* Buffer */ + +typedef struct gss_buffer_desc_struct { + size_t length; + void *value; +} gss_buffer_desc,*gss_buffer_t; + + +/* Object identifier */ + +typedef struct gss_OID_desc_struct { + OM_uint32 length; + void *elements; +} gss_OID_desc,*gss_OID; + +typedef struct gss_OID_set_desc_struct { + size_t count; + gss_OID elements; +} gss_OID_set_desc,*gss_OID_set; + + +/* Unused, but needed in prototypes */ + +typedef void * gss_channel_bindings_t; + + +/* Default constants */ + +#define GSS_C_EMPTY_BUFFER {0,NIL} +#define GSS_C_NO_BUFFER ((gss_buffer_t) NIL) +#define GSS_C_NO_OID ((gss_OID) NIL) +#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) NIL) +#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) NIL) +#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) NIL) +#define GSS_C_QOP_DEFAULT NIL + + +/* Status code types for gss_display_status */ + +#define GSS_C_GSS_CODE 1 +#define GSS_C_MECH_CODE 2 + + +/* GSSAPI constants */ + +const gss_OID gss_nt_service_name; +#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name +const gss_OID gss_mech_krb5; +const gss_OID_set gss_mech_set_krb5; + +/* GSSAPI prototypes */ + + +OM_uint32 gss_accept_sec_context (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_cred_id_t acceptor_cred_handle, + gss_buffer_t input_token_buffer, + gss_channel_bindings_t input_chan_bindings, + gss_name_t *src_name,gss_OID *mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags,OM_uint32 *time_rec, + gss_cred_id_t *delegated_cred_handle); +OM_uint32 gss_acquire_cred (OM_uint32 *minor_status,gss_name_t desired_name, + OM_uint32 time_req,gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs,OM_uint32 *time_rec); +OM_uint32 gss_delete_sec_context (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t output_token); +OM_uint32 gss_display_name (OM_uint32 *minor_status,gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID *output_name_type); +OM_uint32 gss_display_status (OM_uint32 *minor_status,OM_uint32 status_value, + int status_type,gss_OID mech_type, + OM_uint32 *message_context, + gss_buffer_t status_string); +OM_uint32 gss_import_name (OM_uint32 *minor_status, + gss_buffer_t input_name_buffer, + gss_OID input_name_type,gss_name_t *output_name); +OM_uint32 gss_init_sec_context (OM_uint32 *minor_status, + gss_cred_id_t claimant_cred_handle, + gss_ctx_id_t *context_handle, + gss_name_t target_name,gss_OID mech_type, + OM_uint32 req_flags,OM_uint32 time_req, + gss_channel_bindings_t input_chan_bindings, + gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token,OM_uint32 *ret_flags, + OM_uint32 *time_rec); +OM_uint32 gss_release_buffer (OM_uint32 *minor_status,gss_buffer_t buffer); +OM_uint32 gss_release_cred (OM_uint32 *minor_status,gss_cred_id_t *cred_handle); +OM_uint32 gss_release_name (OM_uint32 *minor_status,gss_name_t *input_name); +OM_uint32 gss_wrap (OM_uint32 *minor_status,gss_ctx_id_t context_handle, + int conf_req_flag,gss_qop_t qop_req, + gss_buffer_t input_message_buffer,int *conf_state, + gss_buffer_t output_message_buffer); +OM_uint32 gss_unwrap (OM_uint32 *minor_status,gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer,int *conf_state, + gss_qop_t *qop_state); + +/* Kerberos definitions */ + +long kerberos_server_valid (void); +long kerberos_try_kinit (OM_uint32 error); +char *kerberos_login (char *user,char *authuser,int argc,char *argv[]); + + +#define STRING WINSTRING /* conflict with mail.h */ +#include <NTSecAPI.h> + +/* GSSAPI build-in object identifiers */ + +static gss_OID_desc oids[] = { /* stupid C language makes this necessary */ + {10,"\052\206\110\206\367\022\001\002\001\004"}, + {9,"\052\206\110\206\367\022\001\002\002"} +}; + + /* stupid C language ditto */ +static gss_OID_set_desc oidsets[] = { + {1,(gss_OID) oids+1} +}; + + /* these are the real OIDs */ +const gss_OID gss_nt_service_name = oids+0; +const gss_OID gss_mech_krb5 = oids+1; +const gss_OID_set gss_mech_set_krb5 = oidsets+0; + + +/* Other globals */ + + /* substitute for GSS_C_NO_CREDENTIAL */ +static gss_cred_id_t gss_default_cred = NIL; + +/* GSSAPI import name (convert to full service principal name) + * Accepts: pointer to return minor status + * buffer containining input name + * type of input name + * pointer to return output internal name + * Returns: major status, always + */ + +OM_uint32 gss_import_name (OM_uint32 *minor_status, + gss_buffer_t input_name_buffer, + gss_OID input_name_type,gss_name_t *output_name) +{ + OM_uint32 major_status = GSS_S_COMPLETE; + TimeStamp expiry; + static CredHandle gss_cred; + char *s,tmp[MAILTMPLEN]; + *minor_status = 0; /* never any minor status */ + if (!gss_default_cred) { /* default credentials set up yet? */ + if (AcquireCredentialsHandle/* no, acquire them now */ + (NIL,MICROSOFT_KERBEROS_NAME_A,SECPKG_CRED_OUTBOUND,NIL,NIL,NIL,NIL, + &gss_cred,&expiry) != SEC_E_OK) return GSS_S_FAILURE; + /* have default credentials now */ + gss_default_cred = &gss_cred; + } + /* must be the gss_nt_service_name format */ + if (input_name_type != gss_nt_service_name) + major_status = GSS_S_BAD_NAMETYPE; + /* name must be of sane length */ + else if (input_name_buffer->length > (MAILTMPLEN/2)) + major_status = GSS_S_BAD_NAME; + else { /* copy name */ + memcpy (tmp,input_name_buffer->value,input_name_buffer->length); + tmp[input_name_buffer->length] = '\0'; + if (s = strchr (tmp,'@')) { /* find service/host/delimiter */ + *s = '/'; /* convert to full service principal name */ + *output_name = cpystr (tmp); + } + else major_status = GSS_S_BAD_NAME; + } + return major_status; +} + +/* GSSAPI Initialize security context + * Accepts: pointer to return minor status + * claimant credential handle + * context (NIL means "none assigned yet") + * desired principal + * desired mechanisms + * required context attributes + * desired lifetime + * input channel bindings + * input token buffer + * pointer to return mechanism type + * buffer to return output token + * pointer to return flags + * pointer to return context lifetime + * Returns: major status, always + */ + +OM_uint32 gss_init_sec_context (OM_uint32 *minor_status, + gss_cred_id_t claimant_cred_handle, + gss_ctx_id_t *context_handle, + gss_name_t target_name,gss_OID mech_type, + OM_uint32 req_flags,OM_uint32 time_req, + gss_channel_bindings_t input_chan_bindings, + gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token,OM_uint32 *ret_flags, + OM_uint32 *time_rec) +{ + OM_uint32 i; + OM_uint32 major_status; + TimeStamp expiry; + SecBuffer ibuf[1],obuf[1]; + SecBufferDesc ibufs,obufs; + *minor_status = 0; /* never any minor status */ + /* error if non-default time requested */ + if (time_req) return GSS_S_FAILURE; + if (mech_type && memcmp (mech_type,gss_mech_krb5,sizeof (gss_OID))) + return GSS_S_BAD_MECH; + /* ditto if any channel bindings */ + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) + return GSS_S_BAD_BINDINGS; + + /* apply default credential if necessary */ + if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) + claimant_cred_handle = gss_default_cred; + /* create output buffer storage as needed */ + req_flags |= ISC_REQ_ALLOCATE_MEMORY; + /* make output buffer */ + obuf[0].BufferType = SECBUFFER_TOKEN; + obuf[0].cbBuffer = 0; obuf[0].pvBuffer = NIL; + /* output buffer descriptor */ + obufs.ulVersion = SECBUFFER_VERSION; + obufs.cBuffers = 1; + obufs.pBuffers = obuf; + /* first time caller? */ + if (*context_handle == GSS_C_NO_CONTEXT) { + /* yes, set up output context handle */ + PCtxtHandle ctx = (PCtxtHandle) fs_get (sizeof (CtxtHandle)); + major_status = InitializeSecurityContext (claimant_cred_handle,NIL, + target_name,req_flags,0, + SECURITY_NETWORK_DREP,NIL,0,ctx, + &obufs, + ret_flags ? ret_flags : &i, + &expiry); + *context_handle = ctx; /* return updated context */ + } + else { /* no, make SSPI buffer from GSSAPI buffer */ + ibuf[0].BufferType = obuf[0].BufferType = SECBUFFER_TOKEN; + ibuf[0].cbBuffer = input_token->length; + ibuf[0].pvBuffer = input_token->value; + /* input buffer descriptor */ + ibufs.ulVersion = SECBUFFER_VERSION; + ibufs.cBuffers = 1; + ibufs.pBuffers = ibuf; + major_status = InitializeSecurityContext (claimant_cred_handle, + *context_handle,target_name, + req_flags,0, + SECURITY_NETWORK_DREP,&ibufs,0, + *context_handle,&obufs, + ret_flags ? ret_flags : &i, + &expiry); + } + /* return output */ + output_token->value = obuf[0].pvBuffer; + output_token->length = obuf[0].cbBuffer; + /* in case client wanted lifetime returned */ + if (time_rec) *time_rec = expiry.LowPart; + return major_status; +} + +/* GSSAPI display status text + * Accepts: pointer to return minor status + * status to display + * status type + * message context for continuation + * buffer to write status string + * Returns: major status, always + */ + +OM_uint32 gss_display_status (OM_uint32 *minor_status,OM_uint32 status_value, + int status_type,gss_OID mech_type, + OM_uint32 *message_context, + gss_buffer_t status_string) +{ + char *s,tmp[MAILTMPLEN]; + *minor_status = 0; /* never any minor status */ + if (*message_context) return GSS_S_FAILURE; + switch (status_type) { /* what type of status code? */ + case GSS_C_GSS_CODE: /* major_status */ + switch (status_value) { /* analyze status value */ + case GSS_S_FAILURE: + s = "Unspecified failure"; break; + case GSS_S_CREDENTIALS_EXPIRED: + s = "Credentials expired"; break; + case GSS_S_BAD_BINDINGS: + s = "Bad bindings"; break; + case GSS_S_BAD_MECH: + s = "Bad mechanism type"; break; + case GSS_S_BAD_NAME: + s = "Bad name"; break; + case GSS_S_BAD_NAMETYPE: + s = "Bad name type"; break; + case GSS_S_BAD_STATUS: + s = "Bad status"; break; + case GSS_S_NO_CONTEXT: + s = "Invalid context handle"; break; + case GSS_S_NO_CRED: + s = "Unable to authenticate to Kerberos service"; + mail_parameters (NIL,DISABLE_AUTHENTICATOR,"GSSAPI"); + break; + case SEC_E_NO_AUTHENTICATING_AUTHORITY: + s = "No authenticating authority"; break; + case SEC_E_TARGET_UNKNOWN: + s = "Destination server unknown to Kerberos service"; break; + default: + sprintf (s = tmp,"SSPI code %lx",status_value); + } + break; + case GSS_C_MECH_CODE: /* minor status - drop into default */ + default: + return GSS_S_BAD_STATUS; /* bad status type */ + } + /* return status string */ + status_string->length = strlen (status_string->value = cpystr (s)); + return GSS_S_COMPLETE; +} + +/* GSSAPI delete security context + * Accepts: pointer to return minor status + * context to delete + * output context token + * Returns: major status, always + */ + +OM_uint32 gss_delete_sec_context (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t output_token) +{ + OM_uint32 major_status; + *minor_status = 0; /* never any minor status */ + /* output token not supported */ + major_status = output_token ? GSS_S_FAILURE : + DeleteSecurityContext (*context_handle); + fs_give ((void **) context_handle); + return major_status; +} + + +/* GSSAPI release buffer + * Accepts: pointer to return minor status + * buffer to release + * Returns: GSS_S_COMPLETE, always + */ + +OM_uint32 gss_release_buffer (OM_uint32 *minor_status,gss_buffer_t buffer) +{ + *minor_status = 0; /* never any minor status */ + fs_give (&buffer->value); + return GSS_S_COMPLETE; +} + + +/* GSSAPI release name + * Accepts: pointer to return minor status + * pointer to name to release + * Returns: GSS_S_COMPLETE, always + */ + +OM_uint32 gss_release_name (OM_uint32 *minor_status,gss_name_t *input_name) +{ + *minor_status = 0; /* never any minor status */ + fs_give (input_name); + return GSS_S_COMPLETE; +} + +/* GSSAPI wrap data + * Accepts: pointer to return minor status + * context handle + * requested confidentiality + * requested quality of protection + * input message buffer + * pointer to return confidentiality state + * output message buffer + * Returns: major status, always + */ + +OM_uint32 gss_wrap (OM_uint32 *minor_status,gss_ctx_id_t context_handle, + int conf_req_flag,gss_qop_t qop_req, + gss_buffer_t input_message_buffer,int *conf_state, + gss_buffer_t output_message_buffer) +{ + OM_uint32 major_status; + SecBuffer buf[3]; + SecBufferDesc bufs; + SecPkgContext_Sizes sizes; + *minor_status = NIL; /* never any minor status */ + *conf_state = conf_req_flag; /* same as requested */ + if ((major_status = /* get trailer and padding sizes */ + QueryContextAttributes (context_handle,SECPKG_ATTR_SIZES,&sizes)) == + SEC_E_OK) { + /* create big enough output buffer */ + output_message_buffer->value = + fs_get (sizes.cbSecurityTrailer + input_message_buffer->length + + sizes.cbBlockSize); + /* MSDN claims that for EncryptMessage() in Kerberos, you need an + * uninitialized SECBUFFER_STREAM_HEADER; a SECBUFFER_DATA that "contains + * the message to be encrypted. The message is encrypted in place, + * overwriting the original contents of its buffer"; an uninitialized + * SECBUFFER_STREAM_TRAILER, and an uninitialized SECBUFFER_EMPTY. I've + * never been able to get it to work that way. + */ + bufs.cBuffers = 3; /* set up buffer descriptor */ + bufs.pBuffers = buf; + bufs.ulVersion = SECBUFFER_VERSION; + buf[0].BufferType = SECBUFFER_TOKEN; + buf[0].pvBuffer = output_message_buffer->value; + buf[0].cbBuffer = sizes.cbSecurityTrailer; + /* I/O buffer */ + buf[1].BufferType = SECBUFFER_DATA; + buf[1].pvBuffer = ((char *) buf[0].pvBuffer) + buf[0].cbBuffer; + buf[1].cbBuffer = input_message_buffer->length; + memcpy (buf[1].pvBuffer,input_message_buffer->value,buf[1].cbBuffer); + buf[2].BufferType = SECBUFFER_PADDING; + buf[2].pvBuffer = ((char *) buf[1].pvBuffer) + buf[1].cbBuffer; + buf[2].cbBuffer = sizes.cbBlockSize; + if ((major_status = EncryptMessage (context_handle,qop_req,&bufs,0)) == + GSS_S_COMPLETE) { + /* slide data as necessary (how annoying!) */ + unsigned long i = sizes.cbSecurityTrailer - buf[0].cbBuffer; + if (i) buf[1].pvBuffer = + memmove (((char *) buf[0].pvBuffer) + buf[0].cbBuffer, + buf[1].pvBuffer,buf[1].cbBuffer); + if (i += (input_message_buffer->length - buf[1].cbBuffer)) + buf[1].pvBuffer = memmove (((char *)buf[1].pvBuffer) + buf[1].cbBuffer, + buf[2].pvBuffer,buf[2].cbBuffer); + output_message_buffer->length = buf[0].cbBuffer + buf[1].cbBuffer + + buf[2].cbBuffer; + } + else fs_give (&output_message_buffer->value); + } + return major_status; /* return status */ +} + +/* GSSAPI unwrap data + * Accepts: pointer to return minor status + * context handle + * input message buffer + * output message buffer + * pointer to return confidentiality state + * pointer to return quality of protection + * Returns: major status, always + */ + +OM_uint32 gss_unwrap (OM_uint32 *minor_status,gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer,int *conf_state, + gss_qop_t *qop_state) +{ + OM_uint32 major_status; + SecBuffer buf[2]; + SecBufferDesc bufs; + *minor_status = NIL; /* never any minor status */ + *conf_state = NIL; /* or confidentiality state */ + /* MSDN implies that all that is needed for DecryptMessage() in Kerberos + * is a single SECBUFFER_DATA which "contains the encrypted message. The + * encrypted message is decrypted in place, overwriting the original + * contents of its buffer." I've never been able to get it to work without + * using a SECBUFFER_STREAM for input and an uninitialized SECBUFFER_DATA + * for output. + * It *does* overwrite the input buffer, but not at the same point; e.g. + * with an input pointer of 0xa140a8 and size of 53, the output ends up + * at 0xa140d5 and size of 4. + */ + bufs.cBuffers = 2; /* set up buffer descriptor */ + bufs.pBuffers = buf; + bufs.ulVersion = SECBUFFER_VERSION; + /* input buffer */ + buf[0].BufferType = SECBUFFER_STREAM; + buf[0].pvBuffer = input_message_buffer->value; + buf[0].cbBuffer = input_message_buffer->length; + /* output buffer */ + buf[1].BufferType = SECBUFFER_DATA; + buf[1].pvBuffer = NIL; + buf[1].cbBuffer = 0; + /* decrypt and copy to output buffer */ + if ((major_status = DecryptMessage (context_handle,&bufs,0,qop_state)) == + SEC_E_OK) + memcpy (output_message_buffer->value = fs_get (buf[1].cbBuffer), + buf[1].pvBuffer,output_message_buffer->length = buf[1].cbBuffer); + return major_status; /* return status */ +} + +/* From here on are server-only functions, currently unused */ + + +/* GSSAPI acquire credentials + * Accepts: pointer to return minor status + * desired principal + * desired lifetime + * desired mechanisms + * credentials usage + * pointer to return credentials handle + * pointer to return mechanisms + * pointer to return lifetime + * Returns: GSS_S_FAILURE, always + */ + +OM_uint32 gss_acquire_cred (OM_uint32 *minor_status,gss_name_t desired_name, + OM_uint32 time_req,gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs,OM_uint32 *time_rec) +{ + *minor_status = 0; /* never any minor status */ + return GSS_S_FAILURE; /* server only */ +} + + +/* GSSAPI release credentials + * Accepts: pointer to return minor status + * credentials handle to free + * Returns: GSS_S_COMPLETE, always + */ + +OM_uint32 gss_release_cred (OM_uint32 *minor_status,gss_cred_id_t *cred_handle) +{ + *minor_status = 0; /* never any minor status */ + return GSS_S_FAILURE; /* server only */ +} + +/* GSSAPI Accept security context + * Accepts: pointer to return minor status + * context + * acceptor credentials + * input token buffer + * input channel bindings + * pointer to return source name + * pointer to return mechanism type + * buffer to return output token + * pointer to return flags + * pointer to return context lifetime + * pointer to return delegated credentials + * Returns: GSS_S_FAILURE, always + */ + +OM_uint32 gss_accept_sec_context (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_cred_id_t acceptor_cred_handle, + gss_buffer_t input_token_buffer, + gss_channel_bindings_t input_chan_bindings, + gss_name_t *src_name,gss_OID *mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags,OM_uint32 *time_rec, + gss_cred_id_t *delegated_cred_handle) +{ + *minor_status = 0; /* never any minor status */ + return GSS_S_FAILURE; /* server only */ +} + + +/* GSSAPI return printable name + * Accepts: pointer to return minor status + * internal name + * buffer to return output name + * output name type + * Returns: GSS_S_FAILURE, always + */ + +OM_uint32 gss_display_name (OM_uint32 *minor_status,gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID *output_name_type) +{ + *minor_status = 0; /* never any minor status */ + return GSS_S_FAILURE; /* server only */ +} + +/* Kerberos server valid check + * Returns: T if have keytab, NIL otherwise + */ + +long kerberos_server_valid () +{ + return NIL; +} + + +/* Kerberos check for missing or expired credentials + * Returns: T if should suggest running kinit, NIL otherwise + */ + +long kerberos_try_kinit (OM_uint32 error) +{ + return NIL; +} + +/* Kerberos server log in + * Accepts: authorization ID as user name + * authentication ID as Kerberos principal + * argument count + * argument vector + * Returns: logged in user name if logged in, NIL otherwise + */ + +char *kerberos_login (char *user,char *authuser,int argc,char *argv[]) +{ + return NIL; +} |