本文整理汇总了C++中gss_unwrap函数的典型用法代码示例。如果您正苦于以下问题:C++ gss_unwrap函数的具体用法?C++ gss_unwrap怎么用?C++ gss_unwrap使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了gss_unwrap函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: cssp_gss_unwrap
static RD_BOOL
cssp_gss_unwrap(gss_ctx_id_t * ctx, STREAM in, STREAM out)
{
OM_uint32 major_status;
OM_uint32 minor_status;
gss_qop_t qop_state;
gss_buffer_desc inbuf, outbuf;
int conf_state;
inbuf.value = in->data;
inbuf.length = s_length(in);
major_status = gss_unwrap(&minor_status, ctx, &inbuf, &outbuf, &conf_state, &qop_state);
if (major_status != GSS_S_COMPLETE)
{
cssp_gss_report_error(GSS_C_GSS_CODE, "Failed to decrypt message",
major_status, minor_status);
return False;
}
out->data = out->p = xmalloc(outbuf.length);
out->size = outbuf.length;
out_uint8p(out, outbuf.value, outbuf.length);
s_mark_end(out);
gss_release_buffer(&minor_status, &outbuf);
return True;
}
开发者ID:jeppeter,项目名称:vbox,代码行数:30,代码来源:cssp.c
示例2: gss_decode
static int
gss_decode(void *app_data, void *buf, int len, int level)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc input, output;
gss_qop_t qop_state;
int conf_state;
struct gss_data *d = app_data;
size_t ret_len;
input.length = len;
input.value = buf;
maj_stat = gss_unwrap (&min_stat,
d->context_hdl,
&input,
&output,
&conf_state,
&qop_state);
if(GSS_ERROR(maj_stat))
return -1;
memmove(buf, output.value, output.length);
ret_len = output.length;
gss_release_buffer(&min_stat, &output);
return ret_len;
}
开发者ID:wmene,项目名称:yafc-1.1.2,代码行数:25,代码来源:gssapi.c
示例3: unwrap
int Condor_Auth_X509 :: unwrap(char* data_in,
int length_in,
char*& data_out,
int& length_out)
{
OM_uint32 major_status;
OM_uint32 minor_status;
gss_buffer_desc input_token_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_t input_token = &input_token_desc;
gss_buffer_desc output_token_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_t output_token = &output_token_desc;
if (!isValid()) {
return FALSE;
}
input_token -> value = (void *)data_in;
input_token -> length = length_in;
major_status = gss_unwrap(&minor_status,
context_handle,
input_token,
output_token,
NULL,
NULL);
data_out = (char*)output_token -> value;
length_out = output_token -> length;
// return TRUE on success
return (major_status == GSS_S_COMPLETE);
}
开发者ID:funnelfiasco,项目名称:htcondor,代码行数:34,代码来源:condor_auth_x509.cpp
示例4: gss_unwrap
OM_uint32 GSSAPI_CALLCONV _gss_spnego_unwrap
(OM_uint32 * minor_status,
gss_const_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int * conf_state,
gss_qop_t * qop_state
)
{
gssspnego_ctx ctx;
*minor_status = 0;
if (context_handle == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
ctx = (gssspnego_ctx)context_handle;
if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) {
return GSS_S_NO_CONTEXT;
}
return gss_unwrap(minor_status,
ctx->negotiated_ctx_id,
input_message_buffer,
output_message_buffer,
conf_state,
qop_state);
}
开发者ID:InvLim,项目名称:heimdal,代码行数:30,代码来源:context_stubs.c
示例5: free
gss_client_response *authenticate_gss_client_unwrap(gss_client_state *state, const char *challenge) {
OM_uint32 maj_stat;
OM_uint32 min_stat;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
gss_client_response *response = NULL;
int ret = AUTH_GSS_CONTINUE;
// Always clear out the old response
if(state->response != NULL) {
free(state->response);
state->response = NULL;
}
// If there is a challenge (data from the server) we need to give it to GSS
if(challenge && *challenge) {
int len;
input_token.value = base64_decode(challenge, &len);
input_token.length = len;
}
// Do GSSAPI step
maj_stat = gss_unwrap(&min_stat,
state->context,
&input_token,
&output_token,
NULL,
NULL);
if(maj_stat != GSS_S_COMPLETE) {
response = gss_error(__func__, "gss_unwrap", maj_stat, min_stat);
response->return_code = AUTH_GSS_ERROR;
goto end;
} else {
ret = AUTH_GSS_COMPLETE;
}
// Grab the client response
if(output_token.length) {
state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);
gss_release_buffer(&min_stat, &output_token);
}
end:
if(output_token.value)
gss_release_buffer(&min_stat, &output_token);
if(input_token.value)
free(input_token.value);
if(response == NULL) {
response = calloc(1, sizeof(gss_client_response));
if(response == NULL) die1("Memory allocation failed");
response->return_code = ret;
}
// Return the response
return response;
}
开发者ID:RockyCal,项目名称:GetRead,代码行数:57,代码来源:kerberosgss.c
示例6: unwrap
static int unwrap(char *buf, int index, ei_x_buff *presult)
{
ei_x_buff result = *presult;
/*
{unwrap, {Idx, Input}} -> {ok, {conf_state, Output}}
*/
int arity;
gss_buffer_desc in;
gss_buffer_desc out;
long idx;
int conf_state;
OM_uint32 maj_stat, min_stat;
gss_qop_t qop;
memset(&in, 0, sizeof(in));
memset(&out, 0, sizeof(out));
EI(ei_decode_tuple_header(buf, &index, &arity));
EI(arity != 2);
EI(ei_decode_long(buf, &index, &idx));
EI(decode_gssapi_binary(buf, &index, &in));
if (idx < 0 || idx >= MAX_SESSIONS || !g_sessions[idx])
ENCODE_ERROR("bad_instance");
maj_stat = gss_unwrap(&min_stat, g_sessions[idx],
&in, &out, &conf_state, &qop);
if (!GSS_ERROR(maj_stat)) {
const char *conf_str = conf_state ? "true":"false";
EI(ei_x_encode_atom(&result, "ok") ||
ei_x_encode_tuple_header(&result, 2) ||
ei_x_encode_atom(&result, conf_str) ||
ei_x_encode_binary(&result, out.value, out.length)
);
} else {
EI(ei_x_encode_atom(&result, "error") || ei_x_encode_long(&result, maj_stat));
}
error:
if (in.value)
gss_release_buffer(&min_stat, &in);
if (out.value)
gss_release_buffer(&min_stat, &out);
*presult = result;
return 0;
}
开发者ID:GlenWalker,项目名称:egssapi,代码行数:56,代码来源:gssapi_drv.c
示例7: authenticate_gss_client_unwrap
int authenticate_gss_client_unwrap(gss_client_state *state, const char *challenge)
{
OM_uint32 maj_stat;
OM_uint32 min_stat;
gss_buffer_desc input_token = GSS_C_EMPTY_BUFFER;
gss_buffer_desc output_token = GSS_C_EMPTY_BUFFER;
int ret = AUTH_GSS_CONTINUE;
int conf = 0;
// Always clear out the old response
if (state->response != NULL)
{
free(state->response);
state->response = NULL;
state->responseConf = 0;
}
// If there is a challenge (data from the server) we need to give it to GSS
if (challenge && *challenge)
{
size_t len;
input_token.value = base64_decode(challenge, &len);
input_token.length = len;
}
// Do GSSAPI step
maj_stat = gss_unwrap(&min_stat,
state->context,
&input_token,
&output_token,
&conf,
NULL);
if (maj_stat != GSS_S_COMPLETE)
{
set_gss_error(maj_stat, min_stat);
ret = AUTH_GSS_ERROR;
goto end;
}
else
ret = AUTH_GSS_COMPLETE;
// Grab the client response
if (output_token.length)
{
state->response = base64_encode((const unsigned char *)output_token.value, output_token.length);
state->responseConf = conf;
maj_stat = gss_release_buffer(&min_stat, &output_token);
}
end:
if (output_token.value)
gss_release_buffer(&min_stat, &output_token);
if (input_token.value)
free(input_token.value);
return ret;
}
开发者ID:Stolb27,项目名称:pykerberos,代码行数:56,代码来源:kerberosgss.c
示例8: sapgss_unwrap
uint32_t
sapgss_unwrap(
uint32_t *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
gss_qop_t *qop_state)
{
return gss_unwrap(minor_status, context_handle, input_message_buffer,
output_message_buffer, conf_state, qop_state);
}
开发者ID:Aribaaa,项目名称:osxsnc,代码行数:12,代码来源:sncgss.c
示例9: _gsasl_gssapi_client_decode
int
_gsasl_gssapi_client_decode (Gsasl_session * sctx,
void *mech_data,
const char *input, size_t input_len,
char **output, size_t * output_len)
{
_Gsasl_gssapi_client_state *state = mech_data;
OM_uint32 min_stat, maj_stat;
gss_buffer_desc foo;
gss_buffer_t input_message_buffer = &foo;
gss_buffer_desc output_message_buffer;
foo.length = input_len;
foo.value = (void *) input;
if (state && state->step == 3 &&
state->qop & (GSASL_QOP_AUTH_INT | GSASL_QOP_AUTH_CONF))
{
maj_stat = gss_unwrap (&min_stat,
state->context,
input_message_buffer,
&output_message_buffer, NULL, NULL);
if (GSS_ERROR (maj_stat))
return GSASL_GSSAPI_UNWRAP_ERROR;
*output_len = output_message_buffer.length;
*output = malloc (input_len);
if (!*output)
{
maj_stat = gss_release_buffer (&min_stat, &output_message_buffer);
return GSASL_MALLOC_ERROR;
}
memcpy (*output, output_message_buffer.value,
output_message_buffer.length);
maj_stat = gss_release_buffer (&min_stat, &output_message_buffer);
if (GSS_ERROR (maj_stat))
{
free (*output);
return GSASL_GSSAPI_RELEASE_BUFFER_ERROR;
}
}
else
{
*output_len = input_len;
*output = malloc (input_len);
if (!*output)
return GSASL_MALLOC_ERROR;
memcpy (*output, input, input_len);
}
return GSASL_OK;
}
开发者ID:dezelin,项目名称:maily,代码行数:52,代码来源:client.c
示例10: gss_unseal
OM_uint32 GSSAPI_LIB_FUNCTION
gss_unseal(OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
int *qop_state)
{
return (gss_unwrap(minor_status,
context_handle, input_message_buffer,
output_message_buffer, conf_state, (gss_qop_t *)qop_state));
}
开发者ID:dariaphoebe,项目名称:heimdal,代码行数:13,代码来源:gss_unseal.c
示例11: HandleOP
static int
HandleOP(Unwrap)
{
OM_uint32 maj_stat, min_stat;
int32_t hContext, flags, seqno;
krb5_data token;
gss_ctx_id_t ctx;
gss_buffer_desc input_token, output_token;
int conf_state;
gss_qop_t qop_state;
ret32(c, hContext);
ret32(c, flags);
ret32(c, seqno);
retdata(c, token);
ctx = find_handle(c->handles, hContext, handle_context);
if (ctx == NULL)
errx(1, "unwrap: reference to unknown context");
input_token.length = token.length;
input_token.value = token.data;
maj_stat = gss_unwrap(&min_stat, ctx, &input_token,
&output_token, &conf_state, &qop_state);
if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_unwrap failed: %d/%d", maj_stat, min_stat);
krb5_data_free(&token);
if (maj_stat == GSS_S_COMPLETE) {
token.data = output_token.value;
token.length = output_token.length;
} else {
token.data = NULL;
token.length = 0;
}
put32(c, 0); /* XXX fix gsm_error */
putdata(c, token);
if (maj_stat == GSS_S_COMPLETE)
gss_release_buffer(&min_stat, &output_token);
return 0;
}
开发者ID:lha,项目名称:heimdal,代码行数:45,代码来源:gssmask.c
示例12: gssapi_unwraphash
vchar_t *
gssapi_unwraphash(struct ph1handle *iph1)
{
struct gssapi_ph1_state *gps;
OM_uint32 maj_stat, min_stat;
gss_buffer_desc hashbuf, hash_outbuf;
gss_buffer_t hash_in = &hashbuf, hash_out = &hash_outbuf;
vchar_t *outbuf;
gps = gssapi_get_state(iph1);
if (gps == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
"gssapi not yet initialized?\n");
return NULL;
}
hashbuf.length = ntohs(iph1->pl_hash->h.len) - sizeof(*iph1->pl_hash);
hashbuf.value = (char *)(iph1->pl_hash + 1);
plog(LLV_DEBUG, LOCATION, NULL, "unwrapping HASH of len %d\n",
hashbuf.length);
maj_stat = gss_unwrap(&min_stat, gps->gss_context, hash_in, hash_out,
NULL, NULL);
if (GSS_ERROR(maj_stat)) {
gssapi_error(min_stat, LOCATION, "unwrapping hash value\n");
return NULL;
}
if (gssapi_gss2vmbuf(hash_out, &outbuf) < 0) {
plog(LLV_ERROR, LOCATION, NULL, "gss2vmbuf failed\n");
maj_stat = gss_release_buffer(&min_stat, hash_out);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION,
"release hash_out buffer\n");
return NULL;
}
maj_stat = gss_release_buffer(&min_stat, hash_out);
if (GSS_ERROR(maj_stat))
gssapi_error(min_stat, LOCATION, "release hash_out buffer\n");
return outbuf;
}
开发者ID:antonywcl,项目名称:AR-5315u_PLD,代码行数:44,代码来源:gssapi.c
示例13: ntlm_gss_unwrap
OM_uint32
ntlm_gss_unwrap(
OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
gss_qop_t *qop_state)
{
OM_uint32 ret;
ret = gss_unwrap(minor_status,
context_handle,
input_message_buffer,
output_message_buffer,
conf_state,
qop_state);
return (ret);
}
开发者ID:vmware,项目名称:lightwave,代码行数:19,代码来源:ntlm_mech.c
示例14: gensec_gssapi_unwrap
static NTSTATUS gensec_gssapi_unwrap(struct gensec_security *gensec_security,
TALLOC_CTX *mem_ctx,
const DATA_BLOB *in,
DATA_BLOB *out)
{
struct gensec_gssapi_state *gensec_gssapi_state
= talloc_get_type(gensec_security->private_data, struct gensec_gssapi_state);
OM_uint32 maj_stat, min_stat;
gss_buffer_desc input_token, output_token;
int conf_state;
gss_qop_t qop_state;
input_token.length = in->length;
input_token.value = in->data;
if (gensec_gssapi_state->sasl) {
size_t max_wrapped_size = gensec_gssapi_max_wrapped_size(gensec_security);
if (max_wrapped_size < in->length) {
DEBUG(1, ("gensec_gssapi_unwrap: WRAPPED data is larger than SASL negotiated maximum size\n"));
return NT_STATUS_INVALID_PARAMETER;
}
}
maj_stat = gss_unwrap(&min_stat,
gensec_gssapi_state->gssapi_context,
&input_token,
&output_token,
&conf_state,
&qop_state);
if (GSS_ERROR(maj_stat)) {
DEBUG(1, ("gensec_gssapi_unwrap: GSS UnWrap failed: %s\n",
gssapi_error_string(mem_ctx, maj_stat, min_stat, gensec_gssapi_state->gss_oid)));
return NT_STATUS_ACCESS_DENIED;
}
*out = data_blob_talloc(mem_ctx, output_token.value, output_token.length);
gss_release_buffer(&min_stat, &output_token);
if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
&& !conf_state) {
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
}
开发者ID:samba-team,项目名称:samba,代码行数:43,代码来源:gensec_gssapi.c
示例15: ads_sasl_gssapi_unwrap
static ADS_STATUS ads_sasl_gssapi_unwrap(struct ads_saslwrap *wrap)
{
gss_ctx_id_t context_handle = (gss_ctx_id_t)wrap->wrap_private_data;
ADS_STATUS status;
int gss_rc;
uint32_t minor_status;
gss_buffer_desc unwrapped, wrapped;
int conf_state;
wrapped.value = wrap->in.buf + 4;
wrapped.length = wrap->in.ofs - 4;
gss_rc = gss_unwrap(&minor_status, context_handle,
&wrapped, &unwrapped,
&conf_state, GSS_C_QOP_DEFAULT);
status = ADS_ERROR_GSS(gss_rc, minor_status);
if (!ADS_ERR_OK(status)) return status;
if (wrap->wrap_type == ADS_SASLWRAP_TYPE_SEAL && conf_state == 0) {
return ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
}
if (wrapped.length < unwrapped.length) {
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
}
/* copy the wrapped blob to the right location */
memcpy(wrap->in.buf + 4, unwrapped.value, unwrapped.length);
/* set how many bytes must be written to the underlying socket */
wrap->in.left = unwrapped.length;
wrap->in.ofs = 4;
gss_release_buffer(&minor_status, &unwrapped);
return ADS_SUCCESS;
}
开发者ID:Alexander--,项目名称:samba,代码行数:37,代码来源:sasl.c
示例16: receive_proxy
int
receive_proxy(char **s, gss_ctx_id_t gss_context, int sck)
{
char *buf;
int return_status = BPR_RECEIVE_PROXY_ERROR;
gss_buffer_desc input_token;
gss_buffer_desc output_token;
OM_uint32 maj_stat, min_stat;
if (!(gss_context == GSS_C_NO_CONTEXT || get_token(&sck, &input_token.value, &input_token.length) != 0))
{
maj_stat = gss_unwrap(
&min_stat,
gss_context,
&input_token,
&output_token,
NULL,
NULL);
if (!GSS_ERROR(maj_stat))
{
if ((buf = (char *)malloc(output_token.length + 1)) == NULL)
{
fprintf(stderr, "Error allocating buffer...\n");
return(return_status);
}
memcpy(buf, output_token.value, output_token.length);
buf[output_token.length] = 0;
*s = buf;
return_status = BPR_RECEIVE_PROXY_OK;
}
gss_release_buffer(&min_stat, &output_token);
gss_release_buffer(&min_stat, &input_token);
}
return return_status;
}
开发者ID:Noah-Hughes,项目名称:BLAH,代码行数:36,代码来源:BPRcomm.c
示例17: tunnel
//.........这里部分代码省略.........
}
}
do {
tmlen = MAX_MSG_SIZE;
ret = recv_msg(cfd, tmbuf, &tmlen, true);
if (ret) return ret;
input.value = tmbuf;
input.length = tmlen;
maj = gss_accept_sec_context(&min, &ctx, cred, &input,
GSS_C_NO_CHANNEL_BINDINGS, &srcname,
NULL, &output, NULL, NULL, NULL);
if (maj != GSS_S_COMPLETE && maj != GSS_S_CONTINUE_NEEDED) {
gt_gss_error(svc->name, GSS_C_NO_OID, maj, min);
return EBADE;
}
if (output.length > MAX_MSG_SIZE) return ENOSPC;
if (output.length > 0) {
memcpy(tmbuf, output.value, output.length);
tmlen = output.length;
(void)gss_release_buffer(&ignore, &output);
ret = send_msg(cfd, tmbuf, tmlen, true);
if (ret) return ret;
}
} while (maj == GSS_S_CONTINUE_NEEDED);
}
/* negotiation completed, now handle traffic */
ret = init_epoll(cfd, pfd, &efd);
if (ret) return ret;
while (efd != -1) {
struct epoll_event *ev;
int n;
n = epoll_wait(efd, events, MAX_EVENTS, -1);
if (n == -1) {
ret = errno;
if (ret == EINTR) continue;
return ret;
}
for (int i = 0; i < n; i++) {
ev = &events[i];
if (ev->events & (EPOLLERR|EPOLLHUP)) {
/* one of the peers gave up */
return ENOLINK;
}
/* RECEIVE */
tmlen = MAX_MSG_SIZE;
ret = recv_msg(ev->data.fd, tmbuf, &tmlen, (ev->data.fd == cfd));
if (ret) return ret;
if (ev->data.fd == cfd) {
/* sender encrypts */
input.value = tmbuf;
input.length = tmlen;
maj = gss_unwrap(&min, ctx, &input, &output, NULL, NULL);
if (maj != GSS_S_COMPLETE) {
gt_gss_error(svc->name, GSS_C_NO_OID, maj, min);
return EIO;
}
if (output.length > MAX_MSG_SIZE) return ENOSPC;
memcpy(tmbuf, output.value, output.length);
tmlen = output.length;
(void)gss_release_buffer(&ignore, &output);
}
/* RESEND */
if (ev->data.fd == pfd) {
/* receiver encrypts */
input.value = tmbuf;
input.length = tmlen;
maj = gss_wrap(&min, ctx, 1, 0, &input, NULL, &output);
if (maj != GSS_S_COMPLETE) {
gt_gss_error(svc->name, GSS_C_NO_OID, maj, min);
return EIO;
}
if (output.length > MAX_MSG_SIZE) return ENOSPC;
memcpy(tmbuf, output.value, output.length);
tmlen = output.length;
(void)gss_release_buffer(&ignore, &output);
}
/* send to the other fd, add header only if we encrypted */
ret = send_msg((ev->data.fd == pfd)?cfd:pfd,
tmbuf, tmlen, (ev->data.fd == pfd));
if (ret) return ret;
}
}
return 0;
}
开发者ID:frenche,项目名称:gss-tunnel,代码行数:101,代码来源:gsstunnel.c
示例18: ads_sasl_gssapi_do_bind
/* this performs a SASL/gssapi bind
we avoid using cyrus-sasl to make Samba more robust. cyrus-sasl
is very dependent on correctly configured DNS whereas
this routine is much less fragile
see RFC2078 and RFC2222 for details
*/
static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv_name)
{
uint32_t minor_status;
gss_cred_id_t gss_cred = GSS_C_NO_CREDENTIAL;
gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT;
gss_OID mech_type = GSS_C_NULL_OID;
gss_buffer_desc output_token, input_token;
uint32_t req_flags, ret_flags;
int conf_state;
struct berval cred;
struct berval *scred = NULL;
int i=0;
int gss_rc, rc;
uint8_t *p;
uint32_t max_msg_size = ADS_SASL_WRAPPING_OUT_MAX_WRAPPED;
uint8_t wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
ADS_STATUS status;
struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
input_token.value = NULL;
input_token.length = 0;
status = ads_init_gssapi_cred(ads, &gss_cred);
if (!ADS_ERR_OK(status)) {
goto failed;
}
/*
* Note: here we always ask the gssapi for sign and seal
* as this is negotiated later after the mutal
* authentication
*/
req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG;
for (i=0; i < MAX_GSS_PASSES; i++) {
gss_rc = gss_init_sec_context(&minor_status,
gss_cred,
&context_handle,
serv_name,
mech_type,
req_flags,
0,
NULL,
&input_token,
NULL,
&output_token,
&ret_flags,
NULL);
if (scred) {
ber_bvfree(scred);
scred = NULL;
}
if (gss_rc && gss_rc != GSS_S_CONTINUE_NEEDED) {
status = ADS_ERROR_GSS(gss_rc, minor_status);
goto failed;
}
cred.bv_val = (char *)output_token.value;
cred.bv_len = output_token.length;
rc = ldap_sasl_bind_s(ads->ldap.ld, NULL, "GSSAPI", &cred, NULL, NULL,
&scred);
if (rc != LDAP_SASL_BIND_IN_PROGRESS) {
status = ADS_ERROR(rc);
goto failed;
}
if (output_token.value) {
gss_release_buffer(&minor_status, &output_token);
}
if (scred) {
input_token.value = scred->bv_val;
input_token.length = scred->bv_len;
} else {
input_token.value = NULL;
input_token.length = 0;
}
if (gss_rc == 0) break;
}
gss_rc = gss_unwrap(&minor_status,context_handle,&input_token,&output_token,
&conf_state,NULL);
if (scred) {
ber_bvfree(scred);
scred = NULL;
}
if (gss_rc) {
status = ADS_ERROR_GSS(gss_rc, minor_status);
goto failed;
}
p = (uint8_t *)output_token.value;
//.........这里部分代码省略.........
开发者ID:Alexander--,项目名称:samba,代码行数:101,代码来源:sasl.c
示例19: ReadEncryptedToken
int ReadEncryptedToken (int inSocket,
const gss_ctx_id_t inContext,
char **outTokenValue,
size_t *outTokenLength)
{
int err = 0;
char *token = NULL;
size_t tokenLength = 0;
OM_uint32 majorStatus;
OM_uint32 minorStatus = 0;
gss_buffer_desc outputBuffer = { 0 , NULL};
char *unencryptedToken = NULL;
if (!inContext ) { err = EINVAL; }
if (!outTokenValue ) { err = EINVAL; }
if (!outTokenLength) { err = EINVAL; }
if (!err) {
err = ReadToken (inSocket, &token, &tokenLength);
}
if (!err) {
gss_buffer_desc inputBuffer = { tokenLength, token};
int encrypted = 0; /* did mechanism encrypt/integrity protect? */
majorStatus = gss_unwrap (&minorStatus,
inContext,
&inputBuffer,
&outputBuffer,
&encrypted,
NULL /* qop_state */);
if (majorStatus != GSS_S_COMPLETE) {
printGSSErrors ("gss_unwrap", majorStatus, minorStatus);
err = minorStatus ? minorStatus : majorStatus;
} else if (!encrypted) {
fprintf (stderr, "WARNING! Mechanism not using encryption!");
err = EAUTH; /* You may not want to fail here. */
}
}
if (!err) {
unencryptedToken = malloc (outputBuffer.length);
if (unencryptedToken == NULL) { err = ENOMEM; }
}
if (!err) {
memcpy (unencryptedToken, outputBuffer.value, outputBuffer.length);
printf ("Unencrypted token:\n");
PrintBuffer (unencryptedToken, outputBuffer.length);
*outTokenLength = outputBuffer.length;
*outTokenValue = unencryptedToken;
unencryptedToken = NULL; /* only free on error */
} else {
printError (err, "ReadToken failed");
}
if (token ) { free (token); }
if (outputBuffer.value) { gss_release_buffer (&minorStatus, &outputBuffer); }
if (unencryptedToken ) { free (unencryptedToken); }
return err;
}
开发者ID:aosm,项目名称:Kerberos,代码行数:65,代码来源:common.c
示例20: Curl_SOCKS5_gssapi_negotiate
//.........这里部分代码省略.........
code = Curl_write_plain(conn, sock, (char *)gss_w_token.value,
gss_w_token.length, &written);
if((code != CURLE_OK) || ((ssize_t)gss_w_token.length != written)) {
failf(data, "Failed to send GSSAPI encryption type.");
gss_release_buffer(&gss_status, &gss_w_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
gss_release_buffer(&gss_status, &gss_w_token);
}
result=Curl_blockread_all(conn, sock, (char *)socksreq, 4, &actualread);
if(result != CURLE_OK || actualread != 4) {
failf(data, "Failed to receive GSSAPI encryption response.");
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
/* ignore the first (VER) byte */
if(socksreq[1] == 255) { /* status / message type */
failf(data, "User was rejected by the SOCKS5 server (%d %d).",
socksreq[0], socksreq[1]);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
if(socksreq[1] != 2) { /* status / messgae type */
failf(data, "Invalid GSSAPI encryption response type (%d %d).",
socksreq[0], socksreq[1]);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
memcpy(&us_length, socksreq+2, sizeof(short));
us_length = ntohs(us_length);
gss_recv_token.length= us_length;
gss_recv_token.value=malloc(gss_recv_token.length);
if(!gss_recv_token.value) {
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_OUT_OF_MEMORY;
}
result=Curl_blockread_all(conn, sock, (char *)gss_recv_token.value,
gss_recv_token.length, &actualread);
if(result != CURLE_OK || actualread != us_length) {
failf(data, "Failed to receive GSSAPI encryptrion type.");
gss_release_buffer(&gss_status, &gss_recv_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
if(!data->set.socks5_gssapi_nec) {
gss_major_status = gss_unwrap(&gss_minor_status, gss_context,
&gss_recv_token, &gss_w_token,
0, GSS_C_QOP_DEFAULT);
if(check_gss_err(data,gss_major_status,gss_minor_status,"gss_unwrap")) {
gss_release_buffer(&gss_status, &gss_recv_token);
gss_release_buffer(&gss_status, &gss_w_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
failf(data, "Failed to unwrap GSSAPI encryption value into token.");
return CURLE_COULDNT_CONNECT;
}
gss_release_buffer(&gss_status, &gss_recv_token);
if(gss_w_token.length != 1) {
failf(data, "Invalid GSSAPI encryption response length (%d).",
gss_w_token.length);
gss_release_buffer(&gss_status, &gss_w_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
memcpy(socksreq,gss_w_token.value,gss_w_token.length);
gss_release_buffer(&gss_status, &gss_w_token);
}
else {
if(gss_recv_token.length != 1) {
failf(data, "Invalid GSSAPI encryption response length (%d).",
gss_recv_token.length);
gss_release_buffer(&gss_status, &gss_recv_token);
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_COULDNT_CONNECT;
}
memcpy(socksreq,gss_recv_token.value,gss_recv_token.length);
gss_release_buffer(&gss_status, &gss_recv_token);
}
infof(data, "SOCKS5 access with%s protection granted.\n",
(socksreq[0]==0)?"out gssapi data":
((socksreq[0]==1)?" gssapi integrity":" gssapi confidentiality"));
conn->socks5_gssapi_enctype = socksreq[0];
if(socksreq[0] == 0)
gss_delete_sec_context(&gss_status, &gss_context, NULL);
return CURLE_OK;
}
开发者ID:karottc,项目名称:dtc_jd,代码行数:101,代码来源:socks_gssapi.c
注:本文中的gss_unwrap函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论