CertificateRequest angefangen (GSSAPI-Authentifikation)

author: Matthias Schiffer <matthias@gamezock.de> 2008-09-05 05:06:25 +0200
committer: Matthias Schiffer <matthias@gamezock.de> 2008-09-05 05:06:25 +0200
commit: b961ec7011bb50785dbbc271592b84f3ebae6432 (patch)
tree: a3623e83d5e65aa771cb9385d918589955a4886a /src/Common
parent: a3a41c71c50f95f95965165eff28d24a1be24453 (diff)
download: mad-b961ec7011bb50785dbbc271592b84f3ebae6432.tar
mad-b961ec7011bb50785dbbc271592b84f3ebae6432.zip
4 files changed, 165 insertions, 6 deletions
diff --git a/src/Common/Request/CertificateRequest.h b/src/Common/Request/CertificateRequest.h
new file mode 100644
index 0000000..4e26041
--- /dev/null
+++ b/src/Common/Request/CertificateRequest.h
@@ -0,0 +1,163 @@
+/*
+ * CertificateRequest.h
+ *
+ * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de>
+ *
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef MAD_COMMON_REQUEST_CERTIFICATEREQUEST_H_
+#define MAD_COMMON_REQUEST_CERTIFICATEREQUEST_H_
+
+#include "Request.h"
+#include "../RequestManager.h"
+#include <Net/Connection.h>
+#include <Net/Packet.h>
+#include <string>
+#include <cstring>
+#include <gssapi/gssapi.h>
+
+#include <iostream>
+
+namespace Mad {
+namespace Common {
+namespace Request {
+
+
+// TODO Logging & error handling!
+
+class CertificateRequest : public Request {
+  private:
+    std::string serviceName;
+    gss_name_t gssServiceName;
+    gss_ctx_id_t gssContext;
+
+    bool gssContinue;
+
+    CertificateRequest(const std::string &serviceName0) : serviceName(serviceName0), gssServiceName(GSS_C_NO_NAME), gssContext(GSS_C_NO_CONTEXT), gssContinue(true) {}
+
+  public:
+    virtual ~CertificateRequest() {
+      OM_uint32 minStat;
+
+      if(gssServiceName != GSS_C_NO_NAME)
+        gss_release_name(&minStat, &gssServiceName);
+    }
+
+    static bool send(Net::Connection *connection, RequestManager &requestManager, const std::string &serviceName0) {
+      CertificateRequest *request = new CertificateRequest(serviceName0);
+
+      if(requestManager.sendRequest(connection, request))
+        return true;
+
+      delete request;
+      return false;
+    }
+
+    virtual bool sendRequest(Net::Connection *connection, unsigned short requestId) {
+      if(isSent())
+        return false;
+
+      OM_uint32 majStat, minStat;
+      gss_buffer_desc buffer;
+
+      buffer.length = serviceName.length();
+      buffer.value = std::malloc(buffer.length);
+      std::memcpy(buffer.value, serviceName.c_str(), buffer.length);
+
+      majStat = gss_import_name(&minStat, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &gssServiceName);
+
+      std::free(buffer.value);
+
+      if(majStat != GSS_S_COMPLETE) {
+        gssServiceName = GSS_C_NO_NAME;
+        return false;
+      }
+
+      majStat = gss_init_sec_context(&minStat, GSS_C_NO_CREDENTIAL, &gssContext, gssServiceName, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
+          0, GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER, NULL, &buffer, NULL, NULL);
+
+      if(majStat == GSS_S_COMPLETE) {
+        std::cout << "GSS context established." << std::endl;
+        gssContinue = false;
+      }
+      else if(majStat != GSS_S_CONTINUE_NEEDED) {
+        gss_release_buffer(&minStat, &buffer);
+        return false;
+      }
+
+      if(!connection->send(Net::Packet(Net::Packet::TYPE_CERT_REQ, requestId, buffer.value, buffer.length))) {
+        gss_release_buffer(&minStat, &buffer);
+        return false;
+      }
+
+      gss_release_buffer(&minStat, &buffer);
+
+      setSent();
+      return true;
+    }
+
+    virtual bool handlePacket(Net::Connection *connection, const Net::Packet &packet) {
+      if(isFinished())
+        return false;
+
+      if(packet.getType() != Net::Packet::TYPE_CERT_REP)
+        return false; // TODO Logging
+
+      OM_uint32 majStat, minStat;
+      gss_buffer_desc recvBuffer, sendBuffer;
+
+      if(gssContinue) {
+        recvBuffer.length = packet.getLength();
+        recvBuffer.value = std::malloc(recvBuffer.length);
+        std::memcpy(recvBuffer.value, packet.getData(), recvBuffer.length);
+
+        majStat = gss_init_sec_context(&minStat, GSS_C_NO_CREDENTIAL, &gssContext, gssServiceName, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_INTEG_FLAG,
+            0, GSS_C_NO_CHANNEL_BINDINGS, &recvBuffer, NULL, &sendBuffer, NULL, NULL);
+
+        std::free(recvBuffer.value);
+
+        if(majStat == GSS_S_COMPLETE) {
+          std::cout << "GSS context established." << std::endl;
+          gssContinue = false;
+        }
+        else if(majStat != GSS_S_CONTINUE_NEEDED) {
+          gss_release_buffer(&minStat, &sendBuffer);
+          return false;
+        }
+
+        if(!connection->send(Net::Packet(Net::Packet::TYPE_CERT_REQ, packet.getRequestId(), sendBuffer.value, sendBuffer.length))) {
+          gss_release_buffer(&minStat, &sendBuffer);
+          return false;
+        }
+
+        gss_release_buffer(&minStat, &sendBuffer);
+      }
+      else {
+        return false;
+
+        //setFinished();
+      }
+
+      return true;
+    }
+};
+
+}
+
+}
+
+}
+
+#endif /* MAD_COMMON_REQUEST_CERTIFICATEREQUEST_H_ */
diff --git a/src/Common/Request/Makefile.am b/src/Common/Request/Makefile.am
index a7de050..6d54206 100644
--- a/src/Common/Request/Makefile.am
+++ b/src/Common/Request/Makefile.am
@@ -1 +1 @@
-noinst_HEADERS = DisconnectRequest.h IdentifyRequest.h Request.h
+noinst_HEADERS = CertificateRequest.h DisconnectRequest.h IdentifyRequest.h Request.h
diff --git a/src/Common/Request/Makefile.in b/src/Common/Request/Makefile.in
index 9c48118..0b1006d 100644
--- a/src/Common/Request/Makefile.in
+++ b/src/Common/Request/Makefile.in
@@ -162,7 +162,7 @@ sysconfdir = @sysconfdir@
 target_alias = @target_alias@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-noinst_HEADERS = DisconnectRequest.h IdentifyRequest.h Request.h
+noinst_HEADERS = CertificateRequest.h DisconnectRequest.h IdentifyRequest.h Request.h
 all: all-am
 
 .SUFFIXES:
diff --git a/src/Common/Request/Request.h b/src/Common/Request/Request.h
index e0fcf11..e156b1b 100644
--- a/src/Common/Request/Request.h
+++ b/src/Common/Request/Request.h
@@ -23,9 +23,7 @@
 #include "../RequestHandler.h"
 
 namespace Mad {
-
 namespace Common {
-
 namespace Request {
 
 class Request : public RequestHandler {
@@ -44,9 +42,7 @@ class Request : public RequestHandler {
 };
 
 }
-
 }
-
 }
 
 #endif /* MAD_COMMON_REQUEST_REQUEST_H_ */
author	Matthias Schiffer <matthias@gamezock.de>	2008-09-05 05:06:25 +0200
committer	Matthias Schiffer <matthias@gamezock.de>	2008-09-05 05:06:25 +0200
commit	b961ec7011bb50785dbbc271592b84f3ebae6432 (patch)
tree	a3623e83d5e65aa771cb9385d918589955a4886a /src/Common
parent	a3a41c71c50f95f95965165eff28d24a1be24453 (diff)
download	mad-b961ec7011bb50785dbbc271592b84f3ebae6432.tar mad-b961ec7011bb50785dbbc271592b84f3ebae6432.zip