summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/Common/Requests/GSSAPIAuthRequest.cpp160
-rw-r--r--src/Common/Requests/GSSAPIAuthRequest.h54
-rw-r--r--src/Server/RequestHandlers/GSSAPIAuthRequestHandler.cpp127
-rw-r--r--src/Server/RequestHandlers/GSSAPIAuthRequestHandler.h48
4 files changed, 0 insertions, 389 deletions
diff --git a/src/Common/Requests/GSSAPIAuthRequest.cpp b/src/Common/Requests/GSSAPIAuthRequest.cpp
deleted file mode 100644
index ffc7939..0000000
--- a/src/Common/Requests/GSSAPIAuthRequest.cpp
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * GSSAPIAuthRequest.cpp
- *
- * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de>
- *
- * This program is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "GSSAPIAuthRequest.h"
-#include "../Logger.h"
-
-#include <cstring>
-
-namespace Mad {
-namespace Common {
-namespace Requests {
-
-// TODO Logging & error handling!
-
-GSSAPIAuthRequest::~GSSAPIAuthRequest() {
- OM_uint32 minStat;
-
- if(gssServiceName != GSS_C_NO_NAME)
- gss_release_name(&minStat, &gssServiceName);
-}
-
-void GSSAPIAuthRequest::sendRequest() {
- OM_uint32 majStat, minStat;
- gss_buffer_desc buffer;
-
- buffer.length = serviceName.length();
- buffer.value = std::malloc(buffer.length);
- std::memcpy(buffer.value, serviceName.c_str(), buffer.length);
-
- majStat = gss_import_name(&minStat, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &gssServiceName);
-
- std::free(buffer.value);
-
- if(majStat != GSS_S_COMPLETE) {
- gssServiceName = GSS_C_NO_NAME;
- return;
- }
-
- majStat = gss_init_sec_context(&minStat, GSS_C_NO_CREDENTIAL, &gssContext, gssServiceName, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
- 0, GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER, 0, &buffer, 0, 0);
-
- if(majStat == GSS_S_COMPLETE) {
- Logger::log(Logger::VERBOSE, "GSS context established.");
- gssContinue = false;
- }
- else if(majStat != GSS_S_CONTINUE_NEEDED) {
- gss_release_buffer(&minStat, &buffer);
- return;
- }
-
- XmlPacket ret;
- ret.setType("AuthGSSAPI");
- ret.addBinary("authToken", buffer.value, buffer.length);
-
- sendPacket(ret);
-
- gss_release_buffer(&minStat, &buffer);
-}
-
-void GSSAPIAuthRequest::handlePacket(const XmlPacket &packet) {
- if(packet.getType() != "AuthGSSAPI") {
- finishWithError(Net::Exception(Net::Exception::UNEXPECTED_PACKET));
- return; // TODO Logging
- }
-
- OM_uint32 majStat, minStat;
- gss_buffer_desc recvBuffer, sendBuffer;
-
- // Needs error handling!
-
- if(gssContinue) {
- const void *pkgData;
- packet["authToken"].getBinaryData(&pkgData, &recvBuffer.length);
-
- recvBuffer.value = std::malloc(recvBuffer.length);
- std::memcpy(recvBuffer.value, pkgData, recvBuffer.length);
-
- majStat = gss_init_sec_context(&minStat, GSS_C_NO_CREDENTIAL, &gssContext, gssServiceName, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_INTEG_FLAG,
- 0, GSS_C_NO_CHANNEL_BINDINGS, &recvBuffer, 0, &sendBuffer, 0, 0);
-
- std::free(recvBuffer.value);
-
- if(majStat == GSS_S_COMPLETE) {
- Logger::log(Logger::VERBOSE, "GSS context established.");
- gssContinue = false;
- }
- else if(majStat != GSS_S_CONTINUE_NEEDED) {
- gss_release_buffer(&minStat, &sendBuffer);
- return;
- }
-
- XmlPacket ret;
- ret.setType("AuthGSSAPI");
- ret.addBinary("authToken", sendBuffer.value, sendBuffer.length);
-
- sendPacket(ret);
-
- gss_release_buffer(&minStat, &sendBuffer);
- }
- else {
- const void *pkgData;
- packet["certMic"].getBinaryData(&pkgData, &recvBuffer.length);
-
- recvBuffer.value = std::malloc(recvBuffer.length);
- std::memcpy(recvBuffer.value, pkgData, recvBuffer.length);
-
- /*const gnutls_datum_t *cert = getConnection()->getPeerCertificate();
-
- sendBuffer.length = cert->size;
- sendBuffer.value = cert->data;*/
- sendBuffer.value = getConnection()->getPeerCertificate(&sendBuffer.length);
-
- majStat = gss_verify_mic(&minStat, gssContext, &sendBuffer, &recvBuffer, 0);
-
- std::free(recvBuffer.value);
-
- if(majStat != GSS_S_COMPLETE)
- return;
-
- getConnection()->setAuthenticated();
- Logger::log(Logger::VERBOSE, "Authentication complete.");
-
- majStat = gss_delete_sec_context(&minStat, &gssContext, &sendBuffer);
-
- if(majStat != GSS_S_COMPLETE) {
- gss_release_buffer(&minStat, &sendBuffer);
- return;
- }
-
- XmlPacket ret;
- ret.setType("AuthGSSAPI");
- ret.addBinary("authToken", sendBuffer.value, sendBuffer.length);
-
- sendPacket(ret);
-
- gss_release_buffer(&minStat, &sendBuffer);
-
- finish(XmlPacket());
- }
-}
-
-}
-}
-}
diff --git a/src/Common/Requests/GSSAPIAuthRequest.h b/src/Common/Requests/GSSAPIAuthRequest.h
deleted file mode 100644
index a4f8c43..0000000
--- a/src/Common/Requests/GSSAPIAuthRequest.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * GSSAPIAuthRequest.h
- *
- * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de>
- *
- * This program is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef MAD_COMMON_REQUESTS_GSSAPIAUTHREQUEST_H_
-#define MAD_COMMON_REQUESTS_GSSAPIAUTHREQUEST_H_
-
-#include "../Request.h"
-#include <string>
-#include <gssapi/gssapi.h>
-
-namespace Mad {
-namespace Common {
-namespace Requests {
-
-// TODO Logging & error handling!
-
-class GSSAPIAuthRequest : public Request {
- private:
- std::string serviceName;
- gss_name_t gssServiceName;
- gss_ctx_id_t gssContext;
-
- bool gssContinue;
-
- virtual void sendRequest();
- virtual void handlePacket(const XmlPacket &packet);
-
- public:
- GSSAPIAuthRequest(Connection *connection, uint16_t requestId, slot_type slot, const std::string &serviceName0)
- : Request(connection, requestId, slot), serviceName(serviceName0), gssServiceName(GSS_C_NO_NAME), gssContext(GSS_C_NO_CONTEXT), gssContinue(true) {}
- virtual ~GSSAPIAuthRequest();
-};
-
-}
-}
-}
-
-#endif /* MAD_COMMON_REQUESTS_GSSAPIAUTHREQUEST_H_ */
diff --git a/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.cpp b/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.cpp
deleted file mode 100644
index dba92c7..0000000
--- a/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.cpp
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * GSSAPIAuthRequestHandler.cpp
- *
- * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de>
- *
- * This program is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "GSSAPIAuthRequestHandler.h"
-#include <Common/Logger.h>
-#include <Net/Exception.h>
-
-#include <cstring>
-
-namespace Mad {
-namespace Server {
-namespace RequestHandlers {
-
-// TODO Error handling
-
-void GSSAPIAuthRequestHandler::handlePacket(const Common::XmlPacket &packet) {
- if(packet.getType() != "AuthGSSAPI") {
- Common::Logger::log(Common::Logger::ERROR, "Received an unexpected packet.");
-
- Common::XmlPacket ret;
- ret.setType("Error");
- ret.add("ErrorCode", Net::Exception::UNEXPECTED_PACKET);
-
- sendPacket(ret);
-
- signalFinished();
- return;
- }
-
- OM_uint32 majStat, minStat;
- gss_buffer_desc recvBuffer, sendBuffer;
-
- // Needs error handling!
-
- if(gssContinue) {
- const void *pkgData;
- packet["authToken"].getBinaryData(&pkgData, &recvBuffer.length);
-
- recvBuffer.value = std::malloc(recvBuffer.length);
- std::memcpy(recvBuffer.value, pkgData, recvBuffer.length);
-
- majStat = gss_accept_sec_context(&minStat, &gssContext, GSS_C_NO_CREDENTIAL, &recvBuffer, GSS_C_NO_CHANNEL_BINDINGS, 0, 0, &sendBuffer, 0, 0, 0);
-
- std::free(recvBuffer.value);
-
- if(majStat == GSS_S_COMPLETE) {
- Common::Logger::log(Common::Logger::VERBOSE, "GSS context established.");
- gssContinue = false;
- }
- else if(majStat != GSS_S_CONTINUE_NEEDED) {
- gss_release_buffer(&minStat, &sendBuffer);
- return;
- }
-
- Common::XmlPacket ret;
- ret.setType("AuthGSSAPI");
- ret.addBinary("authToken", sendBuffer.value, sendBuffer.length);
-
- sendPacket(ret);
-
- gss_release_buffer(&minStat, &sendBuffer);
- }
- else if(!sentSignature) {
- if(!packet["binary"].isEmpty())
- return;
-
- /*const gnutls_datum_t *cert = getConnection()->getCertificate();
-
- recvBuffer.length = cert->size;
- recvBuffer.value = cert->data;*/
-
- recvBuffer.value = getConnection()->getCertificate(&recvBuffer.length);
-
- majStat = gss_get_mic(&minStat, gssContext, GSS_C_QOP_DEFAULT, &recvBuffer, &sendBuffer);
-
- if(majStat != GSS_S_COMPLETE) {
- gss_release_buffer(&minStat, &sendBuffer);
- return;
- }
-
- Common::XmlPacket ret;
- ret.setType("AuthGSSAPI");
- ret.addBinary("certMic", sendBuffer.value, sendBuffer.length);
-
- sendPacket(ret);
-
- gss_release_buffer(&minStat, &sendBuffer);
-
- sentSignature = true;
- }
- else {
- const void *pkgData;
- packet["authToken"].getBinaryData(&pkgData, &recvBuffer.length);
-
- recvBuffer.value = std::malloc(recvBuffer.length);
- std::memcpy(recvBuffer.value, pkgData, recvBuffer.length);
-
- majStat = gss_process_context_token(&minStat, gssContext, &recvBuffer);
-
- std::free(recvBuffer.value);
-
- if(majStat != GSS_S_COMPLETE)
- return;
-
- signalFinished();
- }
-}
-
-}
-}
-}
diff --git a/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.h b/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.h
deleted file mode 100644
index 2c5191c..0000000
--- a/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * GSSAPIAuthRequestHandler.h
- *
- * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de>
- *
- * This program is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- * See the GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef MAD_SERVER_REQUESTHANDLERS_GSSAPIAUTHREQUESTHANDLER_H_
-#define MAD_SERVER_REQUESTHANDLERS_GSSAPIAUTHREQUESTHANDLER_H_
-
-#include <Common/RequestHandler.h>
-#include <gssapi/gssapi.h>
-
-namespace Mad {
-namespace Server {
-namespace RequestHandlers {
-
-class GSSAPIAuthRequestHandler : public Common::RequestHandler {
- private:
- gss_ctx_id_t gssContext;
-
- bool gssContinue, sentSignature;
-
- protected:
- virtual void handlePacket(const Common::XmlPacket &packet);
-
- public:
- GSSAPIAuthRequestHandler(Common::Connection *connection, uint16_t requestId)
- : RequestHandler(connection, requestId), gssContext(GSS_C_NO_CONTEXT), gssContinue(true), sentSignature(false) {}
-};
-
-}
-}
-}
-
-#endif /* MAD_SERVER_REQUESTHANDLERS_GSSAPIAUTHREQUESTHANDLER_H_ */