diff options
-rw-r--r-- | src/Common/Requests/GSSAPIAuthRequest.cpp | 160 | ||||
-rw-r--r-- | src/Common/Requests/GSSAPIAuthRequest.h | 54 | ||||
-rw-r--r-- | src/Server/RequestHandlers/GSSAPIAuthRequestHandler.cpp | 127 | ||||
-rw-r--r-- | src/Server/RequestHandlers/GSSAPIAuthRequestHandler.h | 48 |
4 files changed, 0 insertions, 389 deletions
diff --git a/src/Common/Requests/GSSAPIAuthRequest.cpp b/src/Common/Requests/GSSAPIAuthRequest.cpp deleted file mode 100644 index ffc7939..0000000 --- a/src/Common/Requests/GSSAPIAuthRequest.cpp +++ /dev/null @@ -1,160 +0,0 @@ -/* - * GSSAPIAuthRequest.cpp - * - * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de> - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#include "GSSAPIAuthRequest.h" -#include "../Logger.h" - -#include <cstring> - -namespace Mad { -namespace Common { -namespace Requests { - -// TODO Logging & error handling! - -GSSAPIAuthRequest::~GSSAPIAuthRequest() { - OM_uint32 minStat; - - if(gssServiceName != GSS_C_NO_NAME) - gss_release_name(&minStat, &gssServiceName); -} - -void GSSAPIAuthRequest::sendRequest() { - OM_uint32 majStat, minStat; - gss_buffer_desc buffer; - - buffer.length = serviceName.length(); - buffer.value = std::malloc(buffer.length); - std::memcpy(buffer.value, serviceName.c_str(), buffer.length); - - majStat = gss_import_name(&minStat, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &gssServiceName); - - std::free(buffer.value); - - if(majStat != GSS_S_COMPLETE) { - gssServiceName = GSS_C_NO_NAME; - return; - } - - majStat = gss_init_sec_context(&minStat, GSS_C_NO_CREDENTIAL, &gssContext, gssServiceName, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, - 0, GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER, 0, &buffer, 0, 0); - - if(majStat == GSS_S_COMPLETE) { - Logger::log(Logger::VERBOSE, "GSS context established."); - gssContinue = false; - } - else if(majStat != GSS_S_CONTINUE_NEEDED) { - gss_release_buffer(&minStat, &buffer); - return; - } - - XmlPacket ret; - ret.setType("AuthGSSAPI"); - ret.addBinary("authToken", buffer.value, buffer.length); - - sendPacket(ret); - - gss_release_buffer(&minStat, &buffer); -} - -void GSSAPIAuthRequest::handlePacket(const XmlPacket &packet) { - if(packet.getType() != "AuthGSSAPI") { - finishWithError(Net::Exception(Net::Exception::UNEXPECTED_PACKET)); - return; // TODO Logging - } - - OM_uint32 majStat, minStat; - gss_buffer_desc recvBuffer, sendBuffer; - - // Needs error handling! - - if(gssContinue) { - const void *pkgData; - packet["authToken"].getBinaryData(&pkgData, &recvBuffer.length); - - recvBuffer.value = std::malloc(recvBuffer.length); - std::memcpy(recvBuffer.value, pkgData, recvBuffer.length); - - majStat = gss_init_sec_context(&minStat, GSS_C_NO_CREDENTIAL, &gssContext, gssServiceName, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_INTEG_FLAG, - 0, GSS_C_NO_CHANNEL_BINDINGS, &recvBuffer, 0, &sendBuffer, 0, 0); - - std::free(recvBuffer.value); - - if(majStat == GSS_S_COMPLETE) { - Logger::log(Logger::VERBOSE, "GSS context established."); - gssContinue = false; - } - else if(majStat != GSS_S_CONTINUE_NEEDED) { - gss_release_buffer(&minStat, &sendBuffer); - return; - } - - XmlPacket ret; - ret.setType("AuthGSSAPI"); - ret.addBinary("authToken", sendBuffer.value, sendBuffer.length); - - sendPacket(ret); - - gss_release_buffer(&minStat, &sendBuffer); - } - else { - const void *pkgData; - packet["certMic"].getBinaryData(&pkgData, &recvBuffer.length); - - recvBuffer.value = std::malloc(recvBuffer.length); - std::memcpy(recvBuffer.value, pkgData, recvBuffer.length); - - /*const gnutls_datum_t *cert = getConnection()->getPeerCertificate(); - - sendBuffer.length = cert->size; - sendBuffer.value = cert->data;*/ - sendBuffer.value = getConnection()->getPeerCertificate(&sendBuffer.length); - - majStat = gss_verify_mic(&minStat, gssContext, &sendBuffer, &recvBuffer, 0); - - std::free(recvBuffer.value); - - if(majStat != GSS_S_COMPLETE) - return; - - getConnection()->setAuthenticated(); - Logger::log(Logger::VERBOSE, "Authentication complete."); - - majStat = gss_delete_sec_context(&minStat, &gssContext, &sendBuffer); - - if(majStat != GSS_S_COMPLETE) { - gss_release_buffer(&minStat, &sendBuffer); - return; - } - - XmlPacket ret; - ret.setType("AuthGSSAPI"); - ret.addBinary("authToken", sendBuffer.value, sendBuffer.length); - - sendPacket(ret); - - gss_release_buffer(&minStat, &sendBuffer); - - finish(XmlPacket()); - } -} - -} -} -} diff --git a/src/Common/Requests/GSSAPIAuthRequest.h b/src/Common/Requests/GSSAPIAuthRequest.h deleted file mode 100644 index a4f8c43..0000000 --- a/src/Common/Requests/GSSAPIAuthRequest.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * GSSAPIAuthRequest.h - * - * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de> - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef MAD_COMMON_REQUESTS_GSSAPIAUTHREQUEST_H_ -#define MAD_COMMON_REQUESTS_GSSAPIAUTHREQUEST_H_ - -#include "../Request.h" -#include <string> -#include <gssapi/gssapi.h> - -namespace Mad { -namespace Common { -namespace Requests { - -// TODO Logging & error handling! - -class GSSAPIAuthRequest : public Request { - private: - std::string serviceName; - gss_name_t gssServiceName; - gss_ctx_id_t gssContext; - - bool gssContinue; - - virtual void sendRequest(); - virtual void handlePacket(const XmlPacket &packet); - - public: - GSSAPIAuthRequest(Connection *connection, uint16_t requestId, slot_type slot, const std::string &serviceName0) - : Request(connection, requestId, slot), serviceName(serviceName0), gssServiceName(GSS_C_NO_NAME), gssContext(GSS_C_NO_CONTEXT), gssContinue(true) {} - virtual ~GSSAPIAuthRequest(); -}; - -} -} -} - -#endif /* MAD_COMMON_REQUESTS_GSSAPIAUTHREQUEST_H_ */ diff --git a/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.cpp b/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.cpp deleted file mode 100644 index dba92c7..0000000 --- a/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.cpp +++ /dev/null @@ -1,127 +0,0 @@ -/* - * GSSAPIAuthRequestHandler.cpp - * - * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de> - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#include "GSSAPIAuthRequestHandler.h" -#include <Common/Logger.h> -#include <Net/Exception.h> - -#include <cstring> - -namespace Mad { -namespace Server { -namespace RequestHandlers { - -// TODO Error handling - -void GSSAPIAuthRequestHandler::handlePacket(const Common::XmlPacket &packet) { - if(packet.getType() != "AuthGSSAPI") { - Common::Logger::log(Common::Logger::ERROR, "Received an unexpected packet."); - - Common::XmlPacket ret; - ret.setType("Error"); - ret.add("ErrorCode", Net::Exception::UNEXPECTED_PACKET); - - sendPacket(ret); - - signalFinished(); - return; - } - - OM_uint32 majStat, minStat; - gss_buffer_desc recvBuffer, sendBuffer; - - // Needs error handling! - - if(gssContinue) { - const void *pkgData; - packet["authToken"].getBinaryData(&pkgData, &recvBuffer.length); - - recvBuffer.value = std::malloc(recvBuffer.length); - std::memcpy(recvBuffer.value, pkgData, recvBuffer.length); - - majStat = gss_accept_sec_context(&minStat, &gssContext, GSS_C_NO_CREDENTIAL, &recvBuffer, GSS_C_NO_CHANNEL_BINDINGS, 0, 0, &sendBuffer, 0, 0, 0); - - std::free(recvBuffer.value); - - if(majStat == GSS_S_COMPLETE) { - Common::Logger::log(Common::Logger::VERBOSE, "GSS context established."); - gssContinue = false; - } - else if(majStat != GSS_S_CONTINUE_NEEDED) { - gss_release_buffer(&minStat, &sendBuffer); - return; - } - - Common::XmlPacket ret; - ret.setType("AuthGSSAPI"); - ret.addBinary("authToken", sendBuffer.value, sendBuffer.length); - - sendPacket(ret); - - gss_release_buffer(&minStat, &sendBuffer); - } - else if(!sentSignature) { - if(!packet["binary"].isEmpty()) - return; - - /*const gnutls_datum_t *cert = getConnection()->getCertificate(); - - recvBuffer.length = cert->size; - recvBuffer.value = cert->data;*/ - - recvBuffer.value = getConnection()->getCertificate(&recvBuffer.length); - - majStat = gss_get_mic(&minStat, gssContext, GSS_C_QOP_DEFAULT, &recvBuffer, &sendBuffer); - - if(majStat != GSS_S_COMPLETE) { - gss_release_buffer(&minStat, &sendBuffer); - return; - } - - Common::XmlPacket ret; - ret.setType("AuthGSSAPI"); - ret.addBinary("certMic", sendBuffer.value, sendBuffer.length); - - sendPacket(ret); - - gss_release_buffer(&minStat, &sendBuffer); - - sentSignature = true; - } - else { - const void *pkgData; - packet["authToken"].getBinaryData(&pkgData, &recvBuffer.length); - - recvBuffer.value = std::malloc(recvBuffer.length); - std::memcpy(recvBuffer.value, pkgData, recvBuffer.length); - - majStat = gss_process_context_token(&minStat, gssContext, &recvBuffer); - - std::free(recvBuffer.value); - - if(majStat != GSS_S_COMPLETE) - return; - - signalFinished(); - } -} - -} -} -} diff --git a/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.h b/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.h deleted file mode 100644 index 2c5191c..0000000 --- a/src/Server/RequestHandlers/GSSAPIAuthRequestHandler.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * GSSAPIAuthRequestHandler.h - * - * Copyright (C) 2008 Matthias Schiffer <matthias@gamezock.de> - * - * This program is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - * See the GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#ifndef MAD_SERVER_REQUESTHANDLERS_GSSAPIAUTHREQUESTHANDLER_H_ -#define MAD_SERVER_REQUESTHANDLERS_GSSAPIAUTHREQUESTHANDLER_H_ - -#include <Common/RequestHandler.h> -#include <gssapi/gssapi.h> - -namespace Mad { -namespace Server { -namespace RequestHandlers { - -class GSSAPIAuthRequestHandler : public Common::RequestHandler { - private: - gss_ctx_id_t gssContext; - - bool gssContinue, sentSignature; - - protected: - virtual void handlePacket(const Common::XmlPacket &packet); - - public: - GSSAPIAuthRequestHandler(Common::Connection *connection, uint16_t requestId) - : RequestHandler(connection, requestId), gssContext(GSS_C_NO_CONTEXT), gssContinue(true), sentSignature(false) {} -}; - -} -} -} - -#endif /* MAD_SERVER_REQUESTHANDLERS_GSSAPIAUTHREQUESTHANDLER_H_ */ |