From d710e7dc5e8f3895f5d1aa6bd1db0ef3151af8ca Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 13 Sep 2008 04:39:42 +0200 Subject: Und wieder eine Umbenennungsorgie... --- src/Common/Requests/GSSAPIAuthRequest.cpp | 171 ++++++++++++++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 src/Common/Requests/GSSAPIAuthRequest.cpp (limited to 'src/Common/Requests/GSSAPIAuthRequest.cpp') diff --git a/src/Common/Requests/GSSAPIAuthRequest.cpp b/src/Common/Requests/GSSAPIAuthRequest.cpp new file mode 100644 index 0000000..1874064 --- /dev/null +++ b/src/Common/Requests/GSSAPIAuthRequest.cpp @@ -0,0 +1,171 @@ +/* + * GSSAPIAuthRequest.cpp + * + * Copyright (C) 2008 Matthias Schiffer + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + */ + +#include "GSSAPIAuthRequest.h" +#include "../RequestManager.h" + +#include + +#include + +namespace Mad { +namespace Common { +namespace Requests { + +// TODO Logging & error handling! + +GSSAPIAuthRequest::~GSSAPIAuthRequest() { + OM_uint32 minStat; + + if(gssServiceName != GSS_C_NO_NAME) + gss_release_name(&minStat, &gssServiceName); +} + +bool GSSAPIAuthRequest::send(Net::Connection *connection, RequestManager &requestManager, const std::string &serviceName0) { + GSSAPIAuthRequest *request = new GSSAPIAuthRequest(serviceName0); + + if(requestManager.sendRequest(connection, request)) + return true; + + delete request; + return false; +} + +bool GSSAPIAuthRequest::sendRequest(Net::Connection *connection, uint16_t requestId) { + if(isSent()) + return false; + + OM_uint32 majStat, minStat; + gss_buffer_desc buffer; + + buffer.length = serviceName.length(); + buffer.value = std::malloc(buffer.length); + std::memcpy(buffer.value, serviceName.c_str(), buffer.length); + + majStat = gss_import_name(&minStat, &buffer, GSS_C_NT_HOSTBASED_SERVICE, &gssServiceName); + + std::free(buffer.value); + + if(majStat != GSS_S_COMPLETE) { + gssServiceName = GSS_C_NO_NAME; + return false; + } + + majStat = gss_init_sec_context(&minStat, GSS_C_NO_CREDENTIAL, &gssContext, gssServiceName, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, + 0, GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_BUFFER, 0, &buffer, 0, 0); + + if(majStat == GSS_S_COMPLETE) { + std::cout << "GSS context established." << std::endl; + gssContinue = false; + } + else if(majStat != GSS_S_CONTINUE_NEEDED) { + gss_release_buffer(&minStat, &buffer); + return false; + } + + if(!connection->send(Net::Packet(Net::Packet::GSSAPI_AUTH, requestId, buffer.value, buffer.length))) { + gss_release_buffer(&minStat, &buffer); + return false; + } + + gss_release_buffer(&minStat, &buffer); + + setSent(); + return true; +} + +bool GSSAPIAuthRequest::handlePacket(Net::Connection *connection, const Net::Packet &packet) { + if(isFinished()) + return false; + + if(packet.getType() != Net::Packet::GSSAPI_AUTH) + return false; // TODO Logging + + OM_uint32 majStat, minStat; + gss_buffer_desc recvBuffer, sendBuffer; + + if(gssContinue) { + recvBuffer.length = packet.getLength(); + recvBuffer.value = std::malloc(recvBuffer.length); + std::memcpy(recvBuffer.value, packet.getData(), recvBuffer.length); + + majStat = gss_init_sec_context(&minStat, GSS_C_NO_CREDENTIAL, &gssContext, gssServiceName, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_INTEG_FLAG, + 0, GSS_C_NO_CHANNEL_BINDINGS, &recvBuffer, 0, &sendBuffer, 0, 0); + + std::free(recvBuffer.value); + + if(majStat == GSS_S_COMPLETE) { + std::cout << "GSS context established." << std::endl; + gssContinue = false; + } + else if(majStat != GSS_S_CONTINUE_NEEDED) { + gss_release_buffer(&minStat, &sendBuffer); + return false; + } + + if(!connection->send(Net::Packet(Net::Packet::GSSAPI_AUTH, packet.getRequestId(), sendBuffer.value, sendBuffer.length))) { + gss_release_buffer(&minStat, &sendBuffer); + return false; + } + + gss_release_buffer(&minStat, &sendBuffer); + } + else { + recvBuffer.length = packet.getLength(); + recvBuffer.value = std::malloc(recvBuffer.length); + std::memcpy(recvBuffer.value, packet.getData(), recvBuffer.length); + + const gnutls_datum_t *cert = connection->getPeerCertificate(); + + sendBuffer.length = cert->size; + sendBuffer.value = cert->data; + + majStat = gss_verify_mic(&minStat, gssContext, &sendBuffer, &recvBuffer, 0); + + std::free(recvBuffer.value); + + if(majStat != GSS_S_COMPLETE) + return false; + + connection->setAuthenticated(); + std::cout << "Authentication complete." << std::endl; + + majStat = gss_delete_sec_context(&minStat, &gssContext, &sendBuffer); + + if(majStat != GSS_S_COMPLETE) { + gss_release_buffer(&minStat, &sendBuffer); + return false; + } + + if(!connection->send(Net::Packet(Net::Packet::GSSAPI_AUTH, packet.getRequestId(), sendBuffer.value, sendBuffer.length))) { + gss_release_buffer(&minStat, &sendBuffer); + return false; + } + + gss_release_buffer(&minStat, &sendBuffer); + + setFinished(); + } + + return true; +} + +} +} +} -- cgit v1.2.3