#endif
#include <gssapi/gssapi_krb5.h>
-#include "gss_util.h"
-#include "gss_oids.h"
-#include "err_util.h"
+#ifdef _NEW_BUILD_
+# include "lgss_utils.h"
+#else
+# include "gss_util.h"
+# include "gss_oids.h"
+# include "err_util.h"
+#endif
+#include "write_bytes.h"
#include "context.h"
+extern OM_uint32 gss_export_lucid_sec_context(OM_uint32 *min_stat,
+ gss_ctx_id_t *ctx,
+ OM_uint32 version,
+ void **kctx);
+extern OM_uint32 gss_free_lucid_sec_context(OM_uint32 *min_stat,
+ gss_ctx_id_t ctx,
+ void *kctx);
+
static int
write_lucid_keyblock(char **p, char *end, gss_krb5_lucid_key_t *key)
{
{
char *p, *end;
static int constant_zero = 0;
- unsigned char fakeseed[16];
+ unsigned char fakeseed[16] = { 0 };
uint32_t word_send_seq;
gss_krb5_lucid_key_t enc_key;
int i;
extern void krb5int_enc_des3;
extern void krb5int_enc_aes128;
extern void krb5int_enc_aes256;
-extern int krb5_derive_key();
+#if HAVE_KRB5INT_DERIVE_KEY
+/* Taken from crypto_int.h */
+enum deriv_alg {
+ DERIVE_RFC3961, /* RFC 3961 section 5.1 */
+#ifdef CAMELLIA
+ DERIVE_SP800_108_CMAC, /* NIST SP 800-108 with CMAC as PRF */
+#endif
+};
+#endif /* HAVE_KRB5INT_DERIVE_KEY */
static void
key_lucid_to_krb5(const gss_krb5_lucid_key_t *lin, krb5_keyblock *kout)
int keylength;
void *enc;
krb5_keyblock kin, kout; /* must send krb5_keyblock, not lucid! */
-#ifdef HAVE_HEIMDAL
+#if defined(HAVE_HEIMDAL) || HAVE_KRB5INT_DERIVE_KEY
krb5_context kcontext;
+#endif
+#if HAVE_KRB5INT_DERIVE_KEY
+ krb5_key key_in, key_out;
+#endif
+#ifdef HAVE_HEIMDAL
krb5_keyblock *outkey;
#endif
((char *)(datain.data))[4] = (char) extra;
#ifdef HAVE_KRB5
+#if HAVE_KRB5INT_DERIVE_KEY
+ code = krb5_init_context(&kcontext);
+ if (code) {
+ free(out->data);
+ out->data = NULL;
+ goto out;
+ }
+ code = krb5_k_create_key(kcontext, &kin, &key_in);
+ if (code) {
+ free(out->data);
+ out->data = NULL;
+ goto out;
+ }
+ code = krb5_k_create_key(kcontext, &kout, &key_out);
+ if (code) {
+ free(out->data);
+ out->data = NULL;
+ goto out;
+ }
+ code = krb5int_derive_key(enc, key_in, &key_out, &datain,
+ DERIVE_RFC3961);
+#else /* !HAVE_KRB5INT_DERIVE_KEY */
code = krb5_derive_key(enc, &kin, &kout, &datain);
-#else
+#endif /* HAVE_KRB5INT_DERIVE_KEY */
+#else /* !defined(HAVE_KRB5) */
if ((code = krb5_init_context(&kcontext))) {
}
code = krb5_derive_key(kcontext, &kin, in->type, constant_data, K5CLENGTH, &outkey);
-#endif
+#endif /* defined(HAVE_KRB5) */
if (code) {
free(out->data);
out->data = NULL;
}
#ifdef HAVE_KRB5
key_krb5_to_lucid(&kout, out);
-#else
+#if HAVE_KRB5INT_DERIVE_KEY
+ krb5_free_context(kcontext);
+#endif /* HAVE_KRB5INT_DERIVE_KEY */
+#else /* !defined(HAVE_KRB5) */
key_krb5_to_lucid(outkey, out);
krb5_free_keyblock(kcontext, outkey);
krb5_free_context(kcontext);
-#endif
+#endif /* defined(HAVE_KRB5) */
out:
- if (code)
+ if (code)
printerr(0, "ERROR: %s: returning error %d (%s)\n",
__FUNCTION__, code, error_message(code));
return (code);
if (WRITE_BYTES(&p, end, lctx->send_seq)) goto out_err;
/* Protocol 0 here implies DES3 or RC4 */
- printerr(2, "%s: protocol %d\n", __FUNCTION__, lctx->protocol);
+ printerr(3, "protocol %d\n", lctx->protocol);
if (lctx->protocol == 0) {
enctype = lctx->rfc1964_kd.ctx_key.type;
#ifdef HAVE_HEIMDAL
}
numkeys = 3;
}
- printerr(2, "%s: serializing %d keys with enctype %d and size %d\n",
- __FUNCTION__, numkeys, enctype, keysize);
+ printerr(3, "serializing %d keys with enctype %d and size %d\n",
+ numkeys, enctype, keysize);
if (WRITE_BYTES(&p, end, enctype)) goto out_err;
if (WRITE_BYTES(&p, end, keysize)) goto out_err;
if (WRITE_BYTES(&p, end, numkeys)) goto out_err;
gss_krb5_lucid_context_v1_t *lctx = 0;
int retcode = 0;
- printerr(2, "DEBUG: %s: lucid version!\n", __FUNCTION__);
+ printerr(3, "lucid version!\n");
maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
1, &return_ctx);
if (maj_stat != GSS_S_COMPLETE) {
git://git.whamcloud.com / fs / lustre-release.git / blobdiff