Path: blob/main/crypto/heimdal/lib/gssapi/mech/gss_krb5.c
34907 views
/*-1* Copyright (c) 2005 Doug Rabson2* All rights reserved.3*4* Redistribution and use in source and binary forms, with or without5* modification, are permitted provided that the following conditions6* are met:7* 1. Redistributions of source code must retain the above copyright8* notice, this list of conditions and the following disclaimer.9* 2. Redistributions in binary form must reproduce the above copyright10* notice, this list of conditions and the following disclaimer in the11* documentation and/or other materials provided with the distribution.12*13* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND14* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE15* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE16* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE17* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL18* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS19* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)20* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT21* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY22* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF23* SUCH DAMAGE.24*25* $FreeBSD: src/lib/libgssapi/gss_krb5.c,v 1.1 2005/12/29 14:40:20 dfr Exp $26*/2728#include "mech_locl.h"2930#include <krb5.h>31#include <roken.h>323334GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL35gss_krb5_copy_ccache(OM_uint32 *minor_status,36gss_cred_id_t cred,37krb5_ccache out)38{39gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;40krb5_context context;41krb5_error_code kret;42krb5_ccache id;43OM_uint32 ret;44char *str = NULL;4546ret = gss_inquire_cred_by_oid(minor_status,47cred,48GSS_KRB5_COPY_CCACHE_X,49&data_set);50if (ret)51return ret;5253if (data_set == GSS_C_NO_BUFFER_SET || data_set->count < 1) {54gss_release_buffer_set(minor_status, &data_set);55*minor_status = EINVAL;56return GSS_S_FAILURE;57}5859kret = krb5_init_context(&context);60if (kret) {61*minor_status = kret;62gss_release_buffer_set(minor_status, &data_set);63return GSS_S_FAILURE;64}6566kret = asprintf(&str, "%.*s", (int)data_set->elements[0].length,67(char *)data_set->elements[0].value);68gss_release_buffer_set(minor_status, &data_set);69if (kret < 0 || str == NULL) {70*minor_status = ENOMEM;71return GSS_S_FAILURE;72}7374kret = krb5_cc_resolve(context, str, &id);75free(str);76if (kret) {77*minor_status = kret;78return GSS_S_FAILURE;79}8081kret = krb5_cc_copy_cache(context, id, out);82krb5_cc_close(context, id);83krb5_free_context(context);84if (kret) {85*minor_status = kret;86return GSS_S_FAILURE;87}8889return ret;90}9192GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL93gss_krb5_import_cred(OM_uint32 *minor_status,94krb5_ccache id,95krb5_principal keytab_principal,96krb5_keytab keytab,97gss_cred_id_t *cred)98{99gss_buffer_desc buffer;100OM_uint32 major_status;101krb5_context context;102krb5_error_code ret;103krb5_storage *sp;104krb5_data data;105char *str;106107*cred = GSS_C_NO_CREDENTIAL;108109ret = krb5_init_context(&context);110if (ret) {111*minor_status = ret;112return GSS_S_FAILURE;113}114115sp = krb5_storage_emem();116if (sp == NULL) {117*minor_status = ENOMEM;118major_status = GSS_S_FAILURE;119goto out;120}121122if (id) {123ret = krb5_cc_get_full_name(context, id, &str);124if (ret == 0) {125ret = krb5_store_string(sp, str);126free(str);127}128} else129ret = krb5_store_string(sp, "");130if (ret) {131*minor_status = ret;132major_status = GSS_S_FAILURE;133goto out;134}135136if (keytab_principal) {137ret = krb5_unparse_name(context, keytab_principal, &str);138if (ret == 0) {139ret = krb5_store_string(sp, str);140free(str);141}142} else143krb5_store_string(sp, "");144if (ret) {145*minor_status = ret;146major_status = GSS_S_FAILURE;147goto out;148}149150151if (keytab) {152ret = krb5_kt_get_full_name(context, keytab, &str);153if (ret == 0) {154ret = krb5_store_string(sp, str);155free(str);156}157} else158krb5_store_string(sp, "");159if (ret) {160*minor_status = ret;161major_status = GSS_S_FAILURE;162goto out;163}164165ret = krb5_storage_to_data(sp, &data);166if (ret) {167*minor_status = ret;168major_status = GSS_S_FAILURE;169goto out;170}171172buffer.value = data.data;173buffer.length = data.length;174175major_status = gss_set_cred_option(minor_status,176cred,177GSS_KRB5_IMPORT_CRED_X,178&buffer);179krb5_data_free(&data);180out:181if (sp)182krb5_storage_free(sp);183krb5_free_context(context);184return major_status;185}186187GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL188gsskrb5_register_acceptor_identity(const char *identity)189{190gssapi_mech_interface m;191gss_buffer_desc buffer;192OM_uint32 junk;193194_gss_load_mech();195196buffer.value = rk_UNCONST(identity);197buffer.length = strlen(identity);198199m = __gss_get_mechanism(GSS_KRB5_MECHANISM);200if (m == NULL || m->gm_set_sec_context_option == NULL)201return GSS_S_FAILURE;202203return m->gm_set_sec_context_option(&junk, NULL,204GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X, &buffer);205}206207GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL208krb5_gss_register_acceptor_identity(const char *identity)209{210return gsskrb5_register_acceptor_identity(identity);211}212213214GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL215gsskrb5_set_dns_canonicalize(int flag)216{217struct _gss_mech_switch *m;218gss_buffer_desc buffer;219OM_uint32 junk;220char b = (flag != 0);221222_gss_load_mech();223224buffer.value = &b;225buffer.length = sizeof(b);226227HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {228if (m->gm_mech.gm_set_sec_context_option == NULL)229continue;230m->gm_mech.gm_set_sec_context_option(&junk, NULL,231GSS_KRB5_SET_DNS_CANONICALIZE_X, &buffer);232}233234return (GSS_S_COMPLETE);235}236237238239static krb5_error_code240set_key(krb5_keyblock *keyblock, gss_krb5_lucid_key_t *key)241{242key->type = keyblock->keytype;243key->length = keyblock->keyvalue.length;244key->data = malloc(key->length);245if (key->data == NULL && key->length != 0)246return ENOMEM;247memcpy(key->data, keyblock->keyvalue.data, key->length);248return 0;249}250251static void252free_key(gss_krb5_lucid_key_t *key)253{254memset(key->data, 0, key->length);255free(key->data);256memset(key, 0, sizeof(*key));257}258259GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL260gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,261gss_ctx_id_t *context_handle,262OM_uint32 version,263void **rctx)264{265krb5_context context = NULL;266krb5_error_code ret;267gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;268OM_uint32 major_status;269gss_krb5_lucid_context_v1_t *ctx = NULL;270krb5_storage *sp = NULL;271uint32_t num;272273if (context_handle == NULL274|| *context_handle == GSS_C_NO_CONTEXT275|| version != 1)276{277*minor_status = EINVAL;278return GSS_S_FAILURE;279}280281major_status =282gss_inquire_sec_context_by_oid (minor_status,283*context_handle,284GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X,285&data_set);286if (major_status)287return major_status;288289if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {290gss_release_buffer_set(minor_status, &data_set);291*minor_status = EINVAL;292return GSS_S_FAILURE;293}294295ret = krb5_init_context(&context);296if (ret)297goto out;298299ctx = calloc(1, sizeof(*ctx));300if (ctx == NULL) {301ret = ENOMEM;302goto out;303}304305sp = krb5_storage_from_mem(data_set->elements[0].value,306data_set->elements[0].length);307if (sp == NULL) {308ret = ENOMEM;309goto out;310}311312ret = krb5_ret_uint32(sp, &num);313if (ret) goto out;314if (num != 1) {315ret = EINVAL;316goto out;317}318ctx->version = 1;319/* initiator */320ret = krb5_ret_uint32(sp, &ctx->initiate);321if (ret) goto out;322/* endtime */323ret = krb5_ret_uint32(sp, &ctx->endtime);324if (ret) goto out;325/* send_seq */326ret = krb5_ret_uint32(sp, &num);327if (ret) goto out;328ctx->send_seq = ((uint64_t)num) << 32;329ret = krb5_ret_uint32(sp, &num);330if (ret) goto out;331ctx->send_seq |= num;332/* recv_seq */333ret = krb5_ret_uint32(sp, &num);334if (ret) goto out;335ctx->recv_seq = ((uint64_t)num) << 32;336ret = krb5_ret_uint32(sp, &num);337if (ret) goto out;338ctx->recv_seq |= num;339/* protocol */340ret = krb5_ret_uint32(sp, &ctx->protocol);341if (ret) goto out;342if (ctx->protocol == 0) {343krb5_keyblock key;344345/* sign_alg */346ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.sign_alg);347if (ret) goto out;348/* seal_alg */349ret = krb5_ret_uint32(sp, &ctx->rfc1964_kd.seal_alg);350if (ret) goto out;351/* ctx_key */352ret = krb5_ret_keyblock(sp, &key);353if (ret) goto out;354ret = set_key(&key, &ctx->rfc1964_kd.ctx_key);355krb5_free_keyblock_contents(context, &key);356if (ret) goto out;357} else if (ctx->protocol == 1) {358krb5_keyblock key;359360/* acceptor_subkey */361ret = krb5_ret_uint32(sp, &ctx->cfx_kd.have_acceptor_subkey);362if (ret) goto out;363/* ctx_key */364ret = krb5_ret_keyblock(sp, &key);365if (ret) goto out;366ret = set_key(&key, &ctx->cfx_kd.ctx_key);367krb5_free_keyblock_contents(context, &key);368if (ret) goto out;369/* acceptor_subkey */370if (ctx->cfx_kd.have_acceptor_subkey) {371ret = krb5_ret_keyblock(sp, &key);372if (ret) goto out;373ret = set_key(&key, &ctx->cfx_kd.acceptor_subkey);374krb5_free_keyblock_contents(context, &key);375if (ret) goto out;376}377} else {378ret = EINVAL;379goto out;380}381382*rctx = ctx;383384out:385gss_release_buffer_set(minor_status, &data_set);386if (sp)387krb5_storage_free(sp);388if (context)389krb5_free_context(context);390391if (ret) {392if (ctx)393gss_krb5_free_lucid_sec_context(NULL, ctx);394395*minor_status = ret;396return GSS_S_FAILURE;397}398*minor_status = 0;399return GSS_S_COMPLETE;400}401402GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL403gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *c)404{405gss_krb5_lucid_context_v1_t *ctx = c;406407if (ctx->version != 1) {408if (minor_status)409*minor_status = 0;410return GSS_S_FAILURE;411}412413if (ctx->protocol == 0) {414free_key(&ctx->rfc1964_kd.ctx_key);415} else if (ctx->protocol == 1) {416free_key(&ctx->cfx_kd.ctx_key);417if (ctx->cfx_kd.have_acceptor_subkey)418free_key(&ctx->cfx_kd.acceptor_subkey);419}420free(ctx);421if (minor_status)422*minor_status = 0;423return GSS_S_COMPLETE;424}425426/*427*428*/429430GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL431gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,432gss_cred_id_t cred,433OM_uint32 num_enctypes,434int32_t *enctypes)435{436krb5_error_code ret;437OM_uint32 maj_status;438gss_buffer_desc buffer;439krb5_storage *sp;440krb5_data data;441size_t i;442443sp = krb5_storage_emem();444if (sp == NULL) {445*minor_status = ENOMEM;446maj_status = GSS_S_FAILURE;447goto out;448}449450for (i = 0; i < num_enctypes; i++) {451ret = krb5_store_int32(sp, enctypes[i]);452if (ret) {453*minor_status = ret;454maj_status = GSS_S_FAILURE;455goto out;456}457}458459ret = krb5_storage_to_data(sp, &data);460if (ret) {461*minor_status = ret;462maj_status = GSS_S_FAILURE;463goto out;464}465466buffer.value = data.data;467buffer.length = data.length;468469maj_status = gss_set_cred_option(minor_status,470&cred,471GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X,472&buffer);473krb5_data_free(&data);474out:475if (sp)476krb5_storage_free(sp);477return maj_status;478}479480/*481*482*/483484GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL485gsskrb5_set_send_to_kdc(struct gsskrb5_send_to_kdc *c)486{487struct _gss_mech_switch *m;488gss_buffer_desc buffer;489OM_uint32 junk;490491_gss_load_mech();492493if (c) {494buffer.value = c;495buffer.length = sizeof(*c);496} else {497buffer.value = NULL;498buffer.length = 0;499}500501HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {502if (m->gm_mech.gm_set_sec_context_option == NULL)503continue;504m->gm_mech.gm_set_sec_context_option(&junk, NULL,505GSS_KRB5_SEND_TO_KDC_X, &buffer);506}507508return (GSS_S_COMPLETE);509}510511/*512*513*/514515GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL516gss_krb5_ccache_name(OM_uint32 *minor_status,517const char *name,518const char **out_name)519{520struct _gss_mech_switch *m;521gss_buffer_desc buffer;522OM_uint32 junk;523524_gss_load_mech();525526if (out_name)527*out_name = NULL;528529buffer.value = rk_UNCONST(name);530buffer.length = strlen(name);531532HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {533if (m->gm_mech.gm_set_sec_context_option == NULL)534continue;535m->gm_mech.gm_set_sec_context_option(&junk, NULL,536GSS_KRB5_CCACHE_NAME_X, &buffer);537}538539return (GSS_S_COMPLETE);540}541542543/*544*545*/546547GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL548gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,549gss_ctx_id_t context_handle,550time_t *authtime)551{552gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;553OM_uint32 maj_stat;554555if (context_handle == GSS_C_NO_CONTEXT) {556*minor_status = EINVAL;557return GSS_S_FAILURE;558}559560maj_stat =561gss_inquire_sec_context_by_oid (minor_status,562context_handle,563GSS_KRB5_GET_AUTHTIME_X,564&data_set);565if (maj_stat)566return maj_stat;567568if (data_set == GSS_C_NO_BUFFER_SET) {569gss_release_buffer_set(minor_status, &data_set);570*minor_status = EINVAL;571return GSS_S_FAILURE;572}573574if (data_set->count != 1) {575gss_release_buffer_set(minor_status, &data_set);576*minor_status = EINVAL;577return GSS_S_FAILURE;578}579580if (data_set->elements[0].length != 4) {581gss_release_buffer_set(minor_status, &data_set);582*minor_status = EINVAL;583return GSS_S_FAILURE;584}585586{587unsigned char *buf = data_set->elements[0].value;588*authtime = (buf[3] <<24) | (buf[2] << 16) |589(buf[1] << 8) | (buf[0] << 0);590}591592gss_release_buffer_set(minor_status, &data_set);593594*minor_status = 0;595return GSS_S_COMPLETE;596}597598/*599*600*/601602GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL603gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,604gss_ctx_id_t context_handle,605int ad_type,606gss_buffer_t ad_data)607{608gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;609OM_uint32 maj_stat;610gss_OID_desc oid_flat;611heim_oid baseoid, oid;612size_t size;613614if (context_handle == GSS_C_NO_CONTEXT) {615*minor_status = EINVAL;616return GSS_S_FAILURE;617}618619/* All this to append an integer to an oid... */620621if (der_get_oid(GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->elements,622GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X->length,623&baseoid, NULL) != 0) {624*minor_status = EINVAL;625return GSS_S_FAILURE;626}627628oid.length = baseoid.length + 1;629oid.components = calloc(oid.length, sizeof(*oid.components));630if (oid.components == NULL) {631der_free_oid(&baseoid);632633*minor_status = ENOMEM;634return GSS_S_FAILURE;635}636637memcpy(oid.components, baseoid.components,638baseoid.length * sizeof(*baseoid.components));639640der_free_oid(&baseoid);641642oid.components[oid.length - 1] = ad_type;643644oid_flat.length = der_length_oid(&oid);645oid_flat.elements = malloc(oid_flat.length);646if (oid_flat.elements == NULL) {647free(oid.components);648*minor_status = ENOMEM;649return GSS_S_FAILURE;650}651652if (der_put_oid((unsigned char *)oid_flat.elements + oid_flat.length - 1,653oid_flat.length, &oid, &size) != 0) {654free(oid.components);655free(oid_flat.elements);656*minor_status = EINVAL;657return GSS_S_FAILURE;658}659if (oid_flat.length != size)660abort();661662free(oid.components);663664/* FINALLY, we have the OID */665666maj_stat = gss_inquire_sec_context_by_oid (minor_status,667context_handle,668&oid_flat,669&data_set);670671free(oid_flat.elements);672673if (maj_stat)674return maj_stat;675676if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {677gss_release_buffer_set(minor_status, &data_set);678*minor_status = EINVAL;679return GSS_S_FAILURE;680}681682ad_data->value = malloc(data_set->elements[0].length);683if (ad_data->value == NULL) {684gss_release_buffer_set(minor_status, &data_set);685*minor_status = ENOMEM;686return GSS_S_FAILURE;687}688689ad_data->length = data_set->elements[0].length;690memcpy(ad_data->value, data_set->elements[0].value, ad_data->length);691gss_release_buffer_set(minor_status, &data_set);692693*minor_status = 0;694return GSS_S_COMPLETE;695}696697/*698*699*/700701static OM_uint32702gsskrb5_extract_key(OM_uint32 *minor_status,703gss_ctx_id_t context_handle,704const gss_OID oid,705krb5_keyblock **keyblock)706{707krb5_error_code ret;708gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;709OM_uint32 major_status;710krb5_context context = NULL;711krb5_storage *sp = NULL;712713if (context_handle == GSS_C_NO_CONTEXT) {714*minor_status = EINVAL;715return GSS_S_FAILURE;716}717718ret = krb5_init_context(&context);719if(ret) {720*minor_status = ret;721return GSS_S_FAILURE;722}723724major_status =725gss_inquire_sec_context_by_oid (minor_status,726context_handle,727oid,728&data_set);729if (major_status)730return major_status;731732if (data_set == GSS_C_NO_BUFFER_SET || data_set->count != 1) {733gss_release_buffer_set(minor_status, &data_set);734*minor_status = EINVAL;735return GSS_S_FAILURE;736}737738sp = krb5_storage_from_mem(data_set->elements[0].value,739data_set->elements[0].length);740if (sp == NULL) {741ret = ENOMEM;742goto out;743}744745*keyblock = calloc(1, sizeof(**keyblock));746if (keyblock == NULL) {747ret = ENOMEM;748goto out;749}750751ret = krb5_ret_keyblock(sp, *keyblock);752753out:754gss_release_buffer_set(minor_status, &data_set);755if (sp)756krb5_storage_free(sp);757if (ret && keyblock) {758krb5_free_keyblock(context, *keyblock);759*keyblock = NULL;760}761if (context)762krb5_free_context(context);763764*minor_status = ret;765if (ret)766return GSS_S_FAILURE;767768return GSS_S_COMPLETE;769}770771/*772*773*/774775GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL776gsskrb5_extract_service_keyblock(OM_uint32 *minor_status,777gss_ctx_id_t context_handle,778krb5_keyblock **keyblock)779{780return gsskrb5_extract_key(minor_status,781context_handle,782GSS_KRB5_GET_SERVICE_KEYBLOCK_X,783keyblock);784}785786GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL787gsskrb5_get_initiator_subkey(OM_uint32 *minor_status,788gss_ctx_id_t context_handle,789krb5_keyblock **keyblock)790{791return gsskrb5_extract_key(minor_status,792context_handle,793GSS_KRB5_GET_INITIATOR_SUBKEY_X,794keyblock);795}796797GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL798gsskrb5_get_subkey(OM_uint32 *minor_status,799gss_ctx_id_t context_handle,800krb5_keyblock **keyblock)801{802return gsskrb5_extract_key(minor_status,803context_handle,804GSS_KRB5_GET_SUBKEY_X,805keyblock);806}807808GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL809gsskrb5_set_default_realm(const char *realm)810{811struct _gss_mech_switch *m;812gss_buffer_desc buffer;813OM_uint32 junk;814815_gss_load_mech();816817buffer.value = rk_UNCONST(realm);818buffer.length = strlen(realm);819820HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {821if (m->gm_mech.gm_set_sec_context_option == NULL)822continue;823m->gm_mech.gm_set_sec_context_option(&junk, NULL,824GSS_KRB5_SET_DEFAULT_REALM_X, &buffer);825}826827return (GSS_S_COMPLETE);828}829830GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL831gss_krb5_get_tkt_flags(OM_uint32 *minor_status,832gss_ctx_id_t context_handle,833OM_uint32 *tkt_flags)834{835836OM_uint32 major_status;837gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;838839if (context_handle == GSS_C_NO_CONTEXT) {840*minor_status = EINVAL;841return GSS_S_FAILURE;842}843844major_status =845gss_inquire_sec_context_by_oid (minor_status,846context_handle,847GSS_KRB5_GET_TKT_FLAGS_X,848&data_set);849if (major_status)850return major_status;851852if (data_set == GSS_C_NO_BUFFER_SET ||853data_set->count != 1 ||854data_set->elements[0].length < 4) {855gss_release_buffer_set(minor_status, &data_set);856*minor_status = EINVAL;857return GSS_S_FAILURE;858}859860{861const u_char *p = data_set->elements[0].value;862*tkt_flags = (p[0] << 0) | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);863}864865gss_release_buffer_set(minor_status, &data_set);866return GSS_S_COMPLETE;867}868869GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL870gsskrb5_set_time_offset(int offset)871{872struct _gss_mech_switch *m;873gss_buffer_desc buffer;874OM_uint32 junk;875int32_t o = offset;876877_gss_load_mech();878879buffer.value = &o;880buffer.length = sizeof(o);881882HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {883if (m->gm_mech.gm_set_sec_context_option == NULL)884continue;885m->gm_mech.gm_set_sec_context_option(&junk, NULL,886GSS_KRB5_SET_TIME_OFFSET_X, &buffer);887}888889return (GSS_S_COMPLETE);890}891892GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL893gsskrb5_get_time_offset(int *offset)894{895struct _gss_mech_switch *m;896gss_buffer_desc buffer;897OM_uint32 maj_stat, junk;898int32_t o;899900_gss_load_mech();901902buffer.value = &o;903buffer.length = sizeof(o);904905HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {906if (m->gm_mech.gm_set_sec_context_option == NULL)907continue;908maj_stat = m->gm_mech.gm_set_sec_context_option(&junk, NULL,909GSS_KRB5_GET_TIME_OFFSET_X, &buffer);910911if (maj_stat == GSS_S_COMPLETE) {912*offset = o;913return maj_stat;914}915}916917return (GSS_S_UNAVAILABLE);918}919920GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL921gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *c)922{923struct _gss_mech_switch *m;924gss_buffer_desc buffer;925OM_uint32 junk;926927_gss_load_mech();928929buffer.value = c;930buffer.length = sizeof(*c);931932HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) {933if (m->gm_mech.gm_set_sec_context_option == NULL)934continue;935m->gm_mech.gm_set_sec_context_option(&junk, NULL,936GSS_KRB5_PLUGIN_REGISTER_X, &buffer);937}938939return (GSS_S_COMPLETE);940}941942943