#include <errno.h>
#include <stdlib.h>
#include <string.h>
+#include <time.h>
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-
+#include "gssapi_ntlmssp.h"
#include "gss_ntlmssp.h"
-/* 1.3.6.1.4.1.311.2.2.10 */
const gss_OID_desc gssntlm_oid = {
- .length = 10,
- .elements = "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+ .length = GSS_NTLMSSP_OID_LENGTH,
+ .elements = GSS_NTLMSSP_OID_STRING
};
uint8_t gssntlm_required_security(int security_level,
return resp;
}
-int gssntlm_copy_creds(struct gssntlm_cred *in, struct gssntlm_cred *out)
+uint32_t gssntlm_context_is_valid(struct gssntlm_ctx *ctx, time_t *time_now)
{
- char *dom = NULL, *usr = NULL;
- int ret = 0;
-
- out->type = GSSNTLM_CRED_NONE;
-
- switch (in->type) {
- case GSSNTLM_CRED_NONE:
- break;
- case GSSNTLM_CRED_ANON:
- out->cred.anon.dummy = 1;
- break;
- case GSSNTLM_CRED_USER:
- dom = strdup(in->cred.user.user.data.user.domain);
- if (!dom) {
- ret = ENOMEM;
- goto done;
- }
- usr = strdup(in->cred.user.user.data.user.name);
- if (!usr) {
- ret = ENOMEM;
- goto done;
- }
- out->cred.user.user.data.user.domain = dom;
- out->cred.user.user.data.user.name = usr;
- break;
- case GSSNTLM_CRED_SERVER:
- out->cred.server.dummy = 1;
- break;
- }
-
- out->type = in->type;
+ time_t now;
-done:
- if (ret) {
- safefree(dom);
- safefree(usr);
- }
- return ret;
-}
+ if (!ctx) return GSS_S_NO_CONTEXT;
+ if (!ctx->established) return GSS_S_NO_CONTEXT;
-void gssntlm_int_release_cred(struct gssntlm_cred *cred)
-{
- switch (cred->type) {
- case GSSNTLM_CRED_NONE:
- break;
- case GSSNTLM_CRED_ANON:
- cred->cred.anon.dummy = 0;
- break;
- case GSSNTLM_CRED_USER:
- safefree(cred->cred.user.user.data.user.domain);
- safefree(cred->cred.user.user.data.user.name);
- safezero(cred->cred.user.nt_hash.data, 16);
- cred->cred.user.nt_hash.length = 0;
- safezero(cred->cred.user.lm_hash.data, 16);
- cred->cred.user.lm_hash.length = 0;
- break;
- case GSSNTLM_CRED_SERVER:
- cred->cred.server.dummy = 0;
- break;
- }
-}
+ now = time(NULL);
+ if (now > ctx->expiration_time) return GSS_S_CONTEXT_EXPIRED;
-uint32_t gssntlm_acquire_cred(uint32_t *minor_status,
- gss_name_t desired_name,
- uint32_t time_req,
- gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t *output_cred_handle,
- gss_OID_set *actual_mechs,
- uint32_t *time_rec)
-{
- /* FIXME: Fecth creds from somewhere */
- *minor_status = 0;
- return GSS_S_CRED_UNAVAIL;
+ if (time_now) *time_now = now;
+ return GSS_S_COMPLETE;
}
-uint32_t gssntlm_release_cred(uint32_t *minor_status,
- gss_cred_id_t *cred_handle)
+int gssntlm_get_lm_compatibility_level(void)
{
- *minor_status = 0;
-
- if (!cred_handle) return GSS_S_COMPLETE;
+ const char *envvar;
- gssntlm_int_release_cred((struct gssntlm_cred *)*cred_handle);
- safefree(*cred_handle);
+ envvar = getenv("LM_COMPAT_LEVEL");
+ if (envvar != NULL) {
+ return atoi(envvar);
+ }
- return GSS_S_COMPLETE;
+ /* use the most secure setting by default */
+ return SEC_LEVEL_MAX;
}
-