aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeffrey Stedfast <fejj@ximian.com>2003-03-21 03:37:38 +0800
committerJeffrey Stedfast <fejj@src.gnome.org>2003-03-21 03:37:38 +0800
commitcce3726fe9c2efb67dd9e63472a6360d058553b8 (patch)
tree5ed7690f3c591b89bbaa4e427507b1a9a5419c6b
parent618f8727980b598ef6bd2d6ea0239e7840f82a4c (diff)
downloadgsoc2013-evolution-cce3726fe9c2efb67dd9e63472a6360d058553b8.tar.gz
gsoc2013-evolution-cce3726fe9c2efb67dd9e63472a6360d058553b8.tar.zst
gsoc2013-evolution-cce3726fe9c2efb67dd9e63472a6360d058553b8.zip
Plug in GSSAPI support.
2003-03-20 Jeffrey Stedfast <fejj@ximian.com> * camel-sasl.c: Plug in GSSAPI support. * camel-sasl-gssapi.[c,h]: Various fixes to make it compile (fixed type-o's mostly). svn path=/trunk/; revision=20438
-rw-r--r--camel/ChangeLog7
-rw-r--r--camel/Makefile.am2
-rw-r--r--camel/camel-sasl-gssapi.c74
-rw-r--r--camel/camel-sasl-gssapi.h2
-rw-r--r--camel/camel-sasl.c12
5 files changed, 69 insertions, 28 deletions
diff --git a/camel/ChangeLog b/camel/ChangeLog
index 6eb8942efe..f2623643da 100644
--- a/camel/ChangeLog
+++ b/camel/ChangeLog
@@ -1,3 +1,10 @@
+2003-03-20 Jeffrey Stedfast <fejj@ximian.com>
+
+ * camel-sasl.c: Plug in GSSAPI support.
+
+ * camel-sasl-gssapi.[c,h]: Various fixes to make it compile (fixed
+ type-o's mostly).
+
2003-03-20 Dan Winship <danw@ximian.com>
Handle raw 8-bit From data "correctly". (The same way we handle
diff --git a/camel/Makefile.am b/camel/Makefile.am
index c78c9046f4..7055630273 100644
--- a/camel/Makefile.am
+++ b/camel/Makefile.am
@@ -85,6 +85,7 @@ libcamel_la_SOURCES = \
camel-sasl-anonymous.c \
camel-sasl-cram-md5.c \
camel-sasl-digest-md5.c \
+ camel-sasl-gssapi.c \
camel-sasl-kerberos4.c \
camel-sasl-login.c \
camel-sasl-ntlm.c \
@@ -186,6 +187,7 @@ libcamelinclude_HEADERS = \
camel-sasl-anonymous.h \
camel-sasl-cram-md5.h \
camel-sasl-digest-md5.h \
+ camel-sasl-gssapi.h \
camel-sasl-kerberos4.h \
camel-sasl-login.h \
camel-sasl-ntlm.h \
diff --git a/camel/camel-sasl-gssapi.c b/camel/camel-sasl-gssapi.c
index a32c24fbc7..d9a3f56f9f 100644
--- a/camel/camel-sasl-gssapi.c
+++ b/camel/camel-sasl-gssapi.c
@@ -28,11 +28,18 @@
#ifdef HAVE_KRB5
#include <string.h>
+#include <et/com_err.h>
#ifdef HAVE_MIT_KRB5
#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_generic.h>
#else /* HAVE_HEIMDAL_KRB5 */
#include <gssapi.h>
#endif
+#include <errno.h>
+
+#ifndef GSS_C_OID_KRBV5_DES
+#define GSS_C_OID_KRBV5_DES GSS_C_NO_OID
+#endif
#include "camel-sasl-gssapi.h"
@@ -46,8 +53,6 @@ CamelServiceAuthType camel_sasl_gssapi_authtype = {
FALSE
};
-static CamelSaslClass *parent_class = NULL;
-
enum {
GSSAPI_STATE_INIT,
GSSAPI_STATE_CONTINUE_NEEDED,
@@ -67,6 +72,13 @@ struct _CamelSaslGssapiPrivate {
gss_name_t target;
};
+
+static GByteArray *gssapi_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex);
+
+
+static CamelSaslClass *parent_class = NULL;
+
+
static void
camel_sasl_gssapi_class_init (CamelSaslGssapiClass *klass)
{
@@ -92,14 +104,16 @@ camel_sasl_gssapi_init (gpointer object, gpointer klass)
static void
camel_sasl_gssapi_finalize (CamelObject *object)
{
- CamelSaslGssapi *sasl = CAMEL_SASL_GSSAPI (object);
+ CamelSaslGssapi *gssapi = CAMEL_SASL_GSSAPI (object);
guint32 status;
- if (sasl->priv) {
- gss_delete_sec_context (&status, sasl->priv->ctx);
- gss_release_name (&status, sasl->priv->target);
- g_free (sasl->priv);
- }
+ if (gssapi->priv->ctx != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context (&status, gssapi->priv->ctx, GSS_C_NO_BUFFER);
+
+ if (gssapi->priv->target != GSS_C_NO_NAME)
+ gss_release_name (&status, gssapi->priv->target);
+
+ g_free (gssapi->priv);
}
@@ -131,37 +145,35 @@ gssapi_set_exception (OM_uint32 major, OM_uint32 minor, CamelException *ex)
switch (major) {
case GSS_S_BAD_MECH:
str = _("The specified mechanism is not supported by the "
- "provided credential, or is unrecognized by the "
- "implementation.");
+ "provided credential, or is unrecognized by the "
+ "implementation.");
break;
case GSS_S_BAD_NAME:
str = _("The provided target_name parameter was ill-formed.");
break;
case GSS_S_BAD_NAMETYPE:
str = _("The provided target_name parameter contained an "
- "invalid or unsupported type of name.");
+ "invalid or unsupported type of name.");
break;
case GSS_S_BAD_BINDINGS:
str = _("The input_token contains different channel "
- "bindings to those specified via the "
- "input_chan_bindings parameter.");
+ "bindings to those specified via the "
+ "input_chan_bindings parameter.");
break;
case GSS_S_BAD_SIG:
str = _("The input_token contains an invalid signature, or a "
- "signature that could not be verified.");
+ "signature that could not be verified.");
break;
case GSS_S_NO_CRED:
str = _("The supplied credentials were not valid for context "
- "initiation, or the credential handle did not "
- "reference any credentials.");
+ "initiation, or the credential handle did not "
+ "reference any credentials.");
break;
case GSS_S_NO_CONTEXT:
- str = _("Indicates that the supplied context handle did not "
- "refer to a valid context.");
+ str = _("The supplied context handle did not refer to a valid context.");
break;
case GSS_S_DEFECTIVE_TOKEN:
- str = _("Indicates that consistency checks performed on "
- "the input_token failed.");
+ str = _("The consistency checks performed on the input_token failed.");
break;
case GSS_S_DEFECTIVE_CREDENTIAL:
str = _("The consistency checks performed on the credential failed.");
@@ -170,8 +182,7 @@ gssapi_set_exception (OM_uint32 major, OM_uint32 minor, CamelException *ex)
str = _("The referenced credentials have expired.");
break;
case GSS_S_FAILURE:
- switch (minor) {
- }
+ str = error_message (minor);
break;
default:
str = _("Bad authentication response from server.");
@@ -196,10 +207,15 @@ gssapi_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
switch (priv->state) {
case GSSAPI_STATE_INIT:
- if (!(h = camel_service_gethost (sasl->service, ex)))
- goto lose;
+ if (!(h = camel_service_gethost (sasl->service, ex))) {
+ camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
+ _("Failed to resolve host `%s': %s"),
+ sasl->service->url->host, g_strerror (errno));
+ return NULL;
+ }
str = g_strdup_printf ("%s@%s", sasl->service_name, h->h_name);
+ printf ("FQDN: %s (%s)\n", h->h_name, str);
camel_free_host (h);
inbuf.value = str;
@@ -229,7 +245,7 @@ gssapi_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
challenge:
major = gss_init_sec_context (&minor, GSS_C_NO_CREDENTIAL, &priv->ctx, priv->target,
- GSS_C_OID_KRBV5_DES, GSS_C_DELEG_FLAG | GSS_C_MUTAUAL_FLAG |
+ GSS_C_OID_KRBV5_DES, GSS_C_MUTUAL_FLAG |
GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
0, GSS_C_NO_CHANNEL_BINDINGS,
input_token, &mech, &outbuf, &flags, &time);
@@ -243,11 +259,12 @@ gssapi_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
break;
default:
gssapi_set_exception (major, minor, ex);
+ printf ("gss_init_sec_context() exception\n");
gss_release_buffer (&minor, &outbuf);
return NULL;
}
- challenge = g_byte_array_new ()
+ challenge = g_byte_array_new ();
g_byte_array_append (challenge, outbuf.value, outbuf.length);
gss_release_buffer (&minor, &outbuf);
break;
@@ -264,6 +281,7 @@ gssapi_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
major = gss_unwrap (&minor, priv->ctx, &inbuf, &outbuf, &conf_state, &qop);
if (major != GSS_S_COMPLETE) {
gssapi_set_exception (major, minor, ex);
+ printf ("gss_unwrap() exception\n");
gss_release_buffer (&minor, &outbuf);
return NULL;
}
@@ -276,7 +294,7 @@ gssapi_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
}
/* check that our desired security layer is supported */
- if (((unsigned char *) outbuf->value)[0] & DESIRED_SECURITY_LAYER) {
+ if ((((unsigned char *) outbuf.value)[0] & DESIRED_SECURITY_LAYER) != DESIRED_SECURITY_LAYER) {
camel_exception_set (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
_("Unsupported security layer."));
gss_release_buffer (&minor, &outbuf);
@@ -293,6 +311,7 @@ gssapi_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
major = gss_wrap (&minor, priv->ctx, FALSE, qop, &inbuf, &conf_state, &outbuf);
if (major != 0) {
gssapi_set_exception (major, minor, ex);
+ printf ("gss_wrap() exception\n");
gss_release_buffer (&minor, &outbuf);
g_free (str);
return NULL;
@@ -307,6 +326,7 @@ gssapi_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex)
sasl->authenticated = TRUE;
break;
default:
+ printf ("unknown state exception\n");
return NULL;
}
diff --git a/camel/camel-sasl-gssapi.h b/camel/camel-sasl-gssapi.h
index 18d17aa978..b4a3fbc1a5 100644
--- a/camel/camel-sasl-gssapi.h
+++ b/camel/camel-sasl-gssapi.h
@@ -50,7 +50,7 @@ struct _CamelSaslGssapi {
struct _CamelSaslGssapiClass {
CamelSaslClass parent_class;
-}
+};
/* Standard Camel function */
CamelType camel_sasl_gssapi_get_type (void);
diff --git a/camel/camel-sasl.c b/camel/camel-sasl.c
index 6cc8a144e5..ec070215c9 100644
--- a/camel/camel-sasl.c
+++ b/camel/camel-sasl.c
@@ -31,6 +31,7 @@
#include "camel-sasl-cram-md5.h"
#include "camel-sasl-digest-md5.h"
+#include "camel-sasl-gssapi.h"
#include "camel-sasl-kerberos4.h"
#include "camel-sasl-login.h"
#include "camel-sasl-plain.h"
@@ -193,6 +194,10 @@ camel_sasl_new (const char *service_name, const char *mechanism, CamelService *s
sasl = (CamelSasl *)camel_object_new (CAMEL_SASL_CRAM_MD5_TYPE);
else if (!strcmp (mechanism, "DIGEST-MD5"))
sasl = (CamelSasl *)camel_object_new (CAMEL_SASL_DIGEST_MD5_TYPE);
+#ifdef HAVE_KRB5
+ else if (!strcmp (mechanism, "GSSAPI"))
+ sasl = (CamelSasl *)camel_object_new (CAMEL_SASL_GSSAPI_TYPE);
+#endif
#ifdef HAVE_KRB4
else if (!strcmp (mechanism, "KERBEROS_V4"))
sasl = (CamelSasl *)camel_object_new (CAMEL_SASL_KERBEROS4_TYPE);
@@ -230,6 +235,9 @@ camel_sasl_authtype_list (gboolean include_plain)
types = g_list_prepend (types, &camel_sasl_cram_md5_authtype);
types = g_list_prepend (types, &camel_sasl_digest_md5_authtype);
+#ifdef HAVE_KRB5
+ types = g_list_prepend (types, &camel_sasl_gssapi_authtype);
+#endif
#ifdef HAVE_KRB4
types = g_list_prepend (types, &camel_sasl_kerberos4_authtype);
#endif
@@ -254,6 +262,10 @@ camel_sasl_authtype (const char *mechanism)
return &camel_sasl_cram_md5_authtype;
else if (!strcmp (mechanism, "DIGEST-MD5"))
return &camel_sasl_digest_md5_authtype;
+#ifdef HAVE_KRB5
+ else if (!strcmp (mechanism, "GSSAPI"))
+ return &camel_sasl_gssapi_authtype;
+#endif
#ifdef HAVE_KRB4
else if (!strcmp (mechanism, "KERBEROS_V4"))
return &camel_sasl_kerberos4_authtype;