| blob | ea5fb03a704457633f078ae9c20e663e58a5b2ea |
1 // Copyright 2012 Nexenta Systems, Inc. All rights reserved.
2 // Copyright (C) 2002 Microsoft Corporation
3 // All rights reserved.
4 //
5 // THIS CODE AND INFORMATION IS PROVIDED "AS IS"
6 // WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
7 // OR IMPLIED, INCLUDING BUT NOT LIMITED
8 // TO THE IMPLIED WARRANTIES OF MERCHANTIBILITY
9 // AND/OR FITNESS FOR A PARTICULAR PURPOSE.
10 //
11 // Date - 10/08/2002
12 // Author - Sanj Surati
14 /////////////////////////////////////////////////////////////
15 //
16 // SPNEGOPARSE.C
17 //
18 // SPNEGO Token Handler Source File
19 //
20 // Contains implementation of SPNEGO Token parsing functions.
21 //
22 /////////////////////////////////////////////////////////////
24 #include <stdlib.h>
25 #include <stdio.h>
26 #include <memory.h>
31 //
32 // Defined in DERPARSE.C
33 //
37 /**********************************************************************/
38 /** **/
39 /** **/
40 /** **/
41 /** **/
42 /** Local SPNEGO Helper definitions **/
43 /** **/
44 /** **/
45 /** **/
46 /** **/
47 /**********************************************************************/
50 /////////////////////////////////////////////////////////////////////////////
51 //
52 // Function:
53 // CalculateMinSpnegoInitTokenSize
54 //
55 // Parameters:
56 // [in] nMechTokenLength - Length of the MechToken Element
57 // [in] nMechListMICLength - Length of the MechListMIC Element
58 // (or negHints, if no MechToken)
59 // [in] mechOID - OID for MechList
60 // [in] nReqFlagsAvailable - Is ContextFlags element available
61 // [out] pnTokenSize - Filled out with total size of token
62 // [out] pnInternalTokenLength - Filled out with length minus length
63 // for initial token.
64 //
65 // Returns:
66 // int Success - SPNEGO_E_SUCCESS
67 // Failure - SPNEGO API Error code
68 //
69 // Comments :
70 // Calculates the required length for a SPNEGO NegTokenInit token based
71 // on the supplied variable length values and which elements are present.
72 // Note that because the lengths can be represented by an arbitrary
73 // number of bytes in DER encodings, we actually calculate the lengths
74 // backwards, so we always know how many bytes we will potentially be
75 // writing out.
76 //
77 ////////////////////////////////////////////////////////////////////////////
83 {
86 // Start at 0.
90 // We will calculate this by walking the token backwards
92 // Start with MIC Element (or negHints)
94 {
97 // Check for rollover error
99 {
101 }
104 }
106 // Next is the MechToken
108 {
111 // Check for rollover error
113 {
115 }
118 }
120 // Next is the ReqFlags
122 {
125 // Check for rollover error
127 {
129 }
132 }
134 // Next is the MechList - This is REQUIRED
137 // Check for rollover error
139 {
141 }
145 // Following four fields are the basic header tokens
147 // Sequence Token
150 // Check for rollover error
152 {
154 }
158 // Neg Token Identifier Token
161 // Check for rollover error
163 {
165 }
169 // SPNEGO OID Token
172 // Check for rollover error
174 {
176 }
180 // App Constructed Token
183 // Check for rollover error
185 {
187 }
189 // The internal length doesn't include the number of bytes
190 // for the initial token
194 // We're done
198 xEndTokenInitLength:
202 }
204 /////////////////////////////////////////////////////////////////////////////
205 //
206 // Function:
207 // CreateSpnegoInitToken
208 //
209 // Parameters:
210 // [in] pMechTypeList - OID array
211 // [in] MechTypeCnt - OID array length
212 // [in] ucContextFlags - ContextFlags value
213 // [in] pbMechToken - Mech Token Binary Data
214 // [in] ulMechTokenLen - Length of Mech Token
215 // [in] pbMechListMIC - MechListMIC Binary Data (or negHints)
216 // [in] ulMechListMICn - Length of MechListMIC
217 // [out] pbTokenData - Buffer to write token into.
218 // [in] nTokenLength - Length of pbTokenData buffer
219 // [in] nInternalTokenLength - Length of full token without leading
220 // token bytes.
221 //
222 // Returns:
223 // int Success - SPNEGO_E_SUCCESS
224 // Failure - SPNEGO API Error code
225 //
226 // Comments :
227 // Uses DER to fill out pbTokenData with a SPNEGO NegTokenInit Token
228 // Note that because the lengths can be represented by an arbitrary
229 // number of bytes in DER encodings, we actually calculate the lengths
230 // backwards, so we always know how many bytes we will potentially be
231 // writing out.
232 //
233 // This function is also used to create an SPNEGO "hint", as described in
234 // [MS-SPNG] sec. 2.2.1 negTokenInit2. The "hint" looks almost identical
235 // to a NegTokenInit, but has a "negHints" field inserted before the MIC.
236 // A normal SPNEGO negTokenInit2 contains only the mech list and the
237 // negHints. To avoid a giant copy/paste of this function, we pass the
238 // negHints as the MIC arg, and pass NULL as the MechToken to indicate
239 // that we're creating a Hint rather than an Init, and use the correct
240 // type when writing out the MIC (or negHints) element.
241 //
242 ////////////////////////////////////////////////////////////////////////////
249 {
252 // Start at 0.
259 // Temporary buffer to hold the REQ Flags as BIT String Data
263 // We will write the token out backwards to properly handle the cases
264 // where the length bytes become adjustable
266 // Start with MIC Element (or negHints)
268 {
272 // Decrease the pbWriteTokenData, now we know the length and write it out.
273 // Note: When MechTokenLen == 0, we're writing a negTokenInit2 and the
274 // MIC arg is really negHints, written as a constructed sequence.
275 // Otherwise we're writing a negTokenInit, and the MIC is an OCTETSTRING.
283 // Adjust Values and sanity check
288 {
290 }
294 // Next is the MechToken
296 {
299 // Decrease the pbWriteTokenData, now we know the length and
300 // write it out.
304 // Adjust Values and sanity check
309 {
311 }
315 // Next is the ReqFlags
317 {
321 // We need a byte that indicates how many bits difference between the number
322 // of bits used in final octet (we only have one) and the max (8)
327 // Decrease the pbWriteTokenData, now we know the length and
328 // write it out.
333 // Adjust Values and sanity check
338 {
340 }
344 // Next is the MechList - This is REQUIRED
347 // Decrease the pbWriteTokenData, now we know the length and
348 // write it out.
352 // Adjust Values and sanity check
357 {
359 }
361 // The next tokens we're writing out reflect the total number of bytes
362 // we have actually written out.
364 // Sequence Token
367 // Decrease the pbWriteTokenData, now we know the length and
368 // write it out.
373 // Adjust Values and sanity check
378 {
380 }
382 // Neg Init Token Identifier Token
385 // Decrease the pbWriteTokenData, now we know the length and
386 // write it out.
391 // Adjust Values and sanity check
396 {
398 }
400 // SPNEGO OID Token
403 // Decrease the pbWriteTokenData, now we know the length and
404 // write it out.
408 // Adjust Values and sanity check
413 {
415 }
417 // App Constructed Token
420 // Decrease the pbWriteTokenData, now we know the length and
421 // write it out.
426 // Adjust Values and sanity check
429 // Don't adjust the internal token length here, it doesn't account
430 // the initial bytes written out (we really don't need to keep
431 // a running count here, but for debugging, it helps to be able
432 // to see the total number of bytes written out as well as the
433 // number of bytes left to write).
437 {
439 }
441 xEndWriteNegTokenInit:
445 }
447 /////////////////////////////////////////////////////////////////////////////
448 //
449 // Function:
450 // CalculateMinSpnegoTargTokenSize
451 //
452 // Parameters:
453 // [in] MechType - Supported MechType
454 // [in] spnegoNegResult - Neg Result
455 // [in] nMechTokenLength - Length of the MechToken Element
456 // [in] nMechListMICLength - Length of the MechListMIC Element
457 // [out] pnTokenSize - Filled out with total size of token
458 // [out] pnInternalTokenLength - Filled out with length minus length
459 // for initial token.
460 //
461 // Returns:
462 // int Success - SPNEGO_E_SUCCESS
463 // Failure - SPNEGO API Error code
464 //
465 // Comments :
466 // Calculates the required length for a SPNEGO NegTokenTarg token based
467 // on the supplied variable length values and which elements are present.
468 // Note that because the lengths can be represented by an arbitrary
469 // number of bytes in DER encodings, we actually calculate the lengths
470 // backwards, so we always know how many bytes we will potentially be
471 // writing out.
472 //
473 ////////////////////////////////////////////////////////////////////////////
479 {
482 // Start at 0.
486 // We will calculate this by walking the token backwards
488 // Start with MIC Element
490 {
493 // Check for rollover error
495 {
497 }
500 }
502 // Next is the MechToken
504 {
507 // Check for rollover error
509 {
511 }
514 }
516 // Supported MechType
518 {
519 // Supported MechOID element - we use the token function since
520 // we already know the size of the OID token and value
522 NULL );
524 // Check for rollover error
526 {
528 }
534 // NegResult Element
536 {
539 // Check for rollover error
541 {
543 }
549 // Following two fields are the basic header tokens
551 // Sequence Token
554 // Check for rollover error
556 {
558 }
562 // Neg Token Identifier Token
565 // Check for rollover error
567 {
569 }
571 // The internal length doesn't include the number of bytes
572 // for the initial token
576 // We're done
580 xEndTokenTargLength:
584 }
586 /////////////////////////////////////////////////////////////////////////////
587 //
588 // Function:
589 // CreateSpnegoTargToken
590 //
591 // Parameters:
592 // [in] MechType - Supported MechType
593 // [in] eNegResult - NegResult value
594 // [in] pbMechToken - Mech Token Binary Data
595 // [in] ulMechTokenLen - Length of Mech Token
596 // [in] pbMechListMIC - MechListMIC Binary Data
597 // [in] ulMechListMICn - Length of MechListMIC
598 // [out] pbTokenData - Buffer to write token into.
599 // [in] nTokenLength - Length of pbTokenData buffer
600 // [in] nInternalTokenLength - Length of full token without leading
601 // token bytes.
602 //
603 // Returns:
604 // int Success - SPNEGO_E_SUCCESS
605 // Failure - SPNEGO API Error code
606 //
607 // Comments :
608 // Uses DER to fill out pbTokenData with a SPNEGO NegTokenTarg Token
609 // Note that because the lengths can be represented by an arbitrary
610 // number of bytes in DER encodings, we actually calculate the lengths
611 // backwards, so we always know how many bytes we will potentially be
612 // writing out.
613 //
614 ////////////////////////////////////////////////////////////////////////////
621 {
624 // Start at 0.
631 // We will write the token out backwards to properly handle the cases
632 // where the length bytes become adjustable, so the write location
633 // is initialized to point *just* past the end of the buffer.
638 // Start with MIC Element
640 {
643 // Decrease the pbWriteTokenData, now we know the length and
644 // write it out.
650 // Adjust Values and sanity check
655 {
657 }
661 // Next is the MechToken
663 {
666 // Decrease the pbWriteTokenData, now we know the length and
667 // write it out.
671 // Adjust Values and sanity check
676 {
678 }
682 // Supported Mech Type
684 {
689 // Decrease the pbWriteTokenData, now we know the length and
690 // write it out.
696 // Adjust Values and sanity check
701 {
703 }
707 // Neg Result
708 // NegResult Element
710 {
715 // Decrease the pbWriteTokenData, now we know the length and
716 // write it out.
721 // Adjust Values and sanity check
726 {
728 }
732 // The next tokens we're writing out reflect the total number of bytes
733 // we have actually written out.
735 // Sequence Token
738 // Decrease the pbWriteTokenData, now we know the length and
739 // write it out.
744 // Adjust Values and sanity check
749 {
751 }
753 // Neg Targ Token Identifier Token
756 // Decrease the pbWriteTokenData, now we know the length and
757 // write it out.
762 // Adjust Values and sanity check
765 // Don't adjust the internal token length here, it doesn't account
766 // the initial bytes written out (we really don't need to keep
767 // a running count here, but for debugging, it helps to be able
768 // to see the total number of bytes written out as well as the
769 // number of bytes left to write).
773 {
775 }
778 xEndWriteNegTokenTarg:
783 }
786 /////////////////////////////////////////////////////////////////////////////
787 //
788 // Function:
789 // AllocEmptySpnegoToken
790 //
791 // Parameters:
792 // [in] ucCopyData - Flag to copy data or pointer.
793 // [in] ulFlags - Flags for SPNEGO_TOKEN data member.
794 // [in] pbTokenData - Binary token data.
795 // [in] ulTokenSize - Size of pbTokenData.
796 //
797 // Returns:
798 // SPNEGO_TOKEN* Success - Pointer to initialized SPNEGO_TOKEN struct
799 // Failure - NULL
800 //
801 // Comments :
802 // Allocates a SPNEGO_TOKEN data structure and initializes it. Based on
803 // the value of ucCopyData, if non-zero, we copy the data into a buffer
804 // we allocate in this function, otherwise, we copy the data pointer
805 // direcly.
806 //
807 ////////////////////////////////////////////////////////////////////////////
811 {
815 {
816 // Set the token size
819 // Initialize the element array
822 // Assign the flags value
825 //
826 // IF ucCopyData is TRUE, we will allocate a buffer and copy data into it.
827 // Otherwise, we will just copy the pointer and the length. This is so we
828 // can cut out additional allocations for performance reasons
829 //
832 {
833 // Alloc the internal buffer. Cleanup on failure.
837 {
838 // We must ALWAYS free this buffer
841 // Copy the data locally
844 }
845 else
846 {
849 }
852 else
853 {
854 // Copy the pointer and the length directly - ulFlags will control whether or not
855 // we are allowed to free the value
859 }
861 }
864 }
866 /////////////////////////////////////////////////////////////////////////////
867 //
868 // Function:
869 // FreeSpnegoToken
870 //
871 // Parameters:
872 // [in] pSpnegoToken - Points to SPNEGO_TOKEN to free.
873 //
874 // Returns:
875 // void
876 //
877 // Comments :
878 // If non-NULL, interprets pSpnegoToken, freeing any internal allocations
879 // and finally the actual structure.
880 //
881 ////////////////////////////////////////////////////////////////////////////
884 {
886 {
888 // Cleanup internal allocation per the flags
891 {
894 }
897 }
898 }
900 /////////////////////////////////////////////////////////////////////////////
901 //
902 // Function:
903 // InitSpnegoTokenElementArray
904 //
905 // Parameters:
906 // [in] pSpnegoToken - Points to SPNEGO_TOKEN structure.
907 //
908 // Returns:
909 // void
910 //
911 // Comments :
912 // Initializes the element array data member of a SPNEGO_TOKEN data
913 // structure.
914 //
915 ////////////////////////////////////////////////////////////////////////////
918 {
921 // Set the number of elemnts
924 //
925 // Initially, all elements are unavailable
926 //
929 {
930 // Set the element size as well
933 }
935 }
937 /////////////////////////////////////////////////////////////////////////////
938 //
939 // Function:
940 // InitSpnegoTokenType
941 //
942 // Parameters:
943 // [in] pSpnegoToken - Points to SPNEGO_TOKEN structure.
944 // [out] pnTokenLength - Filled out with total token length
945 // [out] pnRemainingTokenLength - Filled out with remaining length
946 // after header is parsed
947 // [out] ppbFirstElement - Filled out with pointer to first
948 // element after header info.
949 //
950 // Returns:
951 // int Success - SPNEGO_E_SUCCESS
952 // Failure - SPNEGO API Error code
953 //
954 // Comments :
955 // Walks the underlying binary data for a SPNEGO_TOKEN data structure
956 // and determines the type of the underlying token based on token header
957 // information.
958 //
959 ////////////////////////////////////////////////////////////////////////////
963 {
969 //
970 // First byte MUST be either an APP_CONSTRUCT or the NEGTARG_TOKEN_TARG
971 //
974 {
975 // Validate the above token - this will tell us the actual length of the token
976 // per the encoding (minus the actual token bytes)
977 if ( ( nReturn = ASNDerCheckToken( pbTokenData, SPNEGO_NEGINIT_APP_CONSTRUCT, 0L, nBoundaryLength,
980 {
981 // Initialize the remaining token length value. This will be used
982 // to tell the caller how much token there is left once we've parsed
983 // the header (they could calculate it from the other values, but this
984 // is a bit friendlier)
987 // Make adjustments to next token
991 // The next token should be an OID
994 {
995 // Make adjustments to next token
1000 // The next token should specify the NegTokenInit
1005 {
1006 // Make adjustments to next token
1011 // The next token should specify the start of a sequence
1016 {
1017 // NegTokenInit header is now checked out!
1019 // Make adjustments to next token
1022 // Store pointer to first element
1035 }
1037 {
1039 // The next token should specify the NegTokenInit
1044 {
1045 // Initialize the remaining token length value. This will be used
1046 // to tell the caller how much token there is left once we've parsed
1047 // the header (they could calculate it from the other values, but this
1048 // is a bit friendlier)
1051 // Make adjustments to next token
1055 // The next token should specify the start of a sequence
1060 {
1061 // NegTokenInit header is now checked out!
1063 // Make adjustments to next token
1066 // Store pointer to first element
1076 }
1079 /////////////////////////////////////////////////////////////////////////////
1080 //
1081 // Function:
1082 // GetSpnegoInitTokenMechList
1083 //
1084 // Parameters:
1085 // [in] pbTokenData - Points to binary MechList element
1086 // in NegTokenInit.
1087 // [in] nMechListLength - Length of the MechList
1088 // [out] pSpnegoElement - Filled out with MechList Element
1089 // data.
1090 //
1091 // Returns:
1092 // int Success - SPNEGO_E_SUCCESS
1093 // Failure - SPNEGO API Error code
1094 //
1095 // Comments :
1096 // Checks that pbTokenData is pointing at something that at least
1097 // *looks* like a MechList and then fills out the supplied
1098 // SPNEGO_ELEMENT structure.
1099 //
1100 ////////////////////////////////////////////////////////////////////////////
1104 {
1109 // Actual MechList is prepended by a Constructed Sequence Token
1114 {
1115 // Adjust for this token
1119 // Perform simple validation of the actual MechList (i.e. ensure that
1120 // the OIDs in the MechList are reasonable).
1123 {
1124 // Initialize the element now
1130 }
1135 }
1137 /////////////////////////////////////////////////////////////////////////////
1138 //
1139 // Function:
1140 // InitSpnegoTokenElementFromBasicType
1141 //
1142 // Parameters:
1143 // [in] pbTokenData - Points to binary element data in
1144 // a SPNEGO token.
1145 // [in] nElementLength - Length of the element
1146 // [in] ucExpectedType - Expected DER type.
1147 // [in] spnegoElementType - Which element is this?
1148 // [out] pSpnegoElement - Filled out with element data.
1149 //
1150 // Returns:
1151 // int Success - SPNEGO_E_SUCCESS
1152 // Failure - SPNEGO API Error code
1153 //
1154 // Comments :
1155 // Checks that pbTokenData is pointing at the specified DER type. If so,
1156 // then we verify that lengths are proper and then fill out the
1157 // SPNEGO_ELEMENT data structure.
1158 //
1159 ////////////////////////////////////////////////////////////////////////////
1163 SPNEGO_ELEMENT_TYPE spnegoElementType,
1165 {
1170 // The type BYTE must match our token data or something is badly wrong
1172 {
1174 // Check that we are pointing at the specified type
1179 {
1180 // Adjust for this token
1184 // Initialize the element now
1190 }
1195 }
1198 /////////////////////////////////////////////////////////////////////////////
1199 //
1200 // Function:
1201 // InitSpnegoTokenElementFromOID
1202 //
1203 // Parameters:
1204 // [in] pbTokenData - Points to binary element data in
1205 // a SPNEGO token.
1206 // [in] nElementLength - Length of the element
1207 // [in] spnegoElementType - Which element is this?
1208 // [out] pSpnegoElement - Filled out with element data.
1209 //
1210 // Returns:
1211 // int Success - SPNEGO_E_SUCCESS
1212 // Failure - SPNEGO API Error code
1213 //
1214 // Comments :
1215 // Initializes a SpnegoElement from an OID - normally, this would have
1216 // used the Basic Type function above, but since we do binary compares
1217 // on the OIDs against the DER information as well as the OID, we need
1218 // to account for that.
1219 //
1220 ////////////////////////////////////////////////////////////////////////////
1223 SPNEGO_ELEMENT_TYPE spnegoElementType,
1225 {
1230 // The type BYTE must match our token data or something is badly wrong
1232 {
1234 // Check that we are pointing at an OID type
1239 {
1240 // Don't adjust any values for this function
1242 // Initialize the element now
1248 }
1253 }
1256 /////////////////////////////////////////////////////////////////////////////
1257 //
1258 // Function:
1259 // InitSpnegoTokenElements
1260 //
1261 // Parameters:
1262 // [in] pSpnegoToken - Points to SPNEGO_TOKEN struct
1263 // [in] pbTokenData - Points to initial binary element
1264 // data in a SPNEGO token.
1265 // [in] nRemainingTokenLength - Length remaining past header
1266 //
1267 // Returns:
1268 // int Success - SPNEGO_E_SUCCESS
1269 // Failure - SPNEGO API Error code
1270 //
1271 // Comments :
1272 // Interprets the data at pbTokenData based on the TokenType in
1273 // pSpnegoToken. Since some elements are optional (technically all are
1274 // but the token becomes quite useless if this is so), we check if
1275 // an element exists before filling out the element in the array.
1276 //
1277 ////////////////////////////////////////////////////////////////////////////
1281 {
1282 //
1283 // The following arrays contain the token identifiers for the elements
1284 // comprising the actual token. All values are optional, and there are
1285 // no defaults.
1286 //
1302 // Point to the correct array
1304 {
1306 {
1308 }
1312 {
1314 }
1319 //
1320 // Enumerate the element arrays and look for the tokens at our current location
1321 //
1327 nCtr++ )
1328 {
1330 // Check if the token exists
1335 {
1337 // Token data should skip over the sequence token and then
1338 // call the appropriate function to initialize the element
1341 // Lengths in the elements should NOT go beyond the element
1342 // length
1344 // Different tokens mean different elements
1346 {
1348 // Handle each element as appropriate
1350 {
1353 {
1354 //
1355 // This is a Mech List that specifies which OIDs the
1356 // originator of the Init Token supports.
1357 //
1362 }
1366 {
1367 //
1368 // This is a BITSTRING which specifies the flags that the receiver
1369 // pass to the gss_accept_sec_context() function.
1370 //
1375 }
1379 {
1380 //
1381 // This is an OCTETSTRING which contains a GSSAPI token corresponding
1382 // to the first OID in the MechList.
1383 //
1388 }
1392 {
1393 //
1394 // Don't yet know if this is a negTokenInit, or negTokenInit2.
1395 // Unfortunately, both have the same type: SPNEGO_TOKEN_INIT
1396 // If it's negTokenInit, this element should be an OCTETSTRING
1397 // containing the MIC. If it's a negTokenInit2, this element
1398 // should be an SPNEGO_CONSTRUCTED_SEQUENCE containing the
1399 // negHints (GENERALSTR, ignored)
1400 //
1407 // This is really a negHints element. Check the type and length,
1408 // but otherwise just ignore it.
1413 }
1414 }
1418 }
1419 else
1420 {
1421 /* pSpnegoToken->ucTokenType == SPNEGO_TOKEN_TARG */
1424 {
1427 {
1428 //
1429 // This is an ENUMERATION which specifies result of the last GSS
1430 // token negotiation call.
1431 //
1436 }
1440 {
1441 //
1442 // This is an OID which specifies a supported mechanism.
1443 //
1446 spnego_targ_mechListMIC,
1448 }
1452 {
1453 //
1454 // This is an OCTETSTRING which specifies results of the last GSS
1455 // token negotiation call.
1456 //
1461 }
1465 {
1466 //
1467 // This is an OCTETSTRING, typically 16 bytes,
1468 // which contains a message integrity BLOB.
1469 //
1474 }
1481 // Account for the entire token and following data
1484 // Token data should skip past the element length now
1489 {
1490 // For now, this is a benign error (remember, all elements are optional, so
1491 // if we don't find one, it's okay).
1494 }
1498 //
1499 // We should always run down to 0 remaining bytes in the token. If not, we've got
1500 // a bad token.
1501 //
1504 {
1506 }
1509 }
1512 /////////////////////////////////////////////////////////////////////////////
1513 //
1514 // Function:
1515 // FindMechOIDInMechList
1516 //
1517 // Parameters:
1518 // [in] pSpnegoElement - SPNEGO_ELEMENT for MechList
1519 // [in] MechOID - OID we're looking for.
1520 // [out] piMechTypeIndex - Index in the list where OID was
1521 // found
1522 //
1523 // Returns:
1524 // int Success - SPNEGO_E_SUCCESS
1525 // Failure - SPNEGO API Error code
1526 //
1527 // Comments :
1528 // Walks the MechList for MechOID. When it is found, the index in the
1529 // list is written to piMechTypeIndex.
1530 //
1531 ////////////////////////////////////////////////////////////////////////////
1535 {
1543 {
1545 // Use the helper function to check the OID
1548 {
1550 }
1552 // Adjust for the current OID
1555 nCtr++;
1561 }
1564 /////////////////////////////////////////////////////////////////////////////
1565 //
1566 // Function:
1567 // ValidateMechList
1568 //
1569 // Parameters:
1570 // [in] pbMechListData - Pointer to binary MechList data
1571 // [in] nBoundaryLength - Length we must not exceed
1572 //
1573 // Returns:
1574 // int Success - SPNEGO_E_SUCCESS
1575 // Failure - SPNEGO API Error code
1576 //
1577 // Comments :
1578 // Checks the data at pbMechListData to see if it looks like a MechList.
1579 // As part of this, we walk the list and ensure that none of the OIDs
1580 // have a length that takes us outside of nBoundaryLength.
1581 //
1582 ////////////////////////////////////////////////////////////////////////////
1585 {
1591 {
1592 // Verify that we have something that at least *looks* like an OID - in other
1593 // words it has an OID identifier and specifies a length that doesn't go beyond
1594 // the size of the list.
1598 // Adjust for the current OID
1606 }
1608 /////////////////////////////////////////////////////////////////////////////
1609 //
1610 // Function:
1611 // IsValidMechOid
1612 //
1613 // Parameters:
1614 // [in] mechOid - mechOID id enumeration
1615 //
1616 // Returns:
1617 // int Success - 1
1618 // Failure - 0
1619 //
1620 // Comments :
1621 // Checks for a valid mechOid value.
1622 //
1623 ////////////////////////////////////////////////////////////////////////////
1626 {
1629 }
1631 /////////////////////////////////////////////////////////////////////////////
1632 //
1633 // Function:
1634 // IsValidContextFlags
1635 //
1636 // Parameters:
1637 // [in] ucContextFlags - ContextFlags value
1638 //
1639 // Returns:
1640 // int Success - 1
1641 // Failure - 0
1642 //
1643 // Comments :
1644 // Checks for a valid ContextFlags value.
1645 //
1646 ////////////////////////////////////////////////////////////////////////////
1649 {
1650 // Mask out our valid bits. If there is anything leftover, this
1651 // is not a valid value for Context Flags
1653 }
1655 /////////////////////////////////////////////////////////////////////////////
1656 //
1657 // Function:
1658 // IsValidNegResult
1659 //
1660 // Parameters:
1661 // [in] negResult - NegResult value
1662 //
1663 // Returns:
1664 // int Success - 1
1665 // Failure - 0
1666 //
1667 // Comments :
1668 // Checks for a valid NegResult value.
1669 //
1670 ////////////////////////////////////////////////////////////////////////////
1673 {
1676 }
1678 /////////////////////////////////////////////////////////////////////////////
1679 //
1680 // Function:
1681 // IsValidSpnegoToken
1682 //
1683 // Parameters:
1684 // [in] pSpnegoToken - Points to SPNEGO_TOKEN data structure
1685 //
1686 // Returns:
1687 // int Success - 1
1688 // Failure - 0
1689 //
1690 // Comments :
1691 // Performs simple heuristic on location pointed to by pSpnegoToken.
1692 //
1693 ////////////////////////////////////////////////////////////////////////////
1696 {
1699 // Parameter should be non-NULL
1701 {
1702 // Length should be at least the size defined in the header
1704 {
1705 // Number of elements should be >= our maximum - if it's greater, that's
1706 // okay, since we'll only be accessing the elements up to MAX_NUM_TOKEN_ELEMENTS
1708 {
1709 // Check for proper token type
1712 {
1714 }
1715 }
1722 }
1724 /////////////////////////////////////////////////////////////////////////////
1725 //
1726 // Function:
1727 // IsValidSpnegoElement
1728 //
1729 // Parameters:
1730 // [in] pSpnegoToken - Points to SPNEGO_TOKEN data structure
1731 // [in] spnegoElement - spnegoElement Type from enumeration
1732 //
1733 // Returns:
1734 // int Success - 1
1735 // Failure - 0
1736 //
1737 // Comments :
1738 // Checks that spnegoElement has a valid value and is appropriate for
1739 // the SPNEGO token encapsulated by pSpnegoToken.
1740 //
1741 ////////////////////////////////////////////////////////////////////////////
1744 {
1747 // Check boundaries
1750 {
1752 // Check for appropriateness to token type
1754 {
1757 }
1758 else
1759 {
1762 }
1767 }
1769 /////////////////////////////////////////////////////////////////////////////
1770 //
1771 // Function:
1772 // CalculateElementArrayIndex
1773 //
1774 // Parameters:
1775 // [in] pSpnegoToken - Points to SPNEGO_TOKEN data structure
1776 // [in] spnegoElement - spnegoElement Type from enumeration
1777 //
1778 // Returns:
1779 // int index in the SPNEGO_TOKEN element array that the element can
1780 // can be found
1781 //
1782 // Comments :
1783 // Based on the Token Type, calculates the index in the element array
1784 // at which the specified element can be found.
1785 //
1786 ////////////////////////////////////////////////////////////////////////////
1789 {
1792 // Offset is difference between value and initial element identifier
1793 // (these differ based on ucTokenType)
1796 {
1798 }
1799 else
1800 {
1802 }
1805 }
1807 /////////////////////////////////////////////////////////////////////////////
1808 //
1809 // Function:
1810 // InitTokenFromBinary
1811 //
1812 // Parameters:
1813 // [in] ucCopyData - Flag indicating if data should be copied
1814 // [in] ulFlags - Flags value for structure
1815 // [in] pnTokenData - Binary Token Data
1816 // [in] ulLength - Length of the data
1817 // [out] ppSpnegoToken - Pointer to call allocated SPNEGO Token
1818 // data structure
1819 //
1820 // Returns:
1821 // int Success - SPNEGO_E_SUCCESS
1822 // Failure - SPNEGO API Error code
1823 //
1824 // Comments :
1825 // Allocates a SPNEGO_TOKEN data structure and fills it out as
1826 // appropriate based in the flags passed into the function.
1827 //
1828 ////////////////////////////////////////////////////////////////////////////
1831 // Initializes SPNEGO_TOKEN structure from DER encoded binary data
1835 {
1842 // Basic Parameter Validation
1847 {
1849 //
1850 // Allocate the empty token, then initialize the data structure.
1851 //
1856 {
1858 // Copy the binary data locally
1861 // Initialize the token type
1865 {
1867 // Initialize the element array
1869 nRemainingTokenLength ) )
1871 {
1873 }
1877 // Cleanup on error condition
1879 {
1881 }
1883 }
1884 else
1885 {
1887 }
1893 }