29    OM_uint32 minor_stat = 0;
 
   30    OM_uint32 msg_ctx = 0;
 
   31    OM_uint32 major_stat = gss_display_status(&minor_stat, major,
 
   32                                              GSS_C_GSS_CODE, GSS_C_NULL_OID,
 
   33                                              &msg_ctx, msg_major.
getPtr());
 
   34    if (major_stat != GSS_S_COMPLETE) {
 
   39        cerr << 
"gss_display_status(major=" << major << 
") failed with " 
   40             << major_stat << endl;
 
   42    msg << 
"GSSAPI error: Major = '";
 
   43    if (!msg_major.
empty()) {
 
   44        msg << static_cast<char*>(msg_major.
getValue());
 
   49        minor_stat = msg_ctx = 0;
 
   50        major_stat = gss_display_status(&minor_stat, minor,
 
   51                                        GSS_C_MECH_CODE, GSS_C_NULL_OID,
 
   52                                        &msg_ctx, msg_minor.
getPtr());
 
   53        if (major_stat != GSS_S_COMPLETE) {
 
   58            cerr << 
"gss_display_status(minor=" << minor << 
") failed with " 
   59                 << major_stat << endl;
 
   61        msg << 
"' (" << major << 
"), Minor = '";
 
   62        if (!msg_minor.
empty()) {
 
   63            msg << static_cast<char*>(msg_minor.
getValue());
 
   65        msg << 
"' (" << minor << 
").";
 
   67        msg << 
"' (" << major << 
").";
 
 
   73    memset(&buffer_, 0, 
sizeof(gss_buffer_desc));
 
 
   77    memset(&buffer_, 0, 
sizeof(gss_buffer_desc));
 
   78    if (length > numeric_limits<uint32_t>::max()) {
 
   82    buffer_.length = length;
 
   83    if (buffer_.length > 0) {
 
   86        buffer_.value = malloc(buffer_.length);
 
   90                      << 
"'Cannot allocate memory'");
 
   92        memmove(buffer_.value, value, buffer_.length);
 
 
   97    memset(&buffer_, 0, 
sizeof(gss_buffer_desc));
 
   98    if (content.size() > numeric_limits<uint32_t>::max()) {
 
  100                  content.size() << 
" is too large");
 
  102    buffer_.length = content.size();
 
  103    if (buffer_.length > 0) {
 
  106        buffer_.value = malloc(buffer_.length);
 
  107        if (!buffer_.value) {
 
  110                      << 
"'Cannot allocate memory'");
 
  112        memmove(buffer_.value, &content[0], buffer_.length);
 
 
  117    memset(&buffer_, 0, 
sizeof(gss_buffer_desc));
 
  118    if (content.empty()) {
 
  121    if (content.size() >= numeric_limits<uint32_t>::max()) {
 
  123                  << content.size() << 
" is too large");
 
  127    buffer_.length = content.size();
 
  128    buffer_.value = malloc(buffer_.length + 1);
 
  129    if (!buffer_.value) {
 
  132                  << 
"'Cannot allocate memory'");
 
  134    memset(buffer_.value, 0, buffer_.length + 1);
 
  135    memmove(buffer_.value, content.c_str(), buffer_.length);
 
 
  142        OM_uint32 major = gss_release_buffer(&minor, &buffer_);
 
  143        if (major != GSS_S_COMPLETE) {
 
  144            cerr << 
"gss_release_buffer failed with " << major << endl;
 
 
  151    vector<uint8_t> content;
 
  152    content.resize(buffer_.length);
 
  153    if (buffer_.length > 0) {
 
  154        memmove(&content[0], buffer_.value, buffer_.length);
 
  156    return (vector<uint8_t>(content));
 
 
  161    if (buffer_.length == 0) {
 
  164        return (
string(
static_cast<char*
>(buffer_.value)));
 
  166        return (
string(
static_cast<char*
>(buffer_.value), buffer_.length));
 
 
  175    if (gname.size() >= numeric_limits<uint32_t>::max()) {
 
  176        isc_throw(OutOfRange, 
"GssApiName constructor: string size " 
  177                  << gname.size() << 
" is too large");
 
  181    OM_uint32 major = gss_import_name(&minor, buf.getPtr(),
 
  182                                      GSS_C_NO_OID, &name_);
 
  183    if (major != GSS_S_COMPLETE) {
 
 
  192        OM_uint32 major = gss_release_name(&minor, &name_);
 
  193        if (major != GSS_S_COMPLETE) {
 
  194            cerr << 
"gss_release_name failed with " << major << endl;
 
 
  203    OM_uint32 major = gss_compare_name(&minor, name_, other.name_, &ret);
 
  204    if (major != GSS_S_COMPLETE) {
 
 
  216    OM_uint32 major = gss_display_name(&minor, name_, buf.
getPtr(), 0);
 
  217    if (major != GSS_S_COMPLETE) {
 
 
  231    cred_ = GSS_C_NO_CREDENTIAL;
 
  235    OM_uint32 major = gss_acquire_cred(&minor, gname.
get(), GSS_C_INDEFINITE,
 
  236                                       mech_oid_set.
get(), cred_usage,
 
  237                                       &cred_, 0, &lifetime);
 
  238    if (major != GSS_S_COMPLETE) {
 
 
  247        OM_uint32 major = gss_release_cred(&minor, &cred_);
 
  248        if (major != GSS_S_COMPLETE) {
 
  249            cerr << 
"gss_release_cred failed with " << major << endl;
 
 
  256                    OM_uint32& lifetime) {
 
  260    OM_uint32 major = gss_inquire_cred(&minor, cred_, 
name.getPtr(),
 
  261                                       &lifetime, &cred_usage, 0);
 
  262    if (major != GSS_S_COMPLETE) {
 
 
  277    OM_uint32 major = gss_import_sec_context(&minor, buf.
getPtr(), &sec_ctx_);
 
  278    if (major != GSS_S_COMPLETE) {
 
 
  287        OM_uint32 major = gss_delete_sec_context(&minor, &sec_ctx_, 0);
 
  288        if (major != GSS_S_COMPLETE) {
 
  289            cerr << 
"gss_delete_sec_context failed with " << major << endl;
 
 
  298    OM_uint32 major = gss_export_sec_context(&minor, &sec_ctx_, buf.
getPtr());
 
  299    if (major != GSS_S_COMPLETE) {
 
 
  309    OM_uint32 lifetime = 0;
 
  311    OM_uint32 major = gss_context_time(&minor, sec_ctx_, &lifetime);
 
  312    if (major != GSS_S_COMPLETE) {
 
 
  322                      OM_uint32& lifetime, OM_uint32& flags,
 
  323                      bool& local, 
bool& established) {
 
  324    lifetime = flags = 0;
 
  325    local = established = 
false;
 
  326    int locally_initiated = 0;
 
  329    OM_uint32 major = gss_inquire_context(&minor, sec_ctx_,
 
  331                                          &lifetime, 0, &flags,
 
  332                                          &locally_initiated, &open);
 
  333    if (major != GSS_S_COMPLETE) {
 
  338    local = (locally_initiated != 0);
 
  339    established = (open != 0);
 
 
  345    OM_uint32 major = gss_get_mic(&minor, sec_ctx_, GSS_C_QOP_DEFAULT,
 
  347    if (major != GSS_S_COMPLETE) {
 
 
  357    OM_uint32 major = gss_verify_mic(&minor, sec_ctx_, gmessage.
getPtr(),
 
  359    if (major != GSS_S_COMPLETE) {
 
 
  369                   OM_uint32& lifetime) {
 
  370    gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
 
  375    OM_uint32 ret_flags = 0;
 
  377    OM_uint32 major = gss_init_sec_context(&minor, cred,
 
  378                                           &sec_ctx_, target.
get(),
 
  380                                           flags, GSS_C_INDEFINITE,
 
  381                                           GSS_C_NO_CHANNEL_BINDINGS,
 
  383                                           outtoken.
getPtr(), &ret_flags,
 
  387        if ((flags & GSS_C_REPLAY_FLAG) &&
 
  388            ((ret_flags & GSS_C_REPLAY_FLAG) == 0)) {
 
  390                      "requested anti-replay");
 
  392        if ((flags & GSS_C_SEQUENCE_FLAG) &&
 
  393            ((ret_flags & GSS_C_SEQUENCE_FLAG) == 0)) {
 
  395                      "requested sequence");
 
  397        if ((flags & GSS_C_MUTUAL_FLAG) &&
 
  398            ((ret_flags & GSS_C_MUTUAL_FLAG) == 0)) {
 
  400                      "requested mutual authentication");
 
  403    case GSS_S_CONTINUE_NEEDED:
 
 
  416    OM_uint32 major = gss_accept_sec_context(&minor, &sec_ctx_, cred.
get(),
 
  418                                             GSS_C_NO_CHANNEL_BINDINGS,
 
  420                                             outtoken.
getPtr(), 0, 0, 0);
 
  424    case GSS_S_CONTINUE_NEEDED:
 
 
  436    oid_ = 
static_cast<gss_OID
>(malloc(
sizeof(gss_OID_desc)));
 
  439                  << 
"'Cannot allocate memory' (desc)");
 
  441    memset(oid_, 0, 
sizeof(gss_OID_desc));
 
 
  445    if (elements.size() > 1024) {
 
  446        isc_throw(OutOfRange, 
"Too large argument to GssApiOid (" 
  447                  << elements.size() << 
" > 1024)");
 
  451    oid_ = 
static_cast<gss_OID
>(malloc(
sizeof(gss_OID_desc)));
 
  454                  << 
"'Cannot allocate memory' (desc)");
 
  456    memset(oid_, 0, 
sizeof(gss_OID_desc));
 
  457    oid_->length = elements.size();
 
  458    if (oid_->length > 0) {
 
  461        oid_->elements = malloc(oid_->length);
 
  462        if (!oid_->elements) {
 
  465                      << 
"'Cannot allocate memory' (elements)");
 
  467        memmove(oid_->elements, &elements[0], oid_->length);
 
 
  472#ifdef HAVE_GSS_STR_TO_OID 
  475    OM_uint32 major = gss_str_to_oid(&minor, buf.
getPtr(), &oid_);
 
  476    if (major != GSS_S_COMPLETE) {
 
 
  488        OM_uint32 major = gss_release_oid(&minor, &oid_);
 
  489        if (major != GSS_S_COMPLETE) {
 
  490            cerr << 
"gss_release_oid failed with " << major << endl;
 
 
  499    OM_uint32 major = gss_oid_to_str(&minor, oid_, buf.
getPtr());
 
  500    if (major != GSS_S_COMPLETE) {
 
 
  509vector<uint8_t> ISC_GSS_KRB5_MECHANISM_vect =
 
  510    { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02 };
 
  517vector<uint8_t> ISC_GSS_SPNEGO_MECHANISM_vect =
 
  518    { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02 };
 
  524    oid_set_ = GSS_C_NO_OID_SET;
 
  529    OM_uint32 major = gss_create_empty_oid_set(&minor, &oid_set_);
 
  530    if (major != GSS_S_COMPLETE) {
 
  537    if (major != GSS_S_COMPLETE) {
 
  544    if (major != GSS_S_COMPLETE) {
 
 
  553        OM_uint32 major = gss_release_oid_set(&minor, &oid_set_);
 
  554        if (major != GSS_S_COMPLETE) {
 
  555            cerr << 
"gss_release_oid_set failed with " << major << endl;
 
 
 
A generic exception that is thrown when a function is not implemented.
A generic exception that is thrown if a parameter given to a method would refer to or modify out-of-r...
std::vector< uint8_t > getContent() const
Get the content as a vector.
bool empty() const
Empty predicate.
gss_buffer_t getPtr()
Get pointer.
void * getValue()
Get the value.
std::string getString(bool trim=false) const
Get the content as a string.
~GssApiBuffer()
Destructor.
GssApiBuffer()
Constructor.
void inquire(GssApiName &name, gss_cred_usage_t &cred_usage, OM_uint32 &lifetime)
Inquire.
gss_cred_id_t get()
Get the value.
void setLastError(int error)
Set the last error.
GssApiLastError()
Constructor.
virtual ~GssApiLastError()
Destructor.
gss_name_t * getPtr()
Get pointer.
std::string toString()
textual representation.
gss_name_t get()
Get the value.
bool compare(GssApiName &other)
Compare.
gss_OID_set get()
Get the value.
~GssApiOidSet()
Destructor.
GssApiOidSet(bool fill=true)
Constructor.
std::string toString()
Get textual representation.
void sign(GssApiBuffer &gmessage, GssApiBuffer &gsig)
Sign.
bool init(GssApiCredPtr credp, GssApiName &target, OM_uint32 flags, GssApiBuffer &intoken, GssApiBuffer &outtoken, OM_uint32 &lifetime)
Init.
void verify(GssApiBuffer &gmessage, GssApiBuffer &gsig)
Verify.
~GssApiSecCtx()
Destructor.
std::vector< uint8_t > serialize()
Export.
OM_uint32 getLifetime()
Get the lifetime (validity in seconds).
GssApiSecCtx(gss_ctx_id_t sec_ctx)
Constructor.
void inquire(GssApiName &source, GssApiName &target, OM_uint32 &lifetime, OM_uint32 &flags, bool &local, bool &established)
Inquire.
bool accept(GssApiCred &cred, GssApiBuffer &intoken, GssApiName &source, GssApiBuffer &outtoken)
Accept.
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
C++ binding for the GSS-API.
GssApiOid ISC_GSS_SPNEGO_MECHANISM(ISC_GSS_SPNEGO_MECHANISM_vect)
The SPNEGO OID.
string gssApiErrMsg(OM_uint32 major, OM_uint32 minor)
An the error message.
GssApiOid ISC_GSS_KRB5_MECHANISM(ISC_GSS_KRB5_MECHANISM_vect)
The Kerberos 5 OID.
boost::shared_ptr< GssApiCred > GssApiCredPtr
Shared pointer to GSS-API credential.
Defines the logger used by the top-level component of kea-lfc.