// MakeBuffer returns a Buffer with an empty malloc-ed gss_buffer_desc in it. // The return value must be .Release()-ed func (lib *Lib) MakeBuffer(alloc int) (*Buffer, error) { s := C.malloc(C.gss_buffer_size) if s == nil { return nil, ErrMallocFailed } C.memset(s, 0, C.gss_buffer_size) b := &Buffer{ Lib: lib, C_gss_buffer_t: C.gss_buffer_t(s), alloc: alloc, } return b, nil }
// AcceptSecContext accepts an initialized security context. Usually called by // the server. May return ErrContinueNeeded if the client is to make another // iteration of exchanging token with the service func (lib *Lib) AcceptSecContext( ctxIn *CtxId, acceptorCredHandle *CredId, inputToken *Buffer, inputChanBindings ChannelBindings) ( ctxOut *CtxId, srcName *Name, actualMechType *OID, outputToken *Buffer, retFlags uint32, timeRec time.Duration, delegatedCredHandle *CredId, err error) { runtime.LockOSThread() defer runtime.UnlockOSThread() // prepare the inputs C_acceptorCredHandle := C.gss_cred_id_t(nil) if acceptorCredHandle != nil { C_acceptorCredHandle = acceptorCredHandle.C_gss_cred_id_t } C_inputToken := C.gss_buffer_t(nil) if inputToken != nil { C_inputToken = inputToken.C_gss_buffer_t } // prepare the outputs if ctxIn != nil { ctxCopy := *ctxIn ctxOut = &ctxCopy } else { ctxOut = lib.GSS_C_NO_CONTEXT } min := C.OM_uint32(0) srcName = lib.NewName() actualMechType = lib.NewOID() outputToken, err = lib.MakeBuffer(allocGSSAPI) if err != nil { return nil, nil, nil, nil, 0, 0, nil, err } flags := C.OM_uint32(0) timerec := C.OM_uint32(0) delegatedCredHandle = lib.NewCredId() maj := C.wrap_gss_accept_sec_context(lib.Fp_gss_accept_sec_context, &min, &ctxOut.C_gss_ctx_id_t, // used as both in and out param C_acceptorCredHandle, C_inputToken, C.gss_channel_bindings_t(inputChanBindings), &srcName.C_gss_name_t, &actualMechType.C_gss_OID, outputToken.C_gss_buffer_t, &flags, &timerec, &delegatedCredHandle.C_gss_cred_id_t) err = lib.stashLastStatus(maj, min) if err != nil { lib.Err("AcceptSecContext: ", err) return nil, nil, nil, nil, 0, 0, nil, err } if MajorStatus(maj).ContinueNeeded() { err = ErrContinueNeeded } return ctxOut, srcName, actualMechType, outputToken, uint32(flags), time.Duration(timerec) * time.Second, delegatedCredHandle, err }
// InitSecContext initiates a security context. Usually invoked by the client. // A Context (CtxId) describes the state at one end of an authentication // protocol. May return ErrContinueNeeded if the client is to make another // iteration of exchanging token with the service func (lib *Lib) InitSecContext(initiatorCredHandle *CredId, ctxIn *CtxId, targetName *Name, mechType *OID, reqFlags uint32, timeReq time.Duration, inputChanBindings ChannelBindings, inputToken *Buffer) ( ctxOut *CtxId, actualMechType *OID, outputToken *Buffer, retFlags uint32, timeRec time.Duration, err error) { runtime.LockOSThread() defer runtime.UnlockOSThread() // prepare the input params C_initiator := C.gss_cred_id_t(nil) if initiatorCredHandle != nil { C_initiator = initiatorCredHandle.C_gss_cred_id_t } C_mechType := C.gss_OID(nil) if mechType != nil { C_mechType = mechType.C_gss_OID } C_inputToken := C.gss_buffer_t(nil) if inputToken != nil { C_inputToken = inputToken.C_gss_buffer_t } // prepare the outputs. if ctxIn != nil { ctxCopy := *ctxIn ctxOut = &ctxCopy } else { ctxOut = lib.NewCtxId() } min := C.OM_uint32(0) actualMechType = lib.NewOID() outputToken, err = lib.MakeBuffer(allocGSSAPI) if err != nil { return nil, nil, nil, 0, 0, err } flags := C.OM_uint32(0) timerec := C.OM_uint32(0) maj := C.wrap_gss_init_sec_context(lib.Fp_gss_init_sec_context, &min, C_initiator, &ctxOut.C_gss_ctx_id_t, // used as both in and out param targetName.C_gss_name_t, C_mechType, C.OM_uint32(reqFlags), C.OM_uint32(timeReq.Seconds()), C.gss_channel_bindings_t(inputChanBindings), C_inputToken, &actualMechType.C_gss_OID, outputToken.C_gss_buffer_t, &flags, &timerec) err = lib.stashLastStatus(maj, min) if err != nil { return nil, nil, nil, 0, 0, err } if MajorStatus(maj).ContinueNeeded() { err = ErrContinueNeeded } return ctxOut, actualMechType, outputToken, uint32(flags), time.Duration(timerec) * time.Second, err }