// AcceptSecContext accepts an initialized security context. Usually called by
// the server. May return ErrContinueNeeded if the client is to make another
// iteration of exchanging token with the service
func (lib *Lib) AcceptSecContext(
ctxIn *CtxId, acceptorCredHandle *CredId, inputToken *Buffer,
inputChanBindings ChannelBindings) (
ctxOut *CtxId, srcName *Name, actualMechType *OID, outputToken *Buffer,
retFlags uint32, timeRec time.Duration, delegatedCredHandle *CredId,
err error) {
runtime.LockOSThread()
defer runtime.UnlockOSThread()
// prepare the inputs
C_acceptorCredHandle := C.gss_cred_id_t(nil)
if acceptorCredHandle != nil {
C_acceptorCredHandle = acceptorCredHandle.C_gss_cred_id_t
}
C_inputToken := C.gss_buffer_t(nil)
if inputToken != nil {
C_inputToken = inputToken.C_gss_buffer_t
}
// prepare the outputs
if ctxIn != nil {
ctxCopy := *ctxIn
ctxOut = &ctxCopy
} else {
ctxOut = lib.GSS_C_NO_CONTEXT
}
min := C.OM_uint32(0)
srcName = lib.NewName()
actualMechType = lib.NewOID()
outputToken, err = lib.MakeBuffer(allocGSSAPI)
if err != nil {
return nil, nil, nil, nil, 0, 0, nil, err
}
flags := C.OM_uint32(0)
timerec := C.OM_uint32(0)
delegatedCredHandle = lib.NewCredId()
maj := C.wrap_gss_accept_sec_context(lib.Fp_gss_accept_sec_context,
&min,
&ctxOut.C_gss_ctx_id_t, // used as both in and out param
C_acceptorCredHandle,
C_inputToken,
C.gss_channel_bindings_t(inputChanBindings),
&srcName.C_gss_name_t,
&actualMechType.C_gss_OID,
outputToken.C_gss_buffer_t,
&flags,
&timerec,
&delegatedCredHandle.C_gss_cred_id_t)
err = lib.stashLastStatus(maj, min)
if err != nil {
lib.Err("AcceptSecContext: ", err)
return nil, nil, nil, nil, 0, 0, nil, err
}
if MajorStatus(maj).ContinueNeeded() {
err = ErrContinueNeeded
}
return ctxOut, srcName, actualMechType, outputToken, uint32(flags),
time.Duration(timerec) * time.Second, delegatedCredHandle, err
}
// InitSecContext initiates a security context. Usually invoked by the client.
// A Context (CtxId) describes the state at one end of an authentication
// protocol. May return ErrContinueNeeded if the client is to make another
// iteration of exchanging token with the service
func (lib *Lib) InitSecContext(initiatorCredHandle *CredId, ctxIn *CtxId,
targetName *Name, mechType *OID, reqFlags uint32, timeReq time.Duration,
inputChanBindings ChannelBindings, inputToken *Buffer) (
ctxOut *CtxId, actualMechType *OID, outputToken *Buffer, retFlags uint32,
timeRec time.Duration, err error) {
runtime.LockOSThread()
defer runtime.UnlockOSThread()
// prepare the input params
C_initiator := C.gss_cred_id_t(nil)
if initiatorCredHandle != nil {
C_initiator = initiatorCredHandle.C_gss_cred_id_t
}
C_mechType := C.gss_OID(nil)
if mechType != nil {
C_mechType = mechType.C_gss_OID
}
C_inputToken := C.gss_buffer_t(nil)
if inputToken != nil {
C_inputToken = inputToken.C_gss_buffer_t
}
// prepare the outputs.
if ctxIn != nil {
ctxCopy := *ctxIn
ctxOut = &ctxCopy
} else {
ctxOut = lib.NewCtxId()
}
min := C.OM_uint32(0)
actualMechType = lib.NewOID()
outputToken, err = lib.MakeBuffer(allocGSSAPI)
if err != nil {
return nil, nil, nil, 0, 0, err
}
flags := C.OM_uint32(0)
timerec := C.OM_uint32(0)
maj := C.wrap_gss_init_sec_context(lib.Fp_gss_init_sec_context,
&min,
C_initiator,
&ctxOut.C_gss_ctx_id_t, // used as both in and out param
targetName.C_gss_name_t,
C_mechType,
C.OM_uint32(reqFlags),
C.OM_uint32(timeReq.Seconds()),
C.gss_channel_bindings_t(inputChanBindings),
C_inputToken,
&actualMechType.C_gss_OID,
outputToken.C_gss_buffer_t,
&flags,
&timerec)
err = lib.stashLastStatus(maj, min)
if err != nil {
return nil, nil, nil, 0, 0, err
}
if MajorStatus(maj).ContinueNeeded() {
err = ErrContinueNeeded
}
return ctxOut, actualMechType, outputToken,
uint32(flags), time.Duration(timerec) * time.Second,
err
}