Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS v1.3 #150

Merged
merged 18 commits into from
Mar 25, 2021
Merged

TLS v1.3 #150

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
7f468e3
Remove trailing whitespace
ellert Sep 13, 2020
dd6ad94
Allow TLS v1.3
ellert Sep 13, 2020
11c0a91
No NULL ciphers in TLS v1.3
ellert Sep 13, 2020
b2e6edd
Add missing config option to list
ellert Sep 13, 2020
cd99295
Remove confusing double parentheses
ellert Mar 19, 2021
843fe51
Add parentheses for consistency
ellert Mar 19, 2021
d050553
Harmonize the debug messages for init() and accept()
ellert Mar 4, 2021
1596b3a
Update and fix some typos in comments
ellert Mar 19, 2021
6e14927
Remove commented-out code
ellert Mar 21, 2021
1d0d02d
Use consistent check for SSL v2 backward compatible hello
ellert Mar 22, 2021
77f3aed
Add missing goto on error
ellert Mar 19, 2021
3abc3e8
Add comment (for consistency)
ellert Mar 25, 2021
4e76b43
TLS v1.3 sends 2 session tokens after the handshake is completed
ellert Mar 25, 2021
13851d8
Fix some compiler warnings
ellert Mar 25, 2021
9f843de
Fix some compiler warnings
ellert Mar 25, 2021
b275cec
Version and packaging update for globus-gssapi-gsi
ellert Mar 25, 2021
f44f7be
Remove trailing whitespace
ellert Mar 4, 2021
06b0692
Version and packaging update for globus-gss-assist
ellert Mar 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
129 changes: 66 additions & 63 deletions gsi/gss_assist/source/accept.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,46 +30,46 @@
* @brief Accept a Security Context
* @ingroup globus_gss_assist_context
* @details
* This routine accepts a GSSAPI security context and
* is called by the gram_gatekeeper. It isolates
* the GSSAPI from the rest of the gram code.
* This routine accepts a GSSAPI security context and
* is called by the gram_gatekeeper. It isolates
* the GSSAPI from the rest of the gram code.
*
* Initialize a GSSAPI security connection. Used by the server.
* Initialize a GSSAPI security connection. Used by the server.
* The context_handle is returned, and there is one for each
* connection. This routine will take cake of the looping
* and token processing, using the supplied get_token and
* send_token routines.
* send_token routines.
*
* @param minor_status
* GSSAPI return code
* @param context_handle
* pointer to returned context.
* pointer to returned context.
* @param cred_handle
* the cred handle obtained by acquire_cred.
* @param src_name_char
* Pointer to char string representation of the
* client which contacted the server. Maybe NULL if not wanted.
* Should be freed when done.
* client which contacted the server. Maybe NULL if not wanted.
* Should be freed when done.
* @param ret_flags
* Pointer to which services are available after
* the connection is established. Maybe NULL if not wanted.
* the connection is established. Maybe NULL if not wanted.
* We will also use this to pass in flags to the globus
* version of GSSAPI
* @param user_to_user_flag
* Pointer to flag to be set if
* the src_name is the same as our name.
* the src_name is the same as our name.
* (Following are particular to this assist routine)
* @param token_status
* assist routine get/send token status
* @param delegated_cred_handle
* pointer to be set to the credential delegated by the client if
* delegation occurs during the security handshake
* @param gss_assist_get_token
* a get token routine
* a get token routine
* @param gss_assist_get_context
* first arg for the get token routine
* first arg for the get token routine
* @param gss_assist_send_token
* a send token routine
* a send token routine
* @param gss_assist_send_context
* first arg for the send token routine
* @return
Expand All @@ -86,7 +86,7 @@ globus_gss_assist_accept_sec_context(
int * user_to_user_flag,
int * token_status,
gss_cred_id_t * delegated_cred_handle,
int (*gss_assist_get_token)(void *, void **, size_t *),
int (*gss_assist_get_token)(void *, void **, size_t *),
void * gss_assist_get_context,
int (*gss_assist_send_token)(void *, void *, size_t),
void * gss_assist_send_context)
Expand Down Expand Up @@ -139,14 +139,15 @@ globus_gss_assist_accept_sec_context(
&input_token->value,
&input_token->length)) != 0)
{
major_status =
major_status =
GSS_S_DEFECTIVE_TOKEN | GSS_S_CALL_INACCESSIBLE_READ;
break;
}

GLOBUS_I_GSI_GSS_ASSIST_DEBUG_FPRINTF(
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("gss_assist_accept_sec_context(1):inlen:%u\n"),
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("gss_assist_accept_sec_context(1):\n "
"input_token length: %u\n"),
input_token->length));

major_status = gss_accept_sec_context(
Expand All @@ -163,24 +164,24 @@ globus_gss_assist_accept_sec_context(
delegated_cred_handle);

GLOBUS_I_GSI_GSS_ASSIST_DEBUG_FPRINTF(
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("gss_assist_accept_sec_context(2)"
"maj:%8.8x:min:%8.8x:ret:%8.8x "
"outlen:%u:context:%p\n"),
(unsigned int) major_status,
(unsigned int) minor_status1,
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("gss_assist_accept_sec_context(2):\n "
"major:%8.8x minor:%8.8x ret_flags: %8.8x\n "
"output_token length: %u context_handle: %p\n"),
(unsigned int) major_status,
(unsigned int) minor_status1,
(unsigned int) ((ret_flags) ? *ret_flags : -1),
output_token->length,
output_token->length,
*context_handle));

if (output_token->length != 0)
{
if ((*token_status = gss_assist_send_token(
gss_assist_send_context,
gss_assist_send_context,
output_token->value,
output_token->length)) != 0)
{
major_status =
major_status =
GSS_S_DEFECTIVE_TOKEN | GSS_S_CALL_INACCESSIBLE_WRITE;
}
gss_release_buffer(&minor_status2,
Expand All @@ -194,7 +195,7 @@ globus_gss_assist_accept_sec_context(
GSS_C_NO_BUFFER);
break;
}

if (input_token->length >0)
{
free(input_token->value); /* alloc done by g_get_token */
Expand Down Expand Up @@ -257,7 +258,7 @@ globus_gss_assist_accept_sec_context(

gss_release_name(&minor_status2, &client_name);
gss_release_name(&minor_status2, &my_name);

*minor_status = minor_status1;

GLOBUS_I_GSI_GSS_ASSIST_DEBUG_EXIT;
Expand All @@ -269,36 +270,36 @@ globus_gss_assist_accept_sec_context(
* @brief Accept a Security Context Without Blocking
* @ingroup globus_gss_assist_context
* @details
* This is a asynchronous version of the
* This is an asynchronous version of the
* globus_gss_assist_accept_sec_context() function. Instead of looping
* itself it passes in and out the read and written buffers and
* the calling application is responsible for doing the I/O directly.
*
* @param minor_status
* GSSAPI return code
* @param context_handle
* pointer to returned context.
* pointer to returned context.
* @param cred_handle
* the cred handle obtained by acquire_cred.
* @param src_name_char
* Pointer to char string representation of the
* client which contacted the server. Maybe NULL if not wanted.
* Should be freed when done.
* @param ret_flags
* client which contacted the server. Maybe NULL if not wanted.
* Should be freed when done.
* @param ret_flags
* Pointer to which services are available after
* the connection is established. Maybe NULL if not wanted.
* the connection is established. Maybe NULL if not wanted.
* We will also use this to pass in flags to the Globus
* version of GSSAPI
* @param user_to_user_flag
* Pointer to flag to be set if
* the src_name is the same as our name.
* the src_name is the same as our name.
* @param input_buffer
* pointer to a buffer received from peer.
* @param input_buffer_len
* length of the buffer input_buffer.
* @param output_bufferp
* pointer to a pointer which will be filled in
* with a pointer to a allocated block of memory. If
* with a pointer to an allocated block of memory. If
* non-NULL the contents of this block should be written
* to the peer where they will be fed into the
* globus_gss_assist_init_sec_context_async() function.
Expand Down Expand Up @@ -341,7 +342,7 @@ globus_gss_assist_accept_sec_context_async(
gss_buffer_t input_token = &input_token_desc;
gss_buffer_desc output_token_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_t output_token = &output_token_desc;
gss_channel_bindings_t input_chan_bindings
gss_channel_bindings_t input_chan_bindings
= GSS_C_NO_CHANNEL_BINDINGS;
gss_name_t client_name = GSS_C_NO_NAME;
gss_name_t my_name = GSS_C_NO_NAME;
Expand All @@ -350,8 +351,8 @@ globus_gss_assist_accept_sec_context_async(
char * cp;
gss_buffer_desc tmp_buffer_desc = GSS_C_EMPTY_BUFFER;
gss_buffer_t tmp_buffer = &tmp_buffer_desc;
static char * _function_name_ =
"globus_gss_assist_accept_sec_context_async";
static char * _function_name_ =
"globus_gss_assist_accept_sec_context_async";
GLOBUS_I_GSI_GSS_ASSIST_DEBUG_ENTER;

/* Set up our input token from passed buffer */
Expand All @@ -367,7 +368,7 @@ globus_gss_assist_accept_sec_context_async(
before the first call. Don't know how to fix it since I can't
access fields in the handle outside the GSSAPI. - Sam
*/

if(*context_handle == GSS_C_NO_CONTEXT)
{
if (src_name_char)
Expand All @@ -380,10 +381,11 @@ globus_gss_assist_accept_sec_context_async(
*user_to_user_flag = -1;
}
}

GLOBUS_I_GSI_GSS_ASSIST_DEBUG_FPRINTF(
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("gss_assist_accept_sec_context_async(1):inlen:%u\n"),
_GASL("gss_assist_accept_sec_context_async(1):\n "
"input_token length: %u\n"),
input_token->length));

major_status = gss_accept_sec_context(&minor_status1,
Expand All @@ -399,23 +401,24 @@ globus_gss_assist_accept_sec_context_async(
delegated_cred_handle);

GLOBUS_I_GSI_GSS_ASSIST_DEBUG_FPRINTF(
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("gss_assist_accept_sec_context_async(2)"
"maj:%8.8x:min:%8.8x:ret:%8.8x outlen:%u:context:%p\n"),
(unsigned int) major_status,
(unsigned int) minor_status1,
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("gss_assist_accept_sec_context_async(2):\n "
"major: %8.8x minor: %8.8x ret_flags: %8.8x\n "
"output_token length: %u context_handle: %p\n"),
(unsigned int) major_status,
(unsigned int) minor_status1,
(unsigned int) ((ret_flags) ? *ret_flags : -1),
(unsigned int) output_token->length,
(unsigned int) output_token->length,
(char *) *context_handle));

if (output_token->length != 0)
{
*output_bufferp = output_token->value;
*output_buffer_lenp = output_token->length;
/* These will now be freed by the caller */
}
else
{
{
*output_bufferp = NULL;
*output_buffer_lenp = 0;
}
Expand Down Expand Up @@ -446,7 +449,7 @@ globus_gss_assist_accept_sec_context_async(

if (major_status2 == GSS_S_COMPLETE)
{

cp = (char *)malloc(tmp_buffer->length+1);
if (cp) {
memcpy(cp, tmp_buffer->value, tmp_buffer->length);
Expand Down Expand Up @@ -474,7 +477,7 @@ globus_gss_assist_accept_sec_context_async(
{
if ((major_status2 = gss_inquire_cred(&minor_status1,
cred_handle,
&my_name,
&my_name,
NULL,
NULL,
NULL)) == GSS_S_COMPLETE)
Expand All @@ -486,9 +489,9 @@ globus_gss_assist_accept_sec_context_async(
{
OM_uint32 major_status3;
OM_uint32 minor_status3;

GLOBUS_I_GSI_GSS_ASSIST_DEBUG_FPRINTF(
3, (globus_i_gsi_gss_assist_debug_fstream,
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL("gss_assist_accept_sec_context_async(3):"
"u2uflag:%d\n"),
*user_to_user_flag));
Expand All @@ -497,14 +500,14 @@ globus_gss_assist_accept_sec_context_async(
client_name,
tmp_buffer,
NULL);

if (GSS_ERROR(major_status3))
{
GLOBUS_I_GSI_GSS_ASSIST_DEBUG_FPRINTF(
3,
3,
(globus_i_gsi_gss_assist_debug_fstream,
_GASL(" NO client_name: status:%8.8x %8.8x\n"),
(unsigned int) major_status3,
(unsigned int) major_status3,
(unsigned int) minor_status3));
}
else
Expand All @@ -517,18 +520,18 @@ globus_gss_assist_accept_sec_context_async(

gss_release_buffer(&minor_status2, tmp_buffer);
}

major_status3 = gss_display_name(&minor_status3,
my_name,
tmp_buffer,
NULL);

if (GSS_ERROR(major_status3))
{
GLOBUS_I_GSI_GSS_ASSIST_DEBUG_FPRINTF(
3, (globus_i_gsi_gss_assist_debug_fstream,
_GASL(" NO my_name: status:%8.8x %8.8x\n"),
(unsigned int) major_status3,
(unsigned int) major_status3,
(unsigned int) minor_status3));
}
else
Expand All @@ -554,7 +557,7 @@ globus_gss_assist_accept_sec_context_async(

gss_release_name(&minor_status2, &client_name);
gss_release_name(&minor_status2, &my_name);

*minor_status = minor_status1;

GLOBUS_I_GSI_GSS_ASSIST_DEBUG_EXIT;
Expand Down
2 changes: 1 addition & 1 deletion gsi/gss_assist/source/configure.ac
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
AC_PREREQ([2.60])

AC_INIT([globus_gss_assist], [12.4],[https://github.com/gridcf/gct/issues])
AC_INIT([globus_gss_assist], [12.5],[https://github.com/gridcf/gct/issues])
AC_CONFIG_MACRO_DIR([m4])
AC_SUBST([MAJOR_VERSION], [${PACKAGE_VERSION%%.*}])
AC_SUBST([MINOR_VERSION], [${PACKAGE_VERSION##*.}])
Expand Down
Loading