2 * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * Portions Copyright (c) 2004 PADL Software Pty Ltd.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "spnego_locl.h"
37 send_reject (OM_uint32 *minor_status,
38 gss_buffer_t output_token)
43 nt.element = choice_NegotiationToken_negTokenResp;
45 ALLOC(nt.u.negTokenResp.negResult, 1);
46 if (nt.u.negTokenResp.negResult == NULL) {
47 *minor_status = ENOMEM;
50 *(nt.u.negTokenResp.negResult) = reject;
51 nt.u.negTokenResp.supportedMech = NULL;
52 nt.u.negTokenResp.responseToken = NULL;
53 nt.u.negTokenResp.mechListMIC = NULL;
55 ASN1_MALLOC_ENCODE(NegotiationToken,
56 output_token->value, output_token->length, &nt,
57 &size, *minor_status);
58 free_NegotiationToken(&nt);
59 if (*minor_status != 0)
62 return GSS_S_BAD_MECH;
66 acceptor_approved(gss_name_t target_name, gss_OID mech)
68 gss_cred_id_t cred = GSS_C_NO_CREDENTIAL;
72 if (target_name == GSS_C_NO_NAME)
73 return GSS_S_COMPLETE;
75 gss_create_empty_oid_set(&junk, &oidset);
76 gss_add_oid_set_member(&junk, mech, &oidset);
78 ret = gss_acquire_cred(&junk, target_name, GSS_C_INDEFINITE, oidset,
79 GSS_C_ACCEPT, &cred, NULL, NULL);
80 gss_release_oid_set(&junk, &oidset);
81 if (ret != GSS_S_COMPLETE)
83 gss_release_cred(&junk, &cred);
85 return GSS_S_COMPLETE;
89 send_supported_mechs (OM_uint32 *minor_status,
90 gss_buffer_t output_token)
92 NegotiationTokenWin nt;
97 memset(&nt, 0, sizeof(nt));
99 nt.element = choice_NegotiationTokenWin_negTokenInit;
100 nt.u.negTokenInit.reqFlags = NULL;
101 nt.u.negTokenInit.mechToken = NULL;
102 nt.u.negTokenInit.negHints = NULL;
104 ret = _gss_spnego_indicate_mechtypelist(minor_status, GSS_C_NO_NAME,
105 acceptor_approved, 1, NULL,
106 &nt.u.negTokenInit.mechTypes, NULL);
107 if (ret != GSS_S_COMPLETE) {
111 ALLOC(nt.u.negTokenInit.negHints, 1);
112 if (nt.u.negTokenInit.negHints == NULL) {
113 *minor_status = ENOMEM;
114 free_NegotiationTokenWin(&nt);
115 return GSS_S_FAILURE;
118 ALLOC(nt.u.negTokenInit.negHints->hintName, 1);
119 if (nt.u.negTokenInit.negHints->hintName == NULL) {
120 *minor_status = ENOMEM;
121 free_NegotiationTokenWin(&nt);
122 return GSS_S_FAILURE;
125 *nt.u.negTokenInit.negHints->hintName = strdup("not_defined_in_RFC4178@please_ignore");
126 nt.u.negTokenInit.negHints->hintAddress = NULL;
128 ASN1_MALLOC_ENCODE(NegotiationTokenWin,
129 data.value, data.length, &nt, &buf_len, ret);
130 free_NegotiationTokenWin(&nt);
133 return GSS_S_FAILURE;
135 if (data.length != buf_len) {
137 UNREACHABLE(return GSS_S_FAILURE);
140 ret = gss_encapsulate_token(&data, GSS_SPNEGO_MECHANISM, output_token);
144 if (ret != GSS_S_COMPLETE)
149 return GSS_S_CONTINUE_NEEDED;
153 send_accept (OM_uint32 *minor_status,
154 gssspnego_ctx context_handle,
155 gss_buffer_t mech_token,
156 int initial_response,
157 gss_buffer_t mech_buf,
158 gss_buffer_t output_token)
162 gss_buffer_desc mech_mic_buf;
165 memset(&nt, 0, sizeof(nt));
167 nt.element = choice_NegotiationToken_negTokenResp;
169 ALLOC(nt.u.negTokenResp.negResult, 1);
170 if (nt.u.negTokenResp.negResult == NULL) {
171 *minor_status = ENOMEM;
172 return GSS_S_FAILURE;
175 if (context_handle->open) {
176 if (mech_token != GSS_C_NO_BUFFER
177 && mech_token->length != 0
178 && mech_buf != GSS_C_NO_BUFFER)
179 *(nt.u.negTokenResp.negResult) = accept_incomplete;
181 *(nt.u.negTokenResp.negResult) = accept_completed;
183 if (initial_response && context_handle->require_mic)
184 *(nt.u.negTokenResp.negResult) = request_mic;
186 *(nt.u.negTokenResp.negResult) = accept_incomplete;
189 if (initial_response) {
190 ALLOC(nt.u.negTokenResp.supportedMech, 1);
191 if (nt.u.negTokenResp.supportedMech == NULL) {
192 free_NegotiationToken(&nt);
193 *minor_status = ENOMEM;
194 return GSS_S_FAILURE;
197 ret = der_get_oid(context_handle->preferred_mech_type->elements,
198 context_handle->preferred_mech_type->length,
199 nt.u.negTokenResp.supportedMech,
202 free_NegotiationToken(&nt);
203 *minor_status = ENOMEM;
204 return GSS_S_FAILURE;
207 nt.u.negTokenResp.supportedMech = NULL;
210 if (mech_token != GSS_C_NO_BUFFER && mech_token->length != 0) {
211 ALLOC(nt.u.negTokenResp.responseToken, 1);
212 if (nt.u.negTokenResp.responseToken == NULL) {
213 free_NegotiationToken(&nt);
214 *minor_status = ENOMEM;
215 return GSS_S_FAILURE;
217 nt.u.negTokenResp.responseToken->length = mech_token->length;
218 nt.u.negTokenResp.responseToken->data = mech_token->value;
219 mech_token->length = 0;
220 mech_token->value = NULL;
222 nt.u.negTokenResp.responseToken = NULL;
225 if (mech_buf != GSS_C_NO_BUFFER) {
226 ret = gss_get_mic(minor_status,
227 context_handle->negotiated_ctx_id,
231 if (ret == GSS_S_COMPLETE) {
232 ALLOC(nt.u.negTokenResp.mechListMIC, 1);
233 if (nt.u.negTokenResp.mechListMIC == NULL) {
234 gss_release_buffer(minor_status, &mech_mic_buf);
235 free_NegotiationToken(&nt);
236 *minor_status = ENOMEM;
237 return GSS_S_FAILURE;
239 nt.u.negTokenResp.mechListMIC->length = mech_mic_buf.length;
240 nt.u.negTokenResp.mechListMIC->data = mech_mic_buf.value;
241 } else if (ret == GSS_S_UNAVAILABLE) {
242 nt.u.negTokenResp.mechListMIC = NULL;
244 free_NegotiationToken(&nt);
249 nt.u.negTokenResp.mechListMIC = NULL;
251 ASN1_MALLOC_ENCODE(NegotiationToken,
252 output_token->value, output_token->length,
255 free_NegotiationToken(&nt);
257 return GSS_S_FAILURE;
261 * The response should not be encapsulated, because
262 * it is a SubsequentContextToken (note though RFC 1964
263 * specifies encapsulation for all _Kerberos_ tokens).
266 if (*(nt.u.negTokenResp.negResult) == accept_completed)
267 ret = GSS_S_COMPLETE;
269 ret = GSS_S_CONTINUE_NEEDED;
270 free_NegotiationToken(&nt);
277 (OM_uint32 *minor_status,
278 gssspnego_ctx context_handle,
279 gss_buffer_t mech_buf,
280 heim_octet_string *mechListMIC
284 gss_buffer_desc mic_buf;
286 if (context_handle->verified_mic) {
287 /* This doesn't make sense, we've already verified it? */
289 return GSS_S_DUPLICATE_TOKEN;
292 if (mechListMIC == NULL) {
294 return GSS_S_DEFECTIVE_TOKEN;
297 mic_buf.length = mechListMIC->length;
298 mic_buf.value = mechListMIC->data;
300 ret = gss_verify_mic(minor_status,
301 context_handle->negotiated_ctx_id,
306 if (ret != GSS_S_COMPLETE)
307 ret = GSS_S_DEFECTIVE_TOKEN;
313 select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
324 ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
329 return GSS_S_DEFECTIVE_TOKEN;
332 oid.length = mech_len;
333 oid.elements = mechbuf + sizeof(mechbuf) - mech_len;
335 if (gss_oid_equal(&oid, GSS_SPNEGO_MECHANISM)) {
336 return GSS_S_BAD_MECH;
341 /* Translate broken MS Kebreros OID */
342 if (gss_oid_equal(&oid, &_gss_spnego_mskrb_mechanism_oid_desc))
343 oidp = &_gss_spnego_krb5_mechanism_oid_desc;
348 ret = gss_indicate_mechs(&junk, &mechs);
352 for (i = 0; i < mechs->count; i++)
353 if (gss_oid_equal(&mechs->elements[i], oidp))
356 if (i == mechs->count) {
357 gss_release_oid_set(&junk, &mechs);
358 return GSS_S_BAD_MECH;
360 gss_release_oid_set(&junk, &mechs);
362 ret = gss_duplicate_oid(minor_status,
363 &oid, /* possibly this should be oidp */
367 gss_name_t name = GSS_C_NO_NAME;
368 gss_buffer_desc namebuf;
369 char *str = NULL, *host, hostname[MAXHOSTNAMELEN];
371 host = getenv("GSSAPI_SPNEGO_NAME");
372 if (host == NULL || issuid()) {
374 if (gethostname(hostname, sizeof(hostname)) != 0) {
375 *minor_status = errno;
376 return GSS_S_FAILURE;
378 rv = asprintf(&str, "host@%s", hostname);
379 if (rv < 0 || str == NULL) {
380 *minor_status = ENOMEM;
381 return GSS_S_FAILURE;
386 namebuf.length = strlen(host);
387 namebuf.value = host;
389 ret = gss_import_name(minor_status, &namebuf,
390 GSS_C_NT_HOSTBASED_SERVICE, &name);
393 if (ret != GSS_S_COMPLETE)
396 ret = acceptor_approved(name, *mech_p);
397 gss_release_name(&junk, &name);
405 acceptor_complete(OM_uint32 * minor_status,
408 gss_buffer_t mech_buf,
409 gss_buffer_t mech_input_token,
410 gss_buffer_t mech_output_token,
411 heim_octet_string *mic,
412 gss_buffer_t output_token)
415 int require_mic, verify_mic;
417 ret = _gss_spnego_require_mechlist_mic(minor_status, ctx, &require_mic);
421 ctx->require_mic = require_mic;
426 if (ctx->open && require_mic) {
427 if (mech_input_token == GSS_C_NO_BUFFER) { /* Even/One */
430 } else if (mech_output_token != GSS_C_NO_BUFFER &&
431 mech_output_token->length == 0) { /* Odd */
432 *get_mic = verify_mic = 1;
433 } else { /* Even/One */
438 if (verify_mic || *get_mic) {
442 ASN1_MALLOC_ENCODE(MechTypeList,
443 mech_buf->value, mech_buf->length,
444 &ctx->initiator_mech_types, &buf_len, eret);
446 *minor_status = eret;
447 return GSS_S_FAILURE;
449 heim_assert(mech_buf->length == buf_len, "Internal ASN.1 error");
450 UNREACHABLE(return GSS_S_FAILURE);
454 ret = verify_mechlist_mic(minor_status, ctx, mech_buf, mic);
457 send_reject (minor_status, output_token);
460 ctx->verified_mic = 1;
465 return GSS_S_COMPLETE;
469 static OM_uint32 GSSAPI_CALLCONV
471 (OM_uint32 * minor_status,
472 gss_ctx_id_t * context_handle,
473 const gss_cred_id_t acceptor_cred_handle,
474 const gss_buffer_t input_token_buffer,
475 const gss_channel_bindings_t input_chan_bindings,
476 gss_name_t * src_name,
478 gss_buffer_t output_token,
479 OM_uint32 * ret_flags,
480 OM_uint32 * time_rec,
481 gss_cred_id_t *delegated_cred_handle
488 gss_buffer_desc data;
489 gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
490 gss_buffer_desc mech_output_token;
491 gss_buffer_desc mech_buf;
492 gss_OID preferred_mech_type = GSS_C_NO_OID;
497 mech_output_token.value = NULL;
498 mech_output_token.length = 0;
499 mech_buf.value = NULL;
501 if (input_token_buffer->length == 0)
502 return send_supported_mechs (minor_status, output_token);
504 ret = _gss_spnego_alloc_sec_context(minor_status, context_handle);
505 if (ret != GSS_S_COMPLETE)
508 ctx = (gssspnego_ctx)*context_handle;
511 * The GSS-API encapsulation is only present on the initial
512 * context token (negTokenInit).
514 ret = gss_decapsulate_token (input_token_buffer,
515 GSS_SPNEGO_MECHANISM,
520 ret = decode_NegotiationToken(data.value, data.length, &nt, &nt_len);
521 gss_release_buffer(minor_status, &data);
524 return GSS_S_DEFECTIVE_TOKEN;
526 if (nt.element != choice_NegotiationToken_negTokenInit) {
528 return GSS_S_DEFECTIVE_TOKEN;
530 ni = &nt.u.negTokenInit;
532 if (ni->mechTypes.len < 1) {
533 free_NegotiationToken(&nt);
535 return GSS_S_DEFECTIVE_TOKEN;
538 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
540 ret = copy_MechTypeList(&ni->mechTypes, &ctx->initiator_mech_types);
542 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
543 free_NegotiationToken(&nt);
545 return GSS_S_FAILURE;
549 * First we try the opportunistic token if we have support for it,
550 * don't try to verify we have credential for the token,
551 * gss_accept_sec_context() will (hopefully) tell us that.
555 ret = select_mech(minor_status,
556 &ni->mechTypes.val[0],
558 &preferred_mech_type);
560 if (ret == 0 && ni->mechToken != NULL) {
561 gss_buffer_desc ibuf;
563 ibuf.length = ni->mechToken->length;
564 ibuf.value = ni->mechToken->data;
565 mech_input_token = &ibuf;
567 if (ctx->mech_src_name != GSS_C_NO_NAME)
568 gss_release_name(&junk, &ctx->mech_src_name);
570 ret = gss_accept_sec_context(minor_status,
571 &ctx->negotiated_ctx_id,
572 acceptor_cred_handle,
576 &ctx->negotiated_mech_type,
580 delegated_cred_handle);
582 if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
583 ctx->preferred_mech_type = preferred_mech_type;
584 if (ret == GSS_S_COMPLETE)
587 ret = acceptor_complete(minor_status,
595 if (ret != GSS_S_COMPLETE)
600 gss_mg_collect_error(preferred_mech_type, ret, *minor_status);
605 * If opportunistic token failed, lets try the other mechs.
608 if (!first_ok && ni->mechToken != NULL) {
611 preferred_mech_type = GSS_C_NO_OID;
613 /* Call glue layer to find first mech we support */
614 for (j = 1; j < ni->mechTypes.len; ++j) {
615 ret = select_mech(minor_status,
616 &ni->mechTypes.val[j],
618 &preferred_mech_type);
624 ctx->preferred_mech_type = preferred_mech_type;
626 if (preferred_mech_type == GSS_C_NO_OID) {
627 send_reject(minor_status, output_token);
628 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
629 free_NegotiationToken(&nt);
634 * The initial token always have a response
637 ret = send_accept (minor_status,
641 get_mic ? &mech_buf : NULL,
647 if (mech_output_token.value != NULL)
648 gss_release_buffer(&junk, &mech_output_token);
649 if (mech_buf.value != NULL) {
650 free(mech_buf.value);
651 mech_buf.value = NULL;
653 free_NegotiationToken(&nt);
656 if (ret == GSS_S_COMPLETE) {
657 if (src_name != NULL && ctx->mech_src_name != NULL) {
660 name = calloc(1, sizeof(*name));
662 name->mech = ctx->mech_src_name;
663 ctx->mech_src_name = NULL;
664 *src_name = (gss_name_t)name;
669 if (mech_type != NULL)
670 *mech_type = ctx->negotiated_mech_type;
671 if (ret_flags != NULL)
672 *ret_flags = ctx->mech_flags;
673 if (time_rec != NULL)
674 *time_rec = ctx->mech_time_rec;
676 if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
677 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
681 _gss_spnego_internal_delete_sec_context(&junk, context_handle,
688 static OM_uint32 GSSAPI_CALLCONV
690 (OM_uint32 * minor_status,
691 gss_ctx_id_t * context_handle,
692 const gss_cred_id_t acceptor_cred_handle,
693 const gss_buffer_t input_token_buffer,
694 const gss_channel_bindings_t input_chan_bindings,
695 gss_name_t * src_name,
697 gss_buffer_t output_token,
698 OM_uint32 * ret_flags,
699 OM_uint32 * time_rec,
700 gss_cred_id_t *delegated_cred_handle
703 OM_uint32 ret, ret2, minor;
707 unsigned int negResult = accept_incomplete;
708 gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
709 gss_buffer_t mech_output_token = GSS_C_NO_BUFFER;
710 gss_buffer_desc mech_buf;
713 mech_buf.value = NULL;
715 ctx = (gssspnego_ctx)*context_handle;
718 * The GSS-API encapsulation is only present on the initial
719 * context token (negTokenInit).
722 ret = decode_NegotiationToken(input_token_buffer->value,
723 input_token_buffer->length,
727 return GSS_S_DEFECTIVE_TOKEN;
729 if (nt.element != choice_NegotiationToken_negTokenResp) {
731 return GSS_S_DEFECTIVE_TOKEN;
733 na = &nt.u.negTokenResp;
735 if (na->negResult != NULL) {
736 negResult = *(na->negResult);
739 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
742 gss_buffer_desc ibuf, obuf;
743 int require_mic, get_mic = 0;
744 int require_response;
745 heim_octet_string *mic;
747 if (na->responseToken != NULL) {
748 ibuf.length = na->responseToken->length;
749 ibuf.value = na->responseToken->data;
750 mech_input_token = &ibuf;
756 if (mech_input_token != GSS_C_NO_BUFFER) {
758 if (ctx->mech_src_name != GSS_C_NO_NAME)
759 gss_release_name(&minor, &ctx->mech_src_name);
761 ret = gss_accept_sec_context(&minor,
762 &ctx->negotiated_ctx_id,
763 acceptor_cred_handle,
767 &ctx->negotiated_mech_type,
771 delegated_cred_handle);
773 if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
774 mech_output_token = &obuf;
776 if (ret != GSS_S_COMPLETE && ret != GSS_S_CONTINUE_NEEDED) {
777 free_NegotiationToken(&nt);
778 gss_mg_collect_error(ctx->negotiated_mech_type, ret, minor);
779 send_reject (minor_status, output_token);
780 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
783 if (ret == GSS_S_COMPLETE)
786 ret = GSS_S_COMPLETE;
788 ret2 = _gss_spnego_require_mechlist_mic(minor_status,
794 ctx->require_mic = require_mic;
796 mic = na->mechListMIC;
800 if (ret == GSS_S_COMPLETE)
801 ret = acceptor_complete(minor_status,
810 if (ctx->mech_flags & GSS_C_DCE_STYLE)
811 require_response = (negResult != accept_completed);
813 require_response = 0;
816 * Check whether we need to send a result: there should be only
817 * one accept_completed response sent in the entire negotiation
819 if ((mech_output_token != GSS_C_NO_BUFFER &&
820 mech_output_token->length != 0)
821 || (ctx->open && negResult == accept_incomplete)
824 ret2 = send_accept (minor_status,
828 get_mic ? &mech_buf : NULL,
835 if (ret2 != GSS_S_COMPLETE)
837 if (mech_output_token != NULL)
838 gss_release_buffer(&minor, mech_output_token);
839 if (mech_buf.value != NULL)
840 free(mech_buf.value);
841 free_NegotiationToken(&nt);
844 if (ret == GSS_S_COMPLETE) {
845 if (src_name != NULL && ctx->mech_src_name != NULL) {
848 name = calloc(1, sizeof(*name));
850 name->mech = ctx->mech_src_name;
851 ctx->mech_src_name = NULL;
852 *src_name = (gss_name_t)name;
857 if (mech_type != NULL)
858 *mech_type = ctx->negotiated_mech_type;
859 if (ret_flags != NULL)
860 *ret_flags = ctx->mech_flags;
861 if (time_rec != NULL)
862 *time_rec = ctx->mech_time_rec;
864 if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED) {
865 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
869 _gss_spnego_internal_delete_sec_context(&minor, context_handle,
875 OM_uint32 GSSAPI_CALLCONV
876 _gss_spnego_accept_sec_context
877 (OM_uint32 * minor_status,
878 gss_ctx_id_t * context_handle,
879 const gss_cred_id_t acceptor_cred_handle,
880 const gss_buffer_t input_token_buffer,
881 const gss_channel_bindings_t input_chan_bindings,
882 gss_name_t * src_name,
884 gss_buffer_t output_token,
885 OM_uint32 * ret_flags,
886 OM_uint32 * time_rec,
887 gss_cred_id_t *delegated_cred_handle
890 _gss_accept_sec_context_t *func;
894 output_token->length = 0;
895 output_token->value = NULL;
897 if (src_name != NULL)
898 *src_name = GSS_C_NO_NAME;
899 if (mech_type != NULL)
900 *mech_type = GSS_C_NO_OID;
901 if (ret_flags != NULL)
903 if (time_rec != NULL)
905 if (delegated_cred_handle != NULL)
906 *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
909 if (*context_handle == GSS_C_NO_CONTEXT)
910 func = acceptor_start;
912 func = acceptor_continue;
915 return (*func)(minor_status, context_handle, acceptor_cred_handle,
916 input_token_buffer, input_chan_bindings,
917 src_name, mech_type, output_token, ret_flags,
918 time_rec, delegated_cred_handle);
projects / FreeBSD / FreeBSD.git / blob