1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/gssapi/mechglue/g_saslname.c */
3 /*
4 * Copyright (C) 2010 by the Massachusetts Institute of Technology.
5 * All rights reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26
27 #include "mglueP.h"
28 #include <krb5/krb5.h>
29
30 static char basis_32[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
31
32 #define OID_SASL_NAME_LENGTH (sizeof("GS2-XXXXXXXXXXX") - 1)
33
34 static OM_uint32
oidToSaslName(OM_uint32 * minor,const gss_OID mech,char sasl_name[OID_SASL_NAME_LENGTH+1])35 oidToSaslName(OM_uint32 *minor, const gss_OID mech,
36 char sasl_name[OID_SASL_NAME_LENGTH + 1])
37 {
38 unsigned char derBuf[2];
39 krb5_crypto_iov iov[3];
40 unsigned char cksumBuf[20], *q = cksumBuf;
41 char *p = sasl_name;
42
43 if (mech->length > 127) {
44 *minor = ERANGE;
45 return GSS_S_BAD_MECH;
46 }
47
48 derBuf[0] = 0x06;
49 derBuf[1] = (unsigned char)mech->length;
50
51 iov[0].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
52 iov[0].data.length = 2;
53 iov[0].data.data = (char *)derBuf;
54 iov[1].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
55 iov[1].data.length = mech->length;
56 iov[1].data.data = (char *)mech->elements;
57 iov[2].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
58 iov[2].data.length = sizeof(cksumBuf);
59 iov[2].data.data = (char *)cksumBuf;
60
61 *minor = krb5_k_make_checksum_iov(NULL, CKSUMTYPE_SHA1, NULL, 0, iov, 3);
62 if (*minor != 0)
63 return GSS_S_FAILURE;
64
65 memcpy(p, "GS2-", 4);
66 p += 4;
67
68 *p++ = basis_32[q[0] >> 3];
69 *p++ = basis_32[((q[0] & 7) << 2) | (q[1] >> 6)];
70 *p++ = basis_32[(q[1] & 0x3f) >> 1];
71 *p++ = basis_32[((q[1] & 1) << 4) | (q[2] >> 4)];
72 *p++ = basis_32[((q[2] & 0xf) << 1) | (q[3] >> 7)];
73 *p++ = basis_32[(q[3] & 0x7f) >> 2];
74 *p++ = basis_32[((q[3] & 3) << 3) | (q[4] >> 5)];
75 *p++ = basis_32[(q[4] & 0x1f)];
76 *p++ = basis_32[q[5] >> 3];
77 *p++ = basis_32[((q[5] & 7) << 2) | (q[6] >> 6)];
78 *p++ = basis_32[(q[6] & 0x3f) >> 1];
79
80 *p++ = '\0';
81
82 *minor = 0;
83 return GSS_S_COMPLETE;
84 }
85
86 static OM_uint32
oidToSaslNameAlloc(OM_uint32 * minor,const gss_OID mech,gss_buffer_t sasl_name)87 oidToSaslNameAlloc(OM_uint32 *minor, const gss_OID mech,
88 gss_buffer_t sasl_name)
89 {
90 OM_uint32 status, tmpMinor;
91
92 sasl_name->value = malloc(OID_SASL_NAME_LENGTH + 1);
93 if (sasl_name->value == NULL) {
94 *minor = ENOMEM;
95 return GSS_S_FAILURE;
96 }
97 sasl_name->length = OID_SASL_NAME_LENGTH;
98
99 status = oidToSaslName(minor, mech, (char *)sasl_name->value);
100 if (GSS_ERROR(status)) {
101 gss_release_buffer(&tmpMinor, sasl_name);
102 return status;
103 }
104
105 return GSS_S_COMPLETE;
106 }
107
gss_inquire_saslname_for_mech(OM_uint32 * minor_status,const gss_OID desired_mech,gss_buffer_t sasl_mech_name,gss_buffer_t mech_name,gss_buffer_t mech_description)108 OM_uint32 KRB5_CALLCONV gss_inquire_saslname_for_mech(
109 OM_uint32 *minor_status,
110 const gss_OID desired_mech,
111 gss_buffer_t sasl_mech_name,
112 gss_buffer_t mech_name,
113 gss_buffer_t mech_description)
114 {
115 OM_uint32 status;
116 gss_OID selected_mech, public_mech;
117 gss_mechanism mech;
118
119 if (minor_status == NULL)
120 return GSS_S_CALL_INACCESSIBLE_WRITE;
121
122 *minor_status = 0;
123
124 if (sasl_mech_name != GSS_C_NO_BUFFER) {
125 sasl_mech_name->length = 0;
126 sasl_mech_name->value = NULL;
127 }
128
129 if (mech_name != GSS_C_NO_BUFFER) {
130 mech_name->length = 0;
131 mech_name->value = NULL;
132 }
133
134 if (mech_description != GSS_C_NO_BUFFER) {
135 mech_description->length = 0;
136 mech_description->value = NULL;
137 }
138
139 status = gssint_select_mech_type(minor_status, desired_mech,
140 &selected_mech);
141 if (status != GSS_S_COMPLETE)
142 return status;
143
144 mech = gssint_get_mechanism(desired_mech);
145 if (mech == NULL) {
146 return GSS_S_BAD_MECH;
147 } else if (mech->gss_inquire_saslname_for_mech == NULL) {
148 status = GSS_S_UNAVAILABLE;
149 } else {
150 public_mech = gssint_get_public_oid(selected_mech);
151 status = mech->gss_inquire_saslname_for_mech(minor_status, public_mech,
152 sasl_mech_name, mech_name,
153 mech_description);
154 if (status != GSS_S_COMPLETE)
155 map_error(minor_status, mech);
156 }
157
158 if (status == GSS_S_UNAVAILABLE) {
159 if (sasl_mech_name != GSS_C_NO_BUFFER)
160 status = oidToSaslNameAlloc(minor_status, desired_mech,
161 sasl_mech_name);
162 else
163 status = GSS_S_COMPLETE;
164 }
165
166 return status;
167 }
168
169 /* We cannot interpose this function as mech_type is an output parameter. */
gss_inquire_mech_for_saslname(OM_uint32 * minor_status,const gss_buffer_t sasl_mech_name,gss_OID * mech_type)170 OM_uint32 KRB5_CALLCONV gss_inquire_mech_for_saslname(
171 OM_uint32 *minor_status,
172 const gss_buffer_t sasl_mech_name,
173 gss_OID *mech_type)
174 {
175 OM_uint32 status, tmpMinor;
176 gss_OID_set mechSet = GSS_C_NO_OID_SET;
177 size_t i;
178
179 if (minor_status != NULL)
180 *minor_status = 0;
181
182 if (mech_type != NULL)
183 *mech_type = GSS_C_NO_OID;
184
185 if (minor_status == NULL)
186 return GSS_S_CALL_INACCESSIBLE_WRITE;
187
188 status = gss_indicate_mechs(minor_status, &mechSet);
189 if (status != GSS_S_COMPLETE)
190 return status;
191
192 for (i = 0, status = GSS_S_BAD_MECH; i < mechSet->count; i++) {
193 gss_mechanism mech;
194 char mappedName[OID_SASL_NAME_LENGTH + 1];
195
196 mech = gssint_get_mechanism(&mechSet->elements[i]);
197 if (mech != NULL && mech->gss_inquire_mech_for_saslname != NULL) {
198 status = mech->gss_inquire_mech_for_saslname(minor_status,
199 sasl_mech_name,
200 mech_type);
201 if (status == GSS_S_COMPLETE)
202 break;
203 }
204 if (status == GSS_S_BAD_MECH &&
205 sasl_mech_name->length == OID_SASL_NAME_LENGTH &&
206 oidToSaslName(&tmpMinor, &mechSet->elements[i],
207 mappedName) == GSS_S_COMPLETE &&
208 memcmp(sasl_mech_name->value, mappedName,
209 OID_SASL_NAME_LENGTH) == 0) {
210 if (mech_type != NULL)
211 *mech_type = &mech->mech_type;
212 status = GSS_S_COMPLETE;
213 break;
214 }
215 }
216
217 gss_release_oid_set(&tmpMinor, &mechSet);
218
219 return status;
220 }
221