xref: /freebsd/crypto/heimdal/lib/gssapi/krb5/external.c (revision af23369a6deaaeb612ab266eb88b8bb8d560c322) 
1 /*
2  * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "gsskrb5_locl.h"
35 #include <gssapi_mech.h>
36 
37 /*
38  * The implementation must reserve static storage for a
39  * gss_OID_desc object containing the value
40  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
41  *              "\x01\x02\x01\x01"},
42  * corresponding to an object-identifier value of
43  * {iso(1) member-body(2) United States(840) mit(113554)
44  *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
45  * GSS_C_NT_USER_NAME should be initialized to point
46  * to that gss_OID_desc.
47  */
48 
49 gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc =
50     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
51 
52 /*
53  * The implementation must reserve static storage for a
54  * gss_OID_desc object containing the value
55  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
56  *              "\x01\x02\x01\x02"},
57  * corresponding to an object-identifier value of
58  * {iso(1) member-body(2) United States(840) mit(113554)
59  *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
60  * The constant GSS_C_NT_MACHINE_UID_NAME should be
61  * initialized to point to that gss_OID_desc.
62  */
63 
64 gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc =
65     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
66 
67 /*
68  * The implementation must reserve static storage for a
69  * gss_OID_desc object containing the value
70  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
71  *              "\x01\x02\x01\x03"},
72  * corresponding to an object-identifier value of
73  * {iso(1) member-body(2) United States(840) mit(113554)
74  *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
75  * The constant GSS_C_NT_STRING_UID_NAME should be
76  * initialized to point to that gss_OID_desc.
77  */
78 
79 gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc =
80     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
81 
82 /*
83  * The implementation must reserve static storage for a
84  * gss_OID_desc object containing the value
85  * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
86  * corresponding to an object-identifier value of
87  * {iso(1) org(3) dod(6) internet(1) security(5)
88  * nametypes(6) gss-host-based-services(2)).  The constant
89  * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
90  * to that gss_OID_desc.  This is a deprecated OID value, and
91  * implementations wishing to support hostbased-service names
92  * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
93  * defined below, to identify such names;
94  * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
95  * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
96  * parameter, but should not be emitted by GSS-API
97  * implementations
98  */
99 
100 gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc =
101     {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
102 
103 /*
104  * The implementation must reserve static storage for a
105  * gss_OID_desc object containing the value
106  * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
107  *              "\x01\x02\x01\x04"}, corresponding to an
108  * object-identifier value of {iso(1) member-body(2)
109  * Unites States(840) mit(113554) infosys(1) gssapi(2)
110  * generic(1) service_name(4)}.  The constant
111  * GSS_C_NT_HOSTBASED_SERVICE should be initialized
112  * to point to that gss_OID_desc.
113  */
114 gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc =
115     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
116 
117 /*
118  * The implementation must reserve static storage for a
119  * gss_OID_desc object containing the value
120  * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
121  * corresponding to an object identifier value of
122  * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
123  * 6(nametypes), 3(gss-anonymous-name)}.  The constant
124  * and GSS_C_NT_ANONYMOUS should be initialized to point
125  * to that gss_OID_desc.
126  */
127 
128 gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc =
129     {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
130 
131 /*
132  * The implementation must reserve static storage for a
133  * gss_OID_desc object containing the value
134  * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
135  * corresponding to an object-identifier value of
136  * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
137  * 6(nametypes), 4(gss-api-exported-name)}.  The constant
138  * GSS_C_NT_EXPORT_NAME should be initialized to point
139  * to that gss_OID_desc.
140  */
141 
142 gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc =
143     {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
144 
145 /*
146  *   This name form shall be represented by the Object Identifier {iso(1)
147  *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
148  *   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
149  *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
150  */
151 
152 gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
153     {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
154 
155 /*
156  * draft-ietf-cat-iakerb-09, IAKERB:
157  *   The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
158  *   with the mechanism proposed by SPNEGO [7] for negotiating protocol
159  *   variations, is:  {iso(1) org(3) dod(6) internet(1) security(5)
160  *   mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}.  The proposed
161  *   mechanism ID for IAKERB minimum messages GSS-API Kerberos, in
162  *   accordance with the mechanism proposed by SPNEGO for negotiating
163  *   protocol variations, is: {iso(1) org(3) dod(6) internet(1)
164  *   security(5) mechanisms(5) iakerb(10)
165  *   iakerbMinimumMessagesProtocol(2)}.
166  */
167 
168 gss_OID_desc GSSAPI_LIB_VARIABLE  __gss_iakerb_proxy_mechanism_oid_desc =
169     {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
170 
171 gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
172     {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
173 
174 /*
175  * Context for krb5 calls.
176  */
177 
178 #if 0
179 static gss_mo_desc krb5_mo[] = {
180     {
181 	GSS_C_MA_SASL_MECH_NAME,
182 	GSS_MO_MA,
183 	"SASL mech name",
184 	rk_UNCONST("GS2-KRB5"),
185 	_gss_mo_get_ctx_as_string,
186 	NULL
187     },
188     {
189 	GSS_C_MA_MECH_NAME,
190 	GSS_MO_MA,
191 	"Mechanism name",
192 	rk_UNCONST("KRB5"),
193 	_gss_mo_get_ctx_as_string,
194 	NULL
195     },
196     {
197 	GSS_C_MA_MECH_DESCRIPTION,
198 	GSS_MO_MA,
199 	"Mechanism description",
200 	rk_UNCONST("Heimdal Kerberos 5 mech"),
201 	_gss_mo_get_ctx_as_string,
202 	NULL
203     },
204     {
205 	GSS_C_MA_MECH_CONCRETE,
206 	GSS_MO_MA
207     },
208     {
209 	GSS_C_MA_ITOK_FRAMED,
210 	GSS_MO_MA
211     },
212     {
213 	GSS_C_MA_AUTH_INIT,
214 	GSS_MO_MA
215     },
216     {
217 	GSS_C_MA_AUTH_TARG,
218 	GSS_MO_MA
219     },
220     {
221 	GSS_C_MA_AUTH_INIT_ANON,
222 	GSS_MO_MA
223     },
224     {
225 	GSS_C_MA_DELEG_CRED,
226 	GSS_MO_MA
227     },
228     {
229 	GSS_C_MA_INTEG_PROT,
230 	GSS_MO_MA
231     },
232     {
233 	GSS_C_MA_CONF_PROT,
234 	GSS_MO_MA
235     },
236     {
237 	GSS_C_MA_MIC,
238 	GSS_MO_MA
239     },
240     {
241 	GSS_C_MA_WRAP,
242 	GSS_MO_MA
243     },
244     {
245 	GSS_C_MA_PROT_READY,
246 	GSS_MO_MA
247     },
248     {
249 	GSS_C_MA_REPLAY_DET,
250 	GSS_MO_MA
251     },
252     {
253 	GSS_C_MA_OOS_DET,
254 	GSS_MO_MA
255     },
256     {
257 	GSS_C_MA_CBINDINGS,
258 	GSS_MO_MA
259     },
260     {
261 	GSS_C_MA_PFS,
262 	GSS_MO_MA
263     },
264     {
265 	GSS_C_MA_CTX_TRANS,
266 	GSS_MO_MA
267     }
268 };
269 #endif
270 
271 /*
272  *
273  */
274 
275 static gssapi_mech_interface_desc krb5_mech = {
276     GMI_VERSION,
277     "kerberos 5",
278     {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
279     0,
280     _gsskrb5_acquire_cred,
281     _gsskrb5_release_cred,
282     _gsskrb5_init_sec_context,
283     _gsskrb5_accept_sec_context,
284     _gsskrb5_process_context_token,
285     _gsskrb5_delete_sec_context,
286     _gsskrb5_context_time,
287     _gsskrb5_get_mic,
288     _gsskrb5_verify_mic,
289     _gsskrb5_wrap,
290     _gsskrb5_unwrap,
291     _gsskrb5_display_status,
292     _gsskrb5_indicate_mechs,
293     _gsskrb5_compare_name,
294     _gsskrb5_display_name,
295     _gsskrb5_import_name,
296     _gsskrb5_export_name,
297     _gsskrb5_release_name,
298     _gsskrb5_inquire_cred,
299     _gsskrb5_inquire_context,
300     _gsskrb5_wrap_size_limit,
301     _gsskrb5_add_cred,
302     _gsskrb5_inquire_cred_by_mech,
303     _gsskrb5_export_sec_context,
304     _gsskrb5_import_sec_context,
305     _gsskrb5_inquire_names_for_mech,
306     _gsskrb5_inquire_mechs_for_name,
307     _gsskrb5_canonicalize_name,
308     _gsskrb5_duplicate_name,
309     _gsskrb5_inquire_sec_context_by_oid,
310     _gsskrb5_inquire_cred_by_oid,
311     _gsskrb5_set_sec_context_option,
312     _gsskrb5_set_cred_option,
313     _gsskrb5_pseudo_random,
314 #if 0
315     _gk_wrap_iov,
316     _gk_unwrap_iov,
317     _gk_wrap_iov_length,
318 #else
319     NULL,
320     NULL,
321     NULL,
322 #endif
323     _gsskrb5_store_cred,
324     _gsskrb5_export_cred,
325     _gsskrb5_import_cred,
326     _gsskrb5_acquire_cred_ext,
327     NULL,
328     NULL,
329     NULL,
330     NULL,
331     NULL,
332     NULL,
333 #if 0
334     krb5_mo,
335     sizeof(krb5_mo) / sizeof(krb5_mo[0]),
336 #else
337     NULL,
338     0,
339 #endif
340     _gsskrb5_pname_to_uid,
341     _gsskrb5_authorize_localname,
342     NULL,
343     NULL,
344     NULL,
345     NULL,
346     NULL,
347     NULL,
348     NULL
349 };
350 
351 gssapi_mech_interface
352 __gss_krb5_initialize(void)
353 {
354     return &krb5_mech;
355 }
356