1 /*- 2 * Copyright (c) 2005 Doug Rabson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD: src/lib/libgssapi/gss_import_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ 27 */ 28 29 #include "mech_locl.h" 30 31 static OM_uint32 32 _gss_import_export_name(OM_uint32 *minor_status, 33 const gss_buffer_t input_name_buffer, 34 gss_name_t *output_name) 35 { 36 OM_uint32 major_status; 37 unsigned char *p = input_name_buffer->value; 38 size_t len = input_name_buffer->length; 39 size_t t; 40 gss_OID_desc mech_oid; 41 gssapi_mech_interface m; 42 struct _gss_name *name; 43 gss_name_t new_canonical_name; 44 int composite = 0; 45 46 *minor_status = 0; 47 *output_name = 0; 48 49 /* 50 * Make sure that TOK_ID is {4, 1}. 51 */ 52 if (len < 2) 53 return (GSS_S_BAD_NAME); 54 if (p[0] != 4) 55 return (GSS_S_BAD_NAME); 56 switch (p[1]) { 57 case 1: /* non-composite name */ 58 break; 59 case 2: /* composite name */ 60 composite = 1; 61 break; 62 default: 63 return (GSS_S_BAD_NAME); 64 } 65 p += 2; 66 len -= 2; 67 68 /* 69 * Get the mech length and the name length and sanity 70 * check the size of of the buffer. 71 */ 72 if (len < 2) 73 return (GSS_S_BAD_NAME); 74 t = (p[0] << 8) + p[1]; 75 p += 2; 76 len -= 2; 77 78 /* 79 * Check the DER encoded OID to make sure it agrees with the 80 * length we just decoded. 81 */ 82 if (p[0] != 6) /* 6=OID */ 83 return (GSS_S_BAD_NAME); 84 p++; 85 len--; 86 t--; 87 if (p[0] & 0x80) { 88 int digits = p[0]; 89 p++; 90 len--; 91 t--; 92 mech_oid.length = 0; 93 while (digits--) { 94 mech_oid.length = (mech_oid.length << 8) | p[0]; 95 p++; 96 len--; 97 t--; 98 } 99 } else { 100 mech_oid.length = p[0]; 101 p++; 102 len--; 103 t--; 104 } 105 if (mech_oid.length != t) 106 return (GSS_S_BAD_NAME); 107 108 mech_oid.elements = p; 109 110 if (len < t + 4) 111 return (GSS_S_BAD_NAME); 112 p += t; 113 len -= t; 114 115 t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; 116 /* p += 4; */ 117 len -= 4; 118 119 if (!composite && len != t) 120 return (GSS_S_BAD_NAME); 121 122 m = __gss_get_mechanism(&mech_oid); 123 if (!m) 124 return (GSS_S_BAD_MECH); 125 126 /* 127 * Ask the mechanism to import the name. 128 */ 129 major_status = m->gm_import_name(minor_status, 130 input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name); 131 if (major_status != GSS_S_COMPLETE) { 132 _gss_mg_error(m, major_status, *minor_status); 133 return major_status; 134 } 135 136 /* 137 * Now we make a new name and mark it as an MN. 138 */ 139 name = _gss_make_name(m, new_canonical_name); 140 if (!name) { 141 m->gm_release_name(minor_status, &new_canonical_name); 142 return (GSS_S_FAILURE); 143 } 144 145 *output_name = (gss_name_t) name; 146 147 *minor_status = 0; 148 return (GSS_S_COMPLETE); 149 } 150 151 /** 152 * Import a name internal or mechanism name 153 * 154 * Type of name and their format: 155 * - GSS_C_NO_OID 156 * - GSS_C_NT_USER_NAME 157 * - GSS_C_NT_HOSTBASED_SERVICE 158 * - GSS_C_NT_EXPORT_NAME 159 * - GSS_C_NT_ANONYMOUS 160 * - GSS_KRB5_NT_PRINCIPAL_NAME 161 * 162 * For more information about @ref internalVSmechname. 163 * 164 * @param minor_status minor status code 165 * @param input_name_buffer import name buffer 166 * @param input_name_type type of the import name buffer 167 * @param output_name the resulting type, release with 168 * gss_release_name(), independent of input_name 169 * 170 * @returns a gss_error code, see gss_display_status() about printing 171 * the error code. 172 * 173 * @ingroup gssapi 174 */ 175 176 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL 177 gss_import_name(OM_uint32 *minor_status, 178 const gss_buffer_t input_name_buffer, 179 const gss_OID input_name_type, 180 gss_name_t *output_name) 181 { 182 struct _gss_mechanism_name *mn; 183 gss_OID name_type = input_name_type; 184 OM_uint32 major_status, ms; 185 struct _gss_name *name; 186 struct _gss_mech_switch *m; 187 gss_name_t rname; 188 189 *output_name = GSS_C_NO_NAME; 190 191 if (input_name_buffer->length == 0) { 192 *minor_status = 0; 193 return (GSS_S_BAD_NAME); 194 } 195 196 _gss_load_mech(); 197 198 /* 199 * Use GSS_NT_USER_NAME as default name type. 200 */ 201 if (name_type == GSS_C_NO_OID) 202 name_type = GSS_C_NT_USER_NAME; 203 204 /* 205 * If this is an exported name, we need to parse it to find 206 * the mechanism and then import it as an MN. See RFC 2743 207 * section 3.2 for a description of the format. 208 */ 209 if (gss_oid_equal(name_type, GSS_C_NT_EXPORT_NAME)) { 210 return _gss_import_export_name(minor_status, 211 input_name_buffer, output_name); 212 } 213 214 215 *minor_status = 0; 216 name = calloc(1, sizeof(struct _gss_name)); 217 if (!name) { 218 *minor_status = ENOMEM; 219 return (GSS_S_FAILURE); 220 } 221 222 HEIM_SLIST_INIT(&name->gn_mn); 223 224 major_status = _gss_copy_oid(minor_status, 225 name_type, &name->gn_type); 226 if (major_status) { 227 free(name); 228 return (GSS_S_FAILURE); 229 } 230 231 major_status = _gss_copy_buffer(minor_status, 232 input_name_buffer, &name->gn_value); 233 if (major_status) 234 goto out; 235 236 /* 237 * Walk over the mechs and import the name into a mech name 238 * for those supported this nametype. 239 */ 240 241 HEIM_SLIST_FOREACH(m, &_gss_mechs, gm_link) { 242 int present = 0; 243 244 major_status = gss_test_oid_set_member(minor_status, 245 name_type, m->gm_name_types, &present); 246 247 if (major_status || present == 0) 248 continue; 249 250 mn = malloc(sizeof(struct _gss_mechanism_name)); 251 if (!mn) { 252 *minor_status = ENOMEM; 253 major_status = GSS_S_FAILURE; 254 goto out; 255 } 256 257 major_status = (*m->gm_mech.gm_import_name)(minor_status, 258 &name->gn_value, 259 (name->gn_type.elements 260 ? &name->gn_type : GSS_C_NO_OID), 261 &mn->gmn_name); 262 if (major_status != GSS_S_COMPLETE) { 263 _gss_mg_error(&m->gm_mech, major_status, *minor_status); 264 free(mn); 265 goto out; 266 } 267 268 mn->gmn_mech = &m->gm_mech; 269 mn->gmn_mech_oid = &m->gm_mech_oid; 270 HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); 271 } 272 273 /* 274 * If we can't find a mn for the name, bail out already here. 275 */ 276 277 mn = HEIM_SLIST_FIRST(&name->gn_mn); 278 if (!mn) { 279 *minor_status = 0; 280 major_status = GSS_S_NAME_NOT_MN; 281 goto out; 282 } 283 284 *output_name = (gss_name_t) name; 285 return (GSS_S_COMPLETE); 286 287 out: 288 rname = (gss_name_t)name; 289 gss_release_name(&ms, &rname); 290 return major_status; 291 } 292