xref: /freebsd/crypto/krb5/src/lib/gssapi/mechglue/g_saslname.c (revision 328110da2661a8841f12000b99fea27ceacdd5b2) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/gssapi/mechglue/g_saslname.c */
3 /*
4  * Copyright (C) 2010 by the Massachusetts Institute of Technology.
5  * All rights reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  */
26 
27 #include "mglueP.h"
28 #include <krb5/krb5.h>
29 
30 static char basis_32[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
31 
32 #define OID_SASL_NAME_LENGTH  (sizeof("GS2-XXXXXXXXXXX") - 1)
33 
34 static OM_uint32
35 oidToSaslName(OM_uint32 *minor, const gss_OID mech,
36               char sasl_name[OID_SASL_NAME_LENGTH + 1])
37 {
38     unsigned char derBuf[2];
39     krb5_crypto_iov iov[3];
40     unsigned char cksumBuf[20], *q = cksumBuf;
41     char *p = sasl_name;
42 
43     if (mech->length > 127) {
44         *minor = ERANGE;
45         return GSS_S_BAD_MECH;
46     }
47 
48     derBuf[0] = 0x06;
49     derBuf[1] = (unsigned char)mech->length;
50 
51     iov[0].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
52     iov[0].data.length = 2;
53     iov[0].data.data = (char *)derBuf;
54     iov[1].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
55     iov[1].data.length = mech->length;
56     iov[1].data.data = (char *)mech->elements;
57     iov[2].flags = KRB5_CRYPTO_TYPE_CHECKSUM;
58     iov[2].data.length = sizeof(cksumBuf);
59     iov[2].data.data = (char *)cksumBuf;
60 
61     *minor = krb5_k_make_checksum_iov(NULL, CKSUMTYPE_SHA1, NULL, 0, iov, 3);
62     if (*minor != 0)
63         return GSS_S_FAILURE;
64 
65     memcpy(p, "GS2-", 4);
66     p += 4;
67 
68     *p++ = basis_32[q[0] >> 3];
69     *p++ = basis_32[((q[0] & 7) << 2) | (q[1] >> 6)];
70     *p++ = basis_32[(q[1] & 0x3f) >> 1];
71     *p++ = basis_32[((q[1] & 1) << 4) | (q[2] >> 4)];
72     *p++ = basis_32[((q[2] & 0xf) << 1) | (q[3] >> 7)];
73     *p++ = basis_32[(q[3] & 0x7f) >> 2];
74     *p++ = basis_32[((q[3] & 3) << 3) | (q[4] >> 5)];
75     *p++ = basis_32[(q[4] & 0x1f)];
76     *p++ = basis_32[q[5] >> 3];
77     *p++ = basis_32[((q[5] & 7) << 2) | (q[6] >> 6)];
78     *p++ = basis_32[(q[6] & 0x3f) >> 1];
79 
80     *p++ = '\0';
81 
82     *minor = 0;
83     return GSS_S_COMPLETE;
84 }
85 
86 static OM_uint32
87 oidToSaslNameAlloc(OM_uint32 *minor, const gss_OID mech,
88                    gss_buffer_t sasl_name)
89 {
90     OM_uint32 status, tmpMinor;
91 
92     sasl_name->value = malloc(OID_SASL_NAME_LENGTH + 1);
93     if (sasl_name->value == NULL) {
94         *minor = ENOMEM;
95         return GSS_S_FAILURE;
96     }
97     sasl_name->length = OID_SASL_NAME_LENGTH;
98 
99     status = oidToSaslName(minor, mech, (char *)sasl_name->value);
100     if (GSS_ERROR(status)) {
101         gss_release_buffer(&tmpMinor, sasl_name);
102         return status;
103     }
104 
105     return GSS_S_COMPLETE;
106 }
107 
108 OM_uint32 KRB5_CALLCONV gss_inquire_saslname_for_mech(
109     OM_uint32     *minor_status,
110     const gss_OID  desired_mech,
111     gss_buffer_t   sasl_mech_name,
112     gss_buffer_t   mech_name,
113     gss_buffer_t   mech_description)
114 {
115     OM_uint32       status;
116     gss_OID         selected_mech, public_mech;
117     gss_mechanism   mech;
118 
119     if (minor_status == NULL)
120         return GSS_S_CALL_INACCESSIBLE_WRITE;
121 
122     *minor_status = 0;
123 
124     if (sasl_mech_name != GSS_C_NO_BUFFER) {
125         sasl_mech_name->length = 0;
126         sasl_mech_name->value = NULL;
127     }
128 
129     if (mech_name != GSS_C_NO_BUFFER) {
130         mech_name->length = 0;
131         mech_name->value = NULL;
132     }
133 
134     if (mech_description != GSS_C_NO_BUFFER) {
135         mech_description->length = 0;
136         mech_description->value = NULL;
137     }
138 
139     status = gssint_select_mech_type(minor_status, desired_mech,
140                                      &selected_mech);
141     if (status != GSS_S_COMPLETE)
142         return status;
143 
144     mech = gssint_get_mechanism(desired_mech);
145     if (mech == NULL) {
146         return GSS_S_BAD_MECH;
147     } else if (mech->gss_inquire_saslname_for_mech == NULL) {
148         status = GSS_S_UNAVAILABLE;
149     } else {
150         public_mech = gssint_get_public_oid(selected_mech);
151         status = mech->gss_inquire_saslname_for_mech(minor_status, public_mech,
152                                                      sasl_mech_name, mech_name,
153                                                      mech_description);
154         if (status != GSS_S_COMPLETE)
155             map_error(minor_status, mech);
156     }
157 
158     if (status == GSS_S_UNAVAILABLE) {
159         if (sasl_mech_name != GSS_C_NO_BUFFER)
160             status = oidToSaslNameAlloc(minor_status, desired_mech,
161                                         sasl_mech_name);
162         else
163             status = GSS_S_COMPLETE;
164     }
165 
166     return status;
167 }
168 
169 /* We cannot interpose this function as mech_type is an output parameter. */
170 OM_uint32 KRB5_CALLCONV gss_inquire_mech_for_saslname(
171     OM_uint32           *minor_status,
172     const gss_buffer_t   sasl_mech_name,
173     gss_OID             *mech_type)
174 {
175     OM_uint32       status, tmpMinor;
176     gss_OID_set     mechSet = GSS_C_NO_OID_SET;
177     size_t          i;
178 
179     if (minor_status != NULL)
180         *minor_status = 0;
181 
182     if (mech_type != NULL)
183         *mech_type = GSS_C_NO_OID;
184 
185     if (minor_status == NULL)
186         return GSS_S_CALL_INACCESSIBLE_WRITE;
187 
188     status = gss_indicate_mechs(minor_status, &mechSet);
189     if (status != GSS_S_COMPLETE)
190         return status;
191 
192     for (i = 0, status = GSS_S_BAD_MECH; i < mechSet->count; i++) {
193         gss_mechanism mech;
194         char mappedName[OID_SASL_NAME_LENGTH + 1];
195 
196         mech = gssint_get_mechanism(&mechSet->elements[i]);
197         if (mech != NULL && mech->gss_inquire_mech_for_saslname != NULL) {
198             status = mech->gss_inquire_mech_for_saslname(minor_status,
199                                                          sasl_mech_name,
200                                                          mech_type);
201             if (status == GSS_S_COMPLETE)
202                 break;
203         }
204         if (status == GSS_S_BAD_MECH &&
205             sasl_mech_name->length == OID_SASL_NAME_LENGTH &&
206             oidToSaslName(&tmpMinor, &mechSet->elements[i],
207                           mappedName) == GSS_S_COMPLETE &&
208             memcmp(sasl_mech_name->value, mappedName,
209                    OID_SASL_NAME_LENGTH) == 0) {
210             if (mech_type != NULL)
211                 *mech_type = &mech->mech_type;
212             status = GSS_S_COMPLETE;
213             break;
214         }
215     }
216 
217     gss_release_oid_set(&tmpMinor, &mechSet);
218 
219     return status;
220 }
221