1 /*- 2 * Copyright (c) 2005 Doug Rabson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #include <gssapi/gssapi.h> 30 #include <stdlib.h> 31 #include <string.h> 32 #include <errno.h> 33 34 #include "mech_switch.h" 35 #include "utils.h" 36 #include "name.h" 37 38 static OM_uint32 39 _gss_import_export_name(OM_uint32 *minor_status, 40 const gss_buffer_t input_name_buffer, 41 gss_name_t *output_name) 42 { 43 OM_uint32 major_status; 44 unsigned char *p = input_name_buffer->value; 45 size_t len = input_name_buffer->length; 46 size_t t; 47 gss_OID_desc mech_oid; 48 struct _gss_mech_switch *m; 49 struct _gss_name *name; 50 gss_name_t new_canonical_name; 51 52 *minor_status = 0; 53 *output_name = 0; 54 55 /* 56 * Make sure that TOK_ID is {4, 1}. 57 */ 58 if (len < 2) 59 return (GSS_S_BAD_NAME); 60 if (p[0] != 4 || p[1] != 1) 61 return (GSS_S_BAD_NAME); 62 p += 2; 63 len -= 2; 64 65 /* 66 * Get the mech length and the name length and sanity 67 * check the size of of the buffer. 68 */ 69 if (len < 2) 70 return (GSS_S_BAD_NAME); 71 t = (p[0] << 8) + p[1]; 72 p += 2; 73 len -= 2; 74 75 /* 76 * Check the DER encoded OID to make sure it agrees with the 77 * length we just decoded. 78 */ 79 if (p[0] != 6) /* 6=OID */ 80 return (GSS_S_BAD_NAME); 81 p++; 82 len--; 83 t--; 84 if (p[0] & 0x80) { 85 int digits = p[0]; 86 p++; 87 len--; 88 t--; 89 mech_oid.length = 0; 90 while (digits--) { 91 mech_oid.length = (mech_oid.length << 8) | p[0]; 92 p++; 93 len--; 94 t--; 95 } 96 } else { 97 mech_oid.length = p[0]; 98 p++; 99 len--; 100 t--; 101 } 102 if (mech_oid.length != t) 103 return (GSS_S_BAD_NAME); 104 105 mech_oid.elements = p; 106 107 if (len < t + 4) 108 return (GSS_S_BAD_NAME); 109 p += t; 110 len -= t; 111 112 t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; 113 p += 4; 114 len -= 4; 115 116 if (len != t) 117 return (GSS_S_BAD_NAME); 118 119 m = _gss_find_mech_switch(&mech_oid); 120 if (!m) 121 return (GSS_S_BAD_MECH); 122 123 /* 124 * Ask the mechanism to import the name. 125 */ 126 major_status = m->gm_import_name(minor_status, 127 input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name); 128 if (major_status != GSS_S_COMPLETE) { 129 _gss_mg_error(m, major_status, *minor_status); 130 return (major_status); 131 } 132 133 /* 134 * Now we make a new name and mark it as an MN. 135 */ 136 name = _gss_make_name(m, new_canonical_name); 137 if (!name) { 138 m->gm_release_name(minor_status, &new_canonical_name); 139 return (GSS_S_FAILURE); 140 } 141 142 *output_name = (gss_name_t) name; 143 144 *minor_status = 0; 145 return (GSS_S_COMPLETE); 146 } 147 148 OM_uint32 149 gss_import_name(OM_uint32 *minor_status, 150 const gss_buffer_t input_name_buffer, 151 const gss_OID input_name_type, 152 gss_name_t *output_name) 153 { 154 gss_OID name_type = input_name_type; 155 OM_uint32 major_status; 156 struct _gss_name *name; 157 158 *output_name = GSS_C_NO_NAME; 159 160 if (input_name_buffer->length == 0) { 161 *minor_status = 0; 162 return (GSS_S_BAD_NAME); 163 } 164 165 /* 166 * Use GSS_NT_USER_NAME as default name type. 167 */ 168 if (name_type == GSS_C_NO_OID) 169 name_type = GSS_C_NT_USER_NAME; 170 171 /* 172 * If this is an exported name, we need to parse it to find 173 * the mechanism and then import it as an MN. See RFC 2743 174 * section 3.2 for a description of the format. 175 */ 176 if (gss_oid_equal(name_type, GSS_C_NT_EXPORT_NAME)) { 177 return _gss_import_export_name(minor_status, 178 input_name_buffer, output_name); 179 } 180 181 /* 182 * Only allow certain name types. This is pretty bogus - we 183 * should figure out the list of supported name types using 184 * gss_inquire_names_for_mech. 185 */ 186 if (!gss_oid_equal(name_type, GSS_C_NT_USER_NAME) 187 && !gss_oid_equal(name_type, GSS_C_NT_MACHINE_UID_NAME) 188 && !gss_oid_equal(name_type, GSS_C_NT_STRING_UID_NAME) 189 && !gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE_X) 190 && !gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE) 191 && !gss_oid_equal(name_type, GSS_C_NT_ANONYMOUS) 192 && !gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) { 193 *minor_status = 0; 194 return (GSS_S_BAD_NAMETYPE); 195 } 196 197 *minor_status = 0; 198 name = malloc(sizeof(struct _gss_name)); 199 if (!name) { 200 *minor_status = ENOMEM; 201 return (GSS_S_FAILURE); 202 } 203 memset(name, 0, sizeof(struct _gss_name)); 204 205 major_status = _gss_copy_oid(minor_status, 206 name_type, &name->gn_type); 207 if (major_status) { 208 free(name); 209 return (GSS_S_FAILURE); 210 } 211 212 major_status = _gss_copy_buffer(minor_status, 213 input_name_buffer, &name->gn_value); 214 if (major_status) { 215 gss_name_t rname = (gss_name_t)name; 216 gss_release_name(minor_status, &rname); 217 return (GSS_S_FAILURE); 218 } 219 220 SLIST_INIT(&name->gn_mn); 221 222 *output_name = (gss_name_t) name; 223 return (GSS_S_COMPLETE); 224 } 225