1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2005 Doug Rabson 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * $FreeBSD$ 29 */ 30 31 #include <gssapi/gssapi.h> 32 #include <ctype.h> 33 #include <dlfcn.h> 34 #include <errno.h> 35 #include <stdio.h> 36 #include <stdlib.h> 37 #include <string.h> 38 39 #include "mech_switch.h" 40 #include "utils.h" 41 42 #ifndef _PATH_GSS_MECH 43 #define _PATH_GSS_MECH "/etc/gss/mech" 44 #endif 45 46 struct _gss_mech_switch_list _gss_mechs = 47 SLIST_HEAD_INITIALIZER(_gss_mechs); 48 gss_OID_set _gss_mech_oids; 49 50 /* 51 * Convert a string containing an OID in 'dot' form 52 * (e.g. 1.2.840.113554.1.2.2) to a gss_OID. 53 */ 54 static int 55 _gss_string_to_oid(const char* s, gss_OID oid) 56 { 57 int number_count, i, j; 58 int byte_count; 59 const char *p, *q; 60 char *res; 61 62 oid->length = 0; 63 oid->elements = NULL; 64 65 /* 66 * First figure out how many numbers in the oid, then 67 * calculate the compiled oid size. 68 */ 69 number_count = 0; 70 for (p = s; p; p = q) { 71 q = strchr(p, '.'); 72 if (q) q = q + 1; 73 number_count++; 74 } 75 76 /* 77 * The first two numbers are in the first byte and each 78 * subsequent number is encoded in a variable byte sequence. 79 */ 80 if (number_count < 2) 81 return (EINVAL); 82 83 /* 84 * We do this in two passes. The first pass, we just figure 85 * out the size. Second time around, we actually encode the 86 * number. 87 */ 88 res = NULL; 89 for (i = 0; i < 2; i++) { 90 byte_count = 0; 91 for (p = s, j = 0; p; p = q, j++) { 92 unsigned int number = 0; 93 94 /* 95 * Find the end of this number. 96 */ 97 q = strchr(p, '.'); 98 if (q) q = q + 1; 99 100 /* 101 * Read the number of of the string. Don't 102 * bother with anything except base ten. 103 */ 104 while (*p && *p != '.') { 105 number = 10 * number + (*p - '0'); 106 p++; 107 } 108 109 /* 110 * Encode the number. The first two numbers 111 * are packed into the first byte. Subsequent 112 * numbers are encoded in bytes seven bits at 113 * a time with the last byte having the high 114 * bit set. 115 */ 116 if (j == 0) { 117 if (res) 118 *res = number * 40; 119 } else if (j == 1) { 120 if (res) { 121 *res += number; 122 res++; 123 } 124 byte_count++; 125 } else if (j >= 2) { 126 /* 127 * The number is encoded in seven bit chunks. 128 */ 129 unsigned int t; 130 int bytes; 131 132 bytes = 0; 133 for (t = number; t; t >>= 7) 134 bytes++; 135 if (bytes == 0) bytes = 1; 136 while (bytes) { 137 if (res) { 138 int bit = 7*(bytes-1); 139 140 *res = (number >> bit) & 0x7f; 141 if (bytes != 1) 142 *res |= 0x80; 143 res++; 144 } 145 byte_count++; 146 bytes--; 147 } 148 } 149 } 150 if (!res) { 151 res = malloc(byte_count); 152 if (!res) 153 return (ENOMEM); 154 oid->length = byte_count; 155 oid->elements = res; 156 } 157 } 158 159 return (0); 160 } 161 162 163 #define SYM(name) \ 164 do { \ 165 snprintf(buf, sizeof(buf), "%s_%s", \ 166 m->gm_name_prefix, #name); \ 167 m->gm_ ## name = dlsym(so, buf); \ 168 if (!m->gm_ ## name) { \ 169 fprintf(stderr, "can't find symbol %s\n", buf); \ 170 goto bad; \ 171 } \ 172 } while (0) 173 174 #define OPTSYM(name) \ 175 do { \ 176 snprintf(buf, sizeof(buf), "%s_%s", \ 177 m->gm_name_prefix, #name); \ 178 m->gm_ ## name = dlsym(so, buf); \ 179 } while (0) 180 181 /* 182 * Load the mechanisms file (/etc/gss/mech). 183 */ 184 void 185 _gss_load_mech(void) 186 { 187 OM_uint32 major_status, minor_status; 188 FILE *fp; 189 char buf[256]; 190 char *p; 191 char *name, *oid, *lib, *kobj; 192 struct _gss_mech_switch *m; 193 int count; 194 void *so; 195 const char *(*prefix_fn)(void); 196 197 if (SLIST_FIRST(&_gss_mechs)) 198 return; 199 200 major_status = gss_create_empty_oid_set(&minor_status, 201 &_gss_mech_oids); 202 if (major_status) 203 return; 204 205 fp = fopen(_PATH_GSS_MECH, "r"); 206 if (!fp) { 207 perror(_PATH_GSS_MECH); 208 return; 209 } 210 211 count = 0; 212 while (fgets(buf, sizeof(buf), fp)) { 213 if (*buf == '#') 214 continue; 215 p = buf; 216 name = strsep(&p, "\t\n "); 217 if (p) while (isspace(*p)) p++; 218 oid = strsep(&p, "\t\n "); 219 if (p) while (isspace(*p)) p++; 220 lib = strsep(&p, "\t\n "); 221 if (p) while (isspace(*p)) p++; 222 kobj = strsep(&p, "\t\n "); 223 if (!name || !oid || !lib || !kobj) 224 continue; 225 226 so = dlopen(lib, RTLD_LOCAL); 227 if (!so) { 228 fprintf(stderr, "dlopen: %s\n", dlerror()); 229 continue; 230 } 231 232 m = malloc(sizeof(struct _gss_mech_switch)); 233 if (!m) 234 break; 235 m->gm_so = so; 236 if (_gss_string_to_oid(oid, &m->gm_mech_oid)) { 237 free(m); 238 continue; 239 } 240 241 prefix_fn = (const char *(*)(void)) 242 dlsym(so, "_gss_name_prefix"); 243 if (prefix_fn) 244 m->gm_name_prefix = prefix_fn(); 245 else 246 m->gm_name_prefix = "gss"; 247 248 major_status = gss_add_oid_set_member(&minor_status, 249 &m->gm_mech_oid, &_gss_mech_oids); 250 if (major_status) { 251 free(m->gm_mech_oid.elements); 252 free(m); 253 continue; 254 } 255 256 SYM(acquire_cred); 257 SYM(release_cred); 258 SYM(init_sec_context); 259 SYM(accept_sec_context); 260 SYM(process_context_token); 261 SYM(delete_sec_context); 262 SYM(context_time); 263 SYM(get_mic); 264 SYM(verify_mic); 265 SYM(wrap); 266 SYM(unwrap); 267 SYM(display_status); 268 OPTSYM(indicate_mechs); 269 SYM(compare_name); 270 SYM(display_name); 271 SYM(import_name); 272 SYM(export_name); 273 SYM(release_name); 274 SYM(inquire_cred); 275 SYM(inquire_context); 276 SYM(wrap_size_limit); 277 SYM(add_cred); 278 SYM(inquire_cred_by_mech); 279 SYM(export_sec_context); 280 SYM(import_sec_context); 281 SYM(inquire_names_for_mech); 282 SYM(inquire_mechs_for_name); 283 SYM(canonicalize_name); 284 SYM(duplicate_name); 285 OPTSYM(inquire_sec_context_by_oid); 286 OPTSYM(inquire_cred_by_oid); 287 OPTSYM(set_sec_context_option); 288 OPTSYM(set_cred_option); 289 OPTSYM(pseudo_random); 290 OPTSYM(pname_to_uid); 291 292 SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); 293 count++; 294 continue; 295 296 bad: 297 free(m->gm_mech_oid.elements); 298 free(m); 299 dlclose(so); 300 continue; 301 } 302 fclose(fp); 303 } 304 305 struct _gss_mech_switch * 306 _gss_find_mech_switch(gss_OID mech) 307 { 308 struct _gss_mech_switch *m; 309 310 _gss_load_mech(); 311 SLIST_FOREACH(m, &_gss_mechs, gm_link) { 312 if (gss_oid_equal(&m->gm_mech_oid, mech)) 313 return m; 314 } 315 return (0); 316 } 317