1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2005 Doug Rabson 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * $FreeBSD$ 29 */ 30 31 #include <gssapi/gssapi.h> 32 #include <ctype.h> 33 #include <dlfcn.h> 34 #include <errno.h> 35 #include <stdio.h> 36 #include <stdlib.h> 37 #include <string.h> 38 39 #include "mech_switch.h" 40 #include "utils.h" 41 42 #ifndef _PATH_GSS_MECH 43 #define _PATH_GSS_MECH "/etc/gss/mech" 44 #endif 45 46 struct _gss_mech_switch_list _gss_mechs = 47 SLIST_HEAD_INITIALIZER(_gss_mechs); 48 gss_OID_set _gss_mech_oids; 49 50 /* 51 * Convert a string containing an OID in 'dot' form 52 * (e.g. 1.2.840.113554.1.2.2) to a gss_OID. 53 */ 54 static int 55 _gss_string_to_oid(const char* s, gss_OID oid) 56 { 57 int number_count, i, j; 58 int byte_count; 59 const char *p, *q; 60 char *res; 61 62 oid->length = 0; 63 oid->elements = NULL; 64 65 /* 66 * First figure out how many numbers in the oid, then 67 * calculate the compiled oid size. 68 */ 69 number_count = 0; 70 for (p = s; p; p = q) { 71 q = strchr(p, '.'); 72 if (q) q = q + 1; 73 number_count++; 74 } 75 76 /* 77 * The first two numbers are in the first byte and each 78 * subsequent number is encoded in a variable byte sequence. 79 */ 80 if (number_count < 2) 81 return (EINVAL); 82 83 /* 84 * We do this in two passes. The first pass, we just figure 85 * out the size. Second time around, we actually encode the 86 * number. 87 */ 88 res = NULL; 89 for (i = 0; i < 2; i++) { 90 byte_count = 0; 91 for (p = s, j = 0; p; p = q, j++) { 92 unsigned int number = 0; 93 94 /* 95 * Find the end of this number. 96 */ 97 q = strchr(p, '.'); 98 if (q) q = q + 1; 99 100 /* 101 * Read the number of of the string. Don't 102 * bother with anything except base ten. 103 */ 104 while (*p && *p != '.') { 105 number = 10 * number + (*p - '0'); 106 p++; 107 } 108 109 /* 110 * Encode the number. The first two numbers 111 * are packed into the first byte. Subsequent 112 * numbers are encoded in bytes seven bits at 113 * a time with the last byte having the high 114 * bit set. 115 */ 116 if (j == 0) { 117 if (res) 118 *res = number * 40; 119 } else if (j == 1) { 120 if (res) { 121 *res += number; 122 res++; 123 } 124 byte_count++; 125 } else if (j >= 2) { 126 /* 127 * The number is encoded in seven bit chunks. 128 */ 129 unsigned int t; 130 int bytes; 131 132 bytes = 0; 133 for (t = number; t; t >>= 7) 134 bytes++; 135 if (bytes == 0) bytes = 1; 136 while (bytes) { 137 if (res) { 138 int bit = 7*(bytes-1); 139 140 *res = (number >> bit) & 0x7f; 141 if (bytes != 1) 142 *res |= 0x80; 143 res++; 144 } 145 byte_count++; 146 bytes--; 147 } 148 } 149 } 150 if (!res) { 151 res = malloc(byte_count); 152 if (!res) 153 return (ENOMEM); 154 oid->length = byte_count; 155 oid->elements = res; 156 } 157 } 158 159 return (0); 160 } 161 162 163 #define SYM(name) \ 164 do { \ 165 snprintf(buf, sizeof(buf), "%s_%s", \ 166 m->gm_name_prefix, #name); \ 167 m->gm_ ## name = dlsym(so, buf); \ 168 if (!m->gm_ ## name) { \ 169 fprintf(stderr, "can't find symbol %s\n", buf); \ 170 goto bad; \ 171 } \ 172 } while (0) 173 174 #define OPTSYM(name) \ 175 do { \ 176 snprintf(buf, sizeof(buf), "%s_%s", \ 177 m->gm_name_prefix, #name); \ 178 m->gm_ ## name = dlsym(so, buf); \ 179 } while (0) 180 181 /* 182 * Load the mechanisms file (/etc/gss/mech). 183 */ 184 void 185 _gss_load_mech(void) 186 { 187 OM_uint32 major_status, minor_status; 188 FILE *fp; 189 char buf[256]; 190 char *p; 191 char *name, *oid, *lib, *kobj; 192 struct _gss_mech_switch *m; 193 void *so; 194 const char *(*prefix_fn)(void); 195 196 if (SLIST_FIRST(&_gss_mechs)) 197 return; 198 199 major_status = gss_create_empty_oid_set(&minor_status, 200 &_gss_mech_oids); 201 if (major_status) 202 return; 203 204 fp = fopen(_PATH_GSS_MECH, "r"); 205 if (!fp) { 206 perror(_PATH_GSS_MECH); 207 return; 208 } 209 210 while (fgets(buf, sizeof(buf), fp)) { 211 if (*buf == '#') 212 continue; 213 p = buf; 214 name = strsep(&p, "\t\n "); 215 if (p) while (isspace(*p)) p++; 216 oid = strsep(&p, "\t\n "); 217 if (p) while (isspace(*p)) p++; 218 lib = strsep(&p, "\t\n "); 219 if (p) while (isspace(*p)) p++; 220 kobj = strsep(&p, "\t\n "); 221 if (!name || !oid || !lib || !kobj) 222 continue; 223 224 so = dlopen(lib, RTLD_LOCAL); 225 if (!so) { 226 fprintf(stderr, "dlopen: %s\n", dlerror()); 227 continue; 228 } 229 230 m = malloc(sizeof(struct _gss_mech_switch)); 231 if (!m) 232 break; 233 m->gm_so = so; 234 if (_gss_string_to_oid(oid, &m->gm_mech_oid)) { 235 free(m); 236 continue; 237 } 238 239 prefix_fn = (const char *(*)(void)) 240 dlsym(so, "_gss_name_prefix"); 241 if (prefix_fn) 242 m->gm_name_prefix = prefix_fn(); 243 else 244 m->gm_name_prefix = "gss"; 245 246 major_status = gss_add_oid_set_member(&minor_status, 247 &m->gm_mech_oid, &_gss_mech_oids); 248 if (major_status) { 249 free(m->gm_mech_oid.elements); 250 free(m); 251 continue; 252 } 253 254 SYM(acquire_cred); 255 SYM(release_cred); 256 SYM(init_sec_context); 257 SYM(accept_sec_context); 258 SYM(process_context_token); 259 SYM(delete_sec_context); 260 SYM(context_time); 261 SYM(get_mic); 262 SYM(verify_mic); 263 SYM(wrap); 264 SYM(unwrap); 265 SYM(display_status); 266 OPTSYM(indicate_mechs); 267 SYM(compare_name); 268 SYM(display_name); 269 SYM(import_name); 270 SYM(export_name); 271 SYM(release_name); 272 SYM(inquire_cred); 273 SYM(inquire_context); 274 SYM(wrap_size_limit); 275 SYM(add_cred); 276 SYM(inquire_cred_by_mech); 277 SYM(export_sec_context); 278 SYM(import_sec_context); 279 SYM(inquire_names_for_mech); 280 SYM(inquire_mechs_for_name); 281 SYM(canonicalize_name); 282 SYM(duplicate_name); 283 OPTSYM(inquire_sec_context_by_oid); 284 OPTSYM(inquire_cred_by_oid); 285 OPTSYM(set_sec_context_option); 286 OPTSYM(set_cred_option); 287 OPTSYM(pseudo_random); 288 OPTSYM(pname_to_uid); 289 290 SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); 291 continue; 292 293 bad: 294 free(m->gm_mech_oid.elements); 295 free(m); 296 dlclose(so); 297 continue; 298 } 299 fclose(fp); 300 } 301 302 struct _gss_mech_switch * 303 _gss_find_mech_switch(gss_OID mech) 304 { 305 struct _gss_mech_switch *m; 306 307 _gss_load_mech(); 308 SLIST_FOREACH(m, &_gss_mechs, gm_link) { 309 if (gss_oid_equal(&m->gm_mech_oid, mech)) 310 return m; 311 } 312 return (0); 313 } 314