1c0b9f4feSDoug Rabson /*- 2c0b9f4feSDoug Rabson * Copyright (c) 2005 Doug Rabson 3c0b9f4feSDoug Rabson * All rights reserved. 4c0b9f4feSDoug Rabson * 5c0b9f4feSDoug Rabson * Redistribution and use in source and binary forms, with or without 6c0b9f4feSDoug Rabson * modification, are permitted provided that the following conditions 7c0b9f4feSDoug Rabson * are met: 8c0b9f4feSDoug Rabson * 1. Redistributions of source code must retain the above copyright 9c0b9f4feSDoug Rabson * notice, this list of conditions and the following disclaimer. 10c0b9f4feSDoug Rabson * 2. Redistributions in binary form must reproduce the above copyright 11c0b9f4feSDoug Rabson * notice, this list of conditions and the following disclaimer in the 12c0b9f4feSDoug Rabson * documentation and/or other materials provided with the distribution. 13c0b9f4feSDoug Rabson * 14c0b9f4feSDoug Rabson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15c0b9f4feSDoug Rabson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16c0b9f4feSDoug Rabson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17c0b9f4feSDoug Rabson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18c0b9f4feSDoug Rabson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19c0b9f4feSDoug Rabson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20c0b9f4feSDoug Rabson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21c0b9f4feSDoug Rabson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22c0b9f4feSDoug Rabson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23c0b9f4feSDoug Rabson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24c0b9f4feSDoug Rabson * SUCH DAMAGE. 25c0b9f4feSDoug Rabson * 26c0b9f4feSDoug Rabson * $FreeBSD$ 27c0b9f4feSDoug Rabson */ 28c0b9f4feSDoug Rabson 29c0b9f4feSDoug Rabson #include <gssapi/gssapi.h> 30c0b9f4feSDoug Rabson #include <stdlib.h> 313aebdb89SAlexander Kabaev #include <string.h> 32c0b9f4feSDoug Rabson #include <errno.h> 33c0b9f4feSDoug Rabson 34c0b9f4feSDoug Rabson #include "mech_switch.h" 35c0b9f4feSDoug Rabson #include "name.h" 3633f12199SDoug Rabson #include "utils.h" 37c0b9f4feSDoug Rabson 38c0b9f4feSDoug Rabson /* 39c0b9f4feSDoug Rabson * The implementation must reserve static storage for a 40c0b9f4feSDoug Rabson * gss_OID_desc object containing the value 41c0b9f4feSDoug Rabson * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 42c0b9f4feSDoug Rabson * "\x01\x02\x01\x01"}, 43c0b9f4feSDoug Rabson * corresponding to an object-identifier value of 44c0b9f4feSDoug Rabson * {iso(1) member-body(2) United States(840) mit(113554) 45c0b9f4feSDoug Rabson * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 46c0b9f4feSDoug Rabson * GSS_C_NT_USER_NAME should be initialized to point 47c0b9f4feSDoug Rabson * to that gss_OID_desc. 48c0b9f4feSDoug Rabson */ 49c0b9f4feSDoug Rabson static gss_OID_desc GSS_C_NT_USER_NAME_storage = 5033f12199SDoug Rabson {10, (void *)(uintptr_t)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}; 51c0b9f4feSDoug Rabson gss_OID GSS_C_NT_USER_NAME = &GSS_C_NT_USER_NAME_storage; 52c0b9f4feSDoug Rabson 53c0b9f4feSDoug Rabson /* 54c0b9f4feSDoug Rabson * The implementation must reserve static storage for a 55c0b9f4feSDoug Rabson * gss_OID_desc object containing the value 56c0b9f4feSDoug Rabson * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 57c0b9f4feSDoug Rabson * "\x01\x02\x01\x02"}, 58c0b9f4feSDoug Rabson * corresponding to an object-identifier value of 59c0b9f4feSDoug Rabson * {iso(1) member-body(2) United States(840) mit(113554) 60c0b9f4feSDoug Rabson * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 61c0b9f4feSDoug Rabson * The constant GSS_C_NT_MACHINE_UID_NAME should be 62c0b9f4feSDoug Rabson * initialized to point to that gss_OID_desc. 63c0b9f4feSDoug Rabson */ 64c0b9f4feSDoug Rabson static gss_OID_desc GSS_C_NT_MACHINE_UID_NAME_storage = 6533f12199SDoug Rabson {10, (void *)(uintptr_t)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}; 66c0b9f4feSDoug Rabson gss_OID GSS_C_NT_MACHINE_UID_NAME = &GSS_C_NT_MACHINE_UID_NAME_storage; 67c0b9f4feSDoug Rabson 68c0b9f4feSDoug Rabson /* 69c0b9f4feSDoug Rabson * The implementation must reserve static storage for a 70c0b9f4feSDoug Rabson * gss_OID_desc object containing the value 71c0b9f4feSDoug Rabson * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 72c0b9f4feSDoug Rabson * "\x01\x02\x01\x03"}, 73c0b9f4feSDoug Rabson * corresponding to an object-identifier value of 74c0b9f4feSDoug Rabson * {iso(1) member-body(2) United States(840) mit(113554) 75c0b9f4feSDoug Rabson * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 76c0b9f4feSDoug Rabson * The constant GSS_C_NT_STRING_UID_NAME should be 77c0b9f4feSDoug Rabson * initialized to point to that gss_OID_desc. 78c0b9f4feSDoug Rabson */ 79c0b9f4feSDoug Rabson static gss_OID_desc GSS_C_NT_STRING_UID_NAME_storage = 8033f12199SDoug Rabson {10, (void *)(uintptr_t)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}; 81c0b9f4feSDoug Rabson gss_OID GSS_C_NT_STRING_UID_NAME = &GSS_C_NT_STRING_UID_NAME_storage; 82c0b9f4feSDoug Rabson 83c0b9f4feSDoug Rabson /* 84c0b9f4feSDoug Rabson * The implementation must reserve static storage for a 85c0b9f4feSDoug Rabson * gss_OID_desc object containing the value 86c0b9f4feSDoug Rabson * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 87c0b9f4feSDoug Rabson * corresponding to an object-identifier value of 88c0b9f4feSDoug Rabson * {iso(1) org(3) dod(6) internet(1) security(5) 89c0b9f4feSDoug Rabson * nametypes(6) gss-host-based-services(2)). The constant 90c0b9f4feSDoug Rabson * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 91c0b9f4feSDoug Rabson * to that gss_OID_desc. This is a deprecated OID value, and 92c0b9f4feSDoug Rabson * implementations wishing to support hostbased-service names 93c0b9f4feSDoug Rabson * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 94c0b9f4feSDoug Rabson * defined below, to identify such names; 95c0b9f4feSDoug Rabson * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 96c0b9f4feSDoug Rabson * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 97c0b9f4feSDoug Rabson * parameter, but should not be emitted by GSS-API 98c0b9f4feSDoug Rabson * implementations 99c0b9f4feSDoug Rabson */ 100c0b9f4feSDoug Rabson static gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_X_storage = 10133f12199SDoug Rabson {6, (void *)(uintptr_t)"\x2b\x06\x01\x05\x06\x02"}; 102c0b9f4feSDoug Rabson gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &GSS_C_NT_HOSTBASED_SERVICE_X_storage; 103c0b9f4feSDoug Rabson 104c0b9f4feSDoug Rabson /* 105c0b9f4feSDoug Rabson * The implementation must reserve static storage for a 106c0b9f4feSDoug Rabson * gss_OID_desc object containing the value 107c0b9f4feSDoug Rabson * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 108c0b9f4feSDoug Rabson * "\x01\x02\x01\x04"}, corresponding to an 109c0b9f4feSDoug Rabson * object-identifier value of {iso(1) member-body(2) 110c0b9f4feSDoug Rabson * Unites States(840) mit(113554) infosys(1) gssapi(2) 111c0b9f4feSDoug Rabson * generic(1) service_name(4)}. The constant 112c0b9f4feSDoug Rabson * GSS_C_NT_HOSTBASED_SERVICE should be initialized 113c0b9f4feSDoug Rabson * to point to that gss_OID_desc. 114c0b9f4feSDoug Rabson */ 115c0b9f4feSDoug Rabson static gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_storage = 11633f12199SDoug Rabson {10, (void *)(uintptr_t)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"}; 117c0b9f4feSDoug Rabson gss_OID GSS_C_NT_HOSTBASED_SERVICE = &GSS_C_NT_HOSTBASED_SERVICE_storage; 118c0b9f4feSDoug Rabson 119c0b9f4feSDoug Rabson /* 120c0b9f4feSDoug Rabson * The implementation must reserve static storage for a 121c0b9f4feSDoug Rabson * gss_OID_desc object containing the value 122c0b9f4feSDoug Rabson * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 123c0b9f4feSDoug Rabson * corresponding to an object identifier value of 124c0b9f4feSDoug Rabson * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 125c0b9f4feSDoug Rabson * 6(nametypes), 3(gss-anonymous-name)}. The constant 126c0b9f4feSDoug Rabson * and GSS_C_NT_ANONYMOUS should be initialized to point 127c0b9f4feSDoug Rabson * to that gss_OID_desc. 128c0b9f4feSDoug Rabson */ 129c0b9f4feSDoug Rabson static gss_OID_desc GSS_C_NT_ANONYMOUS_storage = 13033f12199SDoug Rabson {6, (void *)(uintptr_t)"\x2b\x06\01\x05\x06\x03"}; 131c0b9f4feSDoug Rabson gss_OID GSS_C_NT_ANONYMOUS = &GSS_C_NT_ANONYMOUS_storage; 132c0b9f4feSDoug Rabson 133c0b9f4feSDoug Rabson /* 134c0b9f4feSDoug Rabson * The implementation must reserve static storage for a 135c0b9f4feSDoug Rabson * gss_OID_desc object containing the value 136c0b9f4feSDoug Rabson * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 137c0b9f4feSDoug Rabson * corresponding to an object-identifier value of 138c0b9f4feSDoug Rabson * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 139c0b9f4feSDoug Rabson * 6(nametypes), 4(gss-api-exported-name)}. The constant 140c0b9f4feSDoug Rabson * GSS_C_NT_EXPORT_NAME should be initialized to point 141c0b9f4feSDoug Rabson * to that gss_OID_desc. 142c0b9f4feSDoug Rabson */ 143c0b9f4feSDoug Rabson static gss_OID_desc GSS_C_NT_EXPORT_NAME_storage = 14433f12199SDoug Rabson {6, (void *)(uintptr_t)"\x2b\x06\x01\x05\x06\x04"}; 145c0b9f4feSDoug Rabson gss_OID GSS_C_NT_EXPORT_NAME = &GSS_C_NT_EXPORT_NAME_storage; 146c0b9f4feSDoug Rabson 147c0b9f4feSDoug Rabson /* 148c0b9f4feSDoug Rabson * This name form shall be represented by the Object Identifier {iso(1) 149c0b9f4feSDoug Rabson * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 150c0b9f4feSDoug Rabson * krb5(2) krb5_name(1)}. The recommended symbolic name for this type 151c0b9f4feSDoug Rabson * is "GSS_KRB5_NT_PRINCIPAL_NAME". 152c0b9f4feSDoug Rabson */ 153c0b9f4feSDoug Rabson static gss_OID_desc GSS_KRB5_NT_PRINCIPAL_NAME_storage = 15433f12199SDoug Rabson {10, (void *)(uintptr_t)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01"}; 155c0b9f4feSDoug Rabson gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &GSS_KRB5_NT_PRINCIPAL_NAME_storage; 156c0b9f4feSDoug Rabson 157c0b9f4feSDoug Rabson /* 158c0b9f4feSDoug Rabson * This name form shall be represented by the Object Identifier {iso(1) 159c0b9f4feSDoug Rabson * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 160c0b9f4feSDoug Rabson * generic(1) user_name(1)}. The recommended symbolic name for this 161c0b9f4feSDoug Rabson * type is "GSS_KRB5_NT_USER_NAME". 162c0b9f4feSDoug Rabson */ 163c0b9f4feSDoug Rabson gss_OID GSS_KRB5_NT_USER_NAME = &GSS_C_NT_USER_NAME_storage; 164c0b9f4feSDoug Rabson 165c0b9f4feSDoug Rabson /* 166c0b9f4feSDoug Rabson * This name form shall be represented by the Object Identifier {iso(1) 167c0b9f4feSDoug Rabson * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 168c0b9f4feSDoug Rabson * generic(1) machine_uid_name(2)}. The recommended symbolic name for 169c0b9f4feSDoug Rabson * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". 170c0b9f4feSDoug Rabson */ 171c0b9f4feSDoug Rabson gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &GSS_C_NT_MACHINE_UID_NAME_storage; 172c0b9f4feSDoug Rabson 173c0b9f4feSDoug Rabson /* 174c0b9f4feSDoug Rabson * This name form shall be represented by the Object Identifier {iso(1) 175c0b9f4feSDoug Rabson * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 176c0b9f4feSDoug Rabson * generic(1) string_uid_name(3)}. The recommended symbolic name for 177c0b9f4feSDoug Rabson * this type is "GSS_KRB5_NT_STRING_UID_NAME". 178c0b9f4feSDoug Rabson */ 179c0b9f4feSDoug Rabson gss_OID GSS_KRB5_NT_STRING_UID_NAME = &GSS_C_NT_STRING_UID_NAME_storage; 180c0b9f4feSDoug Rabson 18133f12199SDoug Rabson OM_uint32 18233f12199SDoug Rabson _gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech, 18333f12199SDoug Rabson struct _gss_mechanism_name **output_mn) 184c0b9f4feSDoug Rabson { 18533f12199SDoug Rabson OM_uint32 major_status; 186c0b9f4feSDoug Rabson struct _gss_mech_switch *m; 187c0b9f4feSDoug Rabson struct _gss_mechanism_name *mn; 188c0b9f4feSDoug Rabson 18933f12199SDoug Rabson *output_mn = NULL; 19033f12199SDoug Rabson 191c0b9f4feSDoug Rabson SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { 19233f12199SDoug Rabson if (gss_oid_equal(mech, mn->gmn_mech_oid)) 193c0b9f4feSDoug Rabson break; 194c0b9f4feSDoug Rabson } 195c0b9f4feSDoug Rabson 196c0b9f4feSDoug Rabson if (!mn) { 197c0b9f4feSDoug Rabson /* 198c0b9f4feSDoug Rabson * If this name is canonical (i.e. there is only an 199c0b9f4feSDoug Rabson * MN but it is from a different mech), give up now. 200c0b9f4feSDoug Rabson */ 201c0b9f4feSDoug Rabson if (!name->gn_value.value) 20233f12199SDoug Rabson return (GSS_S_BAD_NAME); 203c0b9f4feSDoug Rabson 204c0b9f4feSDoug Rabson m = _gss_find_mech_switch(mech); 205c0b9f4feSDoug Rabson if (!m) 20633f12199SDoug Rabson return (GSS_S_BAD_MECH); 207c0b9f4feSDoug Rabson 208c0b9f4feSDoug Rabson mn = malloc(sizeof(struct _gss_mechanism_name)); 209c0b9f4feSDoug Rabson if (!mn) 21033f12199SDoug Rabson return (GSS_S_FAILURE); 211c0b9f4feSDoug Rabson 21233f12199SDoug Rabson major_status = m->gm_import_name(minor_status, 213c0b9f4feSDoug Rabson &name->gn_value, 214c0b9f4feSDoug Rabson (name->gn_type.elements 215c0b9f4feSDoug Rabson ? &name->gn_type : GSS_C_NO_OID), 216c0b9f4feSDoug Rabson &mn->gmn_name); 21733f12199SDoug Rabson if (major_status != GSS_S_COMPLETE) { 21833f12199SDoug Rabson _gss_mg_error(m, major_status, *minor_status); 219c0b9f4feSDoug Rabson free(mn); 22033f12199SDoug Rabson return (major_status); 221c0b9f4feSDoug Rabson } 222c0b9f4feSDoug Rabson 223c0b9f4feSDoug Rabson mn->gmn_mech = m; 224c0b9f4feSDoug Rabson mn->gmn_mech_oid = &m->gm_mech_oid; 225c0b9f4feSDoug Rabson SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); 226c0b9f4feSDoug Rabson } 22733f12199SDoug Rabson *output_mn = mn; 22833f12199SDoug Rabson return (GSS_S_COMPLETE); 229c0b9f4feSDoug Rabson } 230c0b9f4feSDoug Rabson 23133f12199SDoug Rabson 232c0b9f4feSDoug Rabson /* 233c0b9f4feSDoug Rabson * Make a name from an MN. 234c0b9f4feSDoug Rabson */ 235c0b9f4feSDoug Rabson struct _gss_name * 236c0b9f4feSDoug Rabson _gss_make_name(struct _gss_mech_switch *m, gss_name_t new_mn) 237c0b9f4feSDoug Rabson { 238c0b9f4feSDoug Rabson struct _gss_name *name; 239c0b9f4feSDoug Rabson struct _gss_mechanism_name *mn; 240c0b9f4feSDoug Rabson 241c0b9f4feSDoug Rabson name = malloc(sizeof(struct _gss_name)); 242c0b9f4feSDoug Rabson if (!name) 243c0b9f4feSDoug Rabson return (0); 244c0b9f4feSDoug Rabson memset(name, 0, sizeof(struct _gss_name)); 245c0b9f4feSDoug Rabson 246c0b9f4feSDoug Rabson mn = malloc(sizeof(struct _gss_mechanism_name)); 247c0b9f4feSDoug Rabson if (!mn) { 248c0b9f4feSDoug Rabson free(name); 249c0b9f4feSDoug Rabson return (0); 250c0b9f4feSDoug Rabson } 251c0b9f4feSDoug Rabson 252c0b9f4feSDoug Rabson SLIST_INIT(&name->gn_mn); 253c0b9f4feSDoug Rabson mn->gmn_mech = m; 254c0b9f4feSDoug Rabson mn->gmn_mech_oid = &m->gm_mech_oid; 255c0b9f4feSDoug Rabson mn->gmn_name = new_mn; 256c0b9f4feSDoug Rabson SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); 257c0b9f4feSDoug Rabson 258c0b9f4feSDoug Rabson return (name); 259c0b9f4feSDoug Rabson } 260c0b9f4feSDoug Rabson 261