From c5bea98ddb2f7967df572160f639da3cba381a87 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Nov 2010 11:24:08 +1100 Subject: s4:heimdal: import lorikeet-heimdal-201012010201 (commit 81fe27bcc0148d410ca4617f8759b9df1a5e935c) --- source4/heimdal/lib/gssapi/gssapi/gssapi.h | 85 +++- source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h | 73 ---- source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h | 231 +++++++++++ source4/heimdal/lib/gssapi/gssapi_mech.h | 80 +++- source4/heimdal/lib/gssapi/krb5/acquire_cred.c | 14 +- source4/heimdal/lib/gssapi/krb5/external.c | 238 +++++------ source4/heimdal/lib/gssapi/krb5/set_cred_option.c | 9 - source4/heimdal/lib/gssapi/mech/gss_mech_switch.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_mo.c | 464 ++++++++++++++++++++++ source4/heimdal/lib/gssapi/mech/gss_oid.c | 253 ++++++++++++ source4/heimdal/lib/gssapi/mech/gss_oid_equal.c | 2 +- source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c | 31 ++ source4/heimdal/lib/gssapi/mech/gss_wrap.c | 15 + source4/heimdal/lib/gssapi/mech/mech_locl.h | 15 +- source4/heimdal/lib/gssapi/spnego/external.c | 49 ++- 15 files changed, 1317 insertions(+), 244 deletions(-) create mode 100644 source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h create mode 100644 source4/heimdal/lib/gssapi/mech/gss_mo.c create mode 100644 source4/heimdal/lib/gssapi/mech/gss_oid.c (limited to 'source4/heimdal/lib/gssapi') diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi.h b/source4/heimdal/lib/gssapi/gssapi/gssapi.h index fa53a8a74c..12833ebe14 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi.h @@ -90,29 +90,35 @@ typedef uint32_t gss_uint32; struct gss_name_t_desc_struct; typedef struct gss_name_t_desc_struct *gss_name_t; +typedef const struct gss_name_t_desc_struct *gss_const_name_t; struct gss_ctx_id_t_desc_struct; typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t; +typedef const struct gss_ctx_id_t_desc_struct gss_const_ctx_id_t; typedef struct gss_OID_desc_struct { OM_uint32 length; void *elements; } gss_OID_desc, *gss_OID; +typedef const gss_OID_desc * gss_const_OID; typedef struct gss_OID_set_desc_struct { size_t count; gss_OID elements; } gss_OID_set_desc, *gss_OID_set; +typedef const gss_OID_set_desc * gss_const_OID_set; typedef int gss_cred_usage_t; struct gss_cred_id_t_desc_struct; typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t; +typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t; typedef struct gss_buffer_desc_struct { size_t length; void *value; } gss_buffer_desc, *gss_buffer_t; +typedef const gss_buffer_desc * gss_const_buffer_t; typedef struct gss_channel_bindings_struct { OM_uint32 initiator_addrtype; @@ -121,6 +127,7 @@ typedef struct gss_channel_bindings_struct { gss_buffer_desc acceptor_address; gss_buffer_desc application_data; } *gss_channel_bindings_t; +typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t; /* GGF extension data types */ typedef struct gss_buffer_set_desc_struct { @@ -138,6 +145,8 @@ typedef struct gss_iov_buffer_desc_struct { */ typedef OM_uint32 gss_qop_t; + + /* * Flag bits for context-level services. */ @@ -261,6 +270,8 @@ typedef OM_uint32 gss_qop_t; GSSAPI_CPP_START +#include + /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value @@ -363,14 +374,6 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc; extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc; #define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc) -/* - * Digest mechanism - */ - -extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc; -#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc) - - /* Major status codes */ #define GSS_S_COMPLETE 0 @@ -438,6 +441,7 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc #define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET) /* * Supplementary info bits: @@ -756,7 +760,7 @@ gss_set_cred_option (OM_uint32 *minor_status, const gss_buffer_t value); GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL -gss_oid_equal(const gss_OID a, const gss_OID b); +gss_oid_equal(gss_const_OID a, gss_const_OID b); GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_create_empty_buffer_set @@ -929,6 +933,69 @@ gss_import_cred(OM_uint32 * /* minor_status */, gss_buffer_t /* cred_token */, gss_cred_id_t * /* cred_handle */); +/* + * mech option + */ + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_set(gss_const_OID mech, gss_const_OID option, + int enable, gss_buffer_t value); + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value); + +GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL +gss_mo_list(gss_const_OID mech, gss_OID_set *options); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_mo_name(gss_const_OID mech, gss_const_OID options, gss_buffer_t name); + +/* + * SASL glue functions and mech inquire + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_saslname_for_mech(OM_uint32 *minor_status, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_mech_for_saslname(OM_uint32 *minor_status, + const gss_buffer_t sasl_mech_name, + gss_OID *mech_type); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_indicate_mechs_by_attrs(OM_uint32 * minor_status, + gss_const_OID_set desired_mech_attrs, + gss_const_OID_set except_mech_attrs, + gss_const_OID_set critical_mech_attrs, + gss_OID_set *mechs); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_attrs_for_mech(OM_uint32 * minor_status, + gss_const_OID mech, + gss_OID_set *mech_attr, + gss_OID_set *known_mech_attrs); + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_mech_attr(OM_uint32 * minor_status, + gss_const_OID mech_attr, + gss_buffer_t name, + gss_buffer_t short_desc, + gss_buffer_t long_desc); + + +/* + * + */ + +GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL +gss_oid_to_name(gss_const_OID oid); + +GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL +gss_name_to_oid(const char *name); GSSAPI_CPP_END diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h index 28f9c3777b..2f605f5ee1 100644 --- a/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_krb5.h @@ -68,79 +68,6 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc; #define gss_mech_krb5 GSS_KRB5_MECHANISM #define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME -/* Extensions set contexts options */ -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc; -#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc; -#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc; -#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc; -#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc; -#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc; -#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc; -#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc; -#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc; -#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc; -#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc) - -/* Extensions inquire context */ -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc; -#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; -#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc; -#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc; -#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc; -#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc; -#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc; -#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc; -#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc; -#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc; -#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc) - -/* Extensions creds */ - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc; -#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc; -#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc) - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc; -#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc) - /* * kerberos mechanism specific functions */ diff --git a/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h new file mode 100644 index 0000000000..af7a583344 --- /dev/null +++ b/source4/heimdal/lib/gssapi/gssapi/gssapi_oid.h @@ -0,0 +1,231 @@ +/* Generated file */ +#ifndef GSSAPI_GSSAPI_OID +#define GSSAPI_GSSAPI_OID 1 + + /* contact Love Hörnquist Åstrand for new oid arcs */ + /* + * 1.2.752.43.13 Heimdal GSS-API Extentions + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc; +#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc; +#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc; +#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc; +#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc; +#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc; +#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc; +#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc; +#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc; +#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc; +#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc; +#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc; +#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc; +#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc; +#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc; +#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc; +#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc; +#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc; +#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc; +#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc; +#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_get_session_key_x_oid_desc; +#define GSS_NTLM_GET_SESSION_KEY_X (&__gss_ntlm_get_session_key_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_ntlm_oid_desc; +#define GSS_C_NT_NTLM (&__gss_c_nt_ntlm_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_dn_oid_desc; +#define GSS_C_NT_DN (&__gss_c_nt_dn_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_nt_principal_name_referral_oid_desc; +#define GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL (&__gss_krb5_nt_principal_name_referral_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_avguest_oid_desc; +#define GSS_C_NTLM_AVGUEST (&__gss_c_ntlm_avguest_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v1_oid_desc; +#define GSS_C_NTLM_V1 (&__gss_c_ntlm_v1_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_v2_oid_desc; +#define GSS_C_NTLM_V2 (&__gss_c_ntlm_v2_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_session_key_oid_desc; +#define GSS_C_NTLM_SESSION_KEY (&__gss_c_ntlm_session_key_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ntlm_force_v1_oid_desc; +#define GSS_C_NTLM_FORCE_V1 (&__gss_c_ntlm_force_v1_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc; +#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc; +#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc) + + /* glue for gss_inquire_saslname_for_mech */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc; +#define GSS_C_MA_SASL_MECH_NAME (&__gss_c_ma_sasl_mech_name_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_name_oid_desc; +#define GSS_C_MA_MECH_NAME (&__gss_c_ma_mech_name_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_description_oid_desc; +#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc) + +/* Heimdal mechanisms - 1.2.752.43.14 */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc; +#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_mechanism_oid_desc; +#define GSS_NETLOGON_MECHANISM (&__gss_netlogon_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_session_key_x_oid_desc; +#define GSS_NETLOGON_SET_SESSION_KEY_X (&__gss_netlogon_set_session_key_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_set_sign_algorithm_x_oid_desc; +#define GSS_NETLOGON_SET_SIGN_ALGORITHM_X (&__gss_netlogon_set_sign_algorithm_x_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_netlogon_nt_netbios_dns_name_oid_desc; +#define GSS_NETLOGON_NT_NETBIOS_DNS_NAME (&__gss_netlogon_nt_netbios_dns_name_oid_desc) + +/* + * "Standard" mechs + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_mechanism_oid_desc; +#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_mechanism_oid_desc; +#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_spnego_mechanism_oid_desc; +#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc) + + /* From Luke Howard */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc; +#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc) + +/* + * OID mappings with name and short description and and slightly longer description + */ +/* + * RFC5587 + */ +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_concrete_oid_desc; +#define GSS_C_MA_MECH_CONCRETE (&__gss_c_ma_mech_concrete_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc; +#define GSS_C_MA_MECH_PSEUDO (&__gss_c_ma_mech_pseudo_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_composite_oid_desc; +#define GSS_C_MA_MECH_COMPOSITE (&__gss_c_ma_mech_composite_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_nego_oid_desc; +#define GSS_C_MA_MECH_NEGO (&__gss_c_ma_mech_nego_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mech_glue_oid_desc; +#define GSS_C_MA_MECH_GLUE (&__gss_c_ma_mech_glue_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_mech_oid_desc; +#define GSS_C_MA_NOT_MECH (&__gss_c_ma_not_mech_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deprecated_oid_desc; +#define GSS_C_MA_DEPRECATED (&__gss_c_ma_deprecated_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc; +#define GSS_C_MA_NOT_DFLT_MECH (&__gss_c_ma_not_dflt_mech_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_itok_framed_oid_desc; +#define GSS_C_MA_ITOK_FRAMED (&__gss_c_ma_itok_framed_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_oid_desc; +#define GSS_C_MA_AUTH_INIT (&__gss_c_ma_auth_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_oid_desc; +#define GSS_C_MA_AUTH_TARG (&__gss_c_ma_auth_targ_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_init_oid_desc; +#define GSS_C_MA_AUTH_INIT_INIT (&__gss_c_ma_auth_init_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc; +#define GSS_C_MA_AUTH_TARG_INIT (&__gss_c_ma_auth_targ_init_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc; +#define GSS_C_MA_AUTH_INIT_ANON (&__gss_c_ma_auth_init_anon_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc; +#define GSS_C_MA_AUTH_TARG_ANON (&__gss_c_ma_auth_targ_anon_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_deleg_cred_oid_desc; +#define GSS_C_MA_DELEG_CRED (&__gss_c_ma_deleg_cred_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_integ_prot_oid_desc; +#define GSS_C_MA_INTEG_PROT (&__gss_c_ma_integ_prot_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_conf_prot_oid_desc; +#define GSS_C_MA_CONF_PROT (&__gss_c_ma_conf_prot_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_mic_oid_desc; +#define GSS_C_MA_MIC (&__gss_c_ma_mic_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_wrap_oid_desc; +#define GSS_C_MA_WRAP (&__gss_c_ma_wrap_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_prot_ready_oid_desc; +#define GSS_C_MA_PROT_READY (&__gss_c_ma_prot_ready_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_replay_det_oid_desc; +#define GSS_C_MA_REPLAY_DET (&__gss_c_ma_replay_det_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_oos_det_oid_desc; +#define GSS_C_MA_OOS_DET (&__gss_c_ma_oos_det_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_cbindings_oid_desc; +#define GSS_C_MA_CBINDINGS (&__gss_c_ma_cbindings_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_pfs_oid_desc; +#define GSS_C_MA_PFS (&__gss_c_ma_pfs_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_compress_oid_desc; +#define GSS_C_MA_COMPRESS (&__gss_c_ma_compress_oid_desc) + +extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_ma_ctx_trans_oid_desc; +#define GSS_C_MA_CTX_TRANS (&__gss_c_ma_ctx_trans_oid_desc) + +#endif /* GSSAPI_GSSAPI_OID */ diff --git a/source4/heimdal/lib/gssapi/gssapi_mech.h b/source4/heimdal/lib/gssapi/gssapi_mech.h index 93b7bf72d7..b06e60a82f 100644 --- a/source4/heimdal/lib/gssapi/gssapi_mech.h +++ b/source4/heimdal/lib/gssapi/gssapi_mech.h @@ -354,7 +354,60 @@ _gss_import_cred_t(OM_uint32 * minor_status, gss_cred_id_t * cred_handle); -#define GMI_VERSION 2 +typedef OM_uint32 GSSAPI_CALLCONV +_gss_acquire_cred_ex_t(void * /* status */, + const gss_name_t /* desired_name */, + OM_uint32 /* flags */, + OM_uint32 /* time_req */, + gss_cred_usage_t /* cred_usage */, + void * /* identity */, + void * /* ctx */, + void (* /*complete */)(void *, OM_uint32, void *, gss_cred_id_t, OM_uint32)); + +typedef void GSSAPI_CALLCONV +_gss_iter_creds_t(OM_uint32 /* flags */, + void * /* userctx */, + void (* /*cred_iter */ )(void *, gss_OID, gss_cred_id_t)); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_destroy_cred_t(OM_uint32 * /* minor_status */, + gss_cred_id_t * /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_hold_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_unhold_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_label_set_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */, + const char * /* label */, + gss_buffer_t /* value */); + +typedef OM_uint32 GSSAPI_CALLCONV +_gss_cred_label_get_t(OM_uint32 * /* minor_status */, + gss_cred_id_t /* cred */, + const char * /* label */, + gss_buffer_t /* value */); + +typedef struct gss_mo_desc_struct gss_mo_desc; + +struct gss_mo_desc_struct { + gss_OID option; + OM_uint32 flags; +#define GSS_MO_MA 1 +#define GSS_MO_MA_CRITICAL 2 + const char *name; + void *ctx; + int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t); + int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t); +}; + + +#define GMI_VERSION 4 /* gm_flags */ #define GM_USE_MG_CRED 1 /* uses mech glue credentials */ @@ -405,10 +458,19 @@ typedef struct gssapi_mech_interface_desc { _gss_store_cred_t *gm_store_cred; _gss_export_cred_t *gm_export_cred; _gss_import_cred_t *gm_import_cred; + _gss_acquire_cred_ex_t *gm_acquire_cred_ex; + _gss_iter_creds_t *gm_iter_creds; + _gss_destroy_cred_t *gm_destroy_cred; + _gss_cred_hold_t *gm_cred_hold; + _gss_cred_unhold_t *gm_cred_unhold; + _gss_cred_label_get_t *gm_cred_label_get; + _gss_cred_label_set_t *gm_cred_label_set; + gss_mo_desc *gm_mo; + size_t gm_mo_num; } gssapi_mech_interface_desc, *gssapi_mech_interface; gssapi_mech_interface -__gss_get_mechanism(gss_OID /* oid */); +__gss_get_mechanism(gss_const_OID /* oid */); gssapi_mech_interface __gss_spnego_initialize(void); gssapi_mech_interface __gss_krb5_initialize(void); @@ -416,4 +478,18 @@ gssapi_mech_interface __gss_ntlm_initialize(void); void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32); +int _gss_mo_get_option_1(gss_const_OID, gss_mo_desc *, gss_buffer_t); +int _gss_mo_get_option_0(gss_const_OID, gss_mo_desc *, gss_buffer_t); +int _gss_mo_get_ctx_as_string(gss_const_OID, gss_mo_desc *, gss_buffer_t); + +struct _gss_oid_name_table { + gss_OID oid; + const char *name; + const char *short_desc; + const char *long_desc; +}; + +extern struct _gss_oid_name_table _gss_ont_mech[]; +extern struct _gss_oid_name_table _gss_ont_ma[]; + #endif /* GSSAPI_MECH_H */ diff --git a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c index 584ce7711a..d0042e874b 100644 --- a/source4/heimdal/lib/gssapi/krb5/acquire_cred.c +++ b/source4/heimdal/lib/gssapi/krb5/acquire_cred.c @@ -40,7 +40,7 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, krb5_principal principal, OM_uint32 *lifetime) { - krb5_creds in_cred, *out_cred; + krb5_creds in_cred, out_cred; krb5_const_realm realm; krb5_error_code kret; @@ -61,16 +61,16 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status, return GSS_S_FAILURE; } - kret = krb5_get_credentials(context, 0, - id, &in_cred, &out_cred); + kret = krb5_cc_retrieve_cred(context, id, 0, &in_cred, &out_cred); krb5_free_principal(context, in_cred.server); if (kret) { - *minor_status = kret; - return GSS_S_FAILURE; + *minor_status = 0; + *lifetime = 0; + return GSS_S_COMPLETE; } - *lifetime = out_cred->times.endtime; - krb5_free_creds(context, out_cred); + *lifetime = out_cred.times.endtime; + krb5_free_cred_contents(context, &out_cred); return GSS_S_COMPLETE; } diff --git a/source4/heimdal/lib/gssapi/krb5/external.c b/source4/heimdal/lib/gssapi/krb5/external.c index ef33c5575a..d6f14a48f7 100644 --- a/source4/heimdal/lib/gssapi/krb5/external.c +++ b/source4/heimdal/lib/gssapi/krb5/external.c @@ -152,47 +152,6 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc = gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc = {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) user_name(1)}. The recommended symbolic name for this - * type is "GSS_KRB5_NT_USER_NAME". - */ - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) machine_uid_name(2)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". - */ - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) string_uid_name(3)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_STRING_UID_NAME". - */ - -/* - * To support ongoing experimentation, testing, and evolution of the - * specification, the Kerberos V5 GSS-API mechanism as defined in this - * and any successor memos will be identified with the following Object - * Identifier, as defined in RFC-1510, until the specification is - * advanced to the level of Proposed Standard RFC: - * - * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} - * - * Upon advancement to the level of Proposed Standard RFC, the Kerberos - * V5 GSS-API mechanism will be identified by an Object Identifier - * having the value: - * - * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) - * gssapi(2) krb5(2)} - */ - -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = - {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; - /* * draft-ietf-cat-iakerb-09, IAKERB: * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance @@ -212,105 +171,101 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc = gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc = {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; -/* - * - */ - -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = - {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"}; - -/* - * 1.2.752.43.13 Heimdal GSS-API Extentions - */ - -/* 1.2.752.43.13.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")}; - -/* 1.2.752.43.13.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")}; - -/* 1.2.752.43.13.3 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")}; - -/* 1.2.752.43.13.4 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")}; - -/* 1.2.752.43.13.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")}; - -/* 1.2.752.43.13.6 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")}; - -/* 1.2.752.43.13.6.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = - {7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")}; - -/* 1.2.752.43.13.7 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")}; - -/* 1.2.752.43.13.8 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")}; - -/* 1.2.752.43.13.9 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")}; - -/* 1.2.752.43.13.10 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")}; - -/* 1.2.752.43.13.11 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")}; - -/* 1.2.752.43.13.12 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")}; - -/* 1.2.752.43.13.13 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")}; - -/* 1.2.752.43.13.14 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")}; - -/* 1.2.752.43.13.15 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")}; - -/* 1.2.752.43.13.16 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")}; - -/* 1.2.752.43.13.17 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")}; - -/* 1.2.752.43.13.18 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")}; - -/* 1.2.752.43.13.19 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13")}; - -/* 1.2.752.43.14.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = - {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; - /* * Context for krb5 calls. */ +static gss_mo_desc krb5_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + "GS2-KRB5", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + "KRB5", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + "Heimdal Kerberos 5 mech", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_CONCRETE, + GSS_MO_MA + }, + { + GSS_C_MA_ITOK_FRAMED, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_INIT, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_TARG, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_INIT_ANON, + GSS_MO_MA + }, + { + GSS_C_MA_DELEG_CRED, + GSS_MO_MA + }, + { + GSS_C_MA_INTEG_PROT, + GSS_MO_MA + }, + { + GSS_C_MA_CONF_PROT, + GSS_MO_MA + }, + { + GSS_C_MA_MIC, + GSS_MO_MA + }, + { + GSS_C_MA_WRAP, + GSS_MO_MA + }, + { + GSS_C_MA_PROT_READY, + GSS_MO_MA + }, + { + GSS_C_MA_REPLAY_DET, + GSS_MO_MA + }, + { + GSS_C_MA_OOS_DET, + GSS_MO_MA + }, + { + GSS_C_MA_CBINDINGS, + GSS_MO_MA + }, + { + GSS_C_MA_PFS, + GSS_MO_MA + }, + { + GSS_C_MA_CTX_TRANS, + GSS_MO_MA + } +}; + /* * */ @@ -359,7 +314,16 @@ static gssapi_mech_interface_desc krb5_mech = { _gk_wrap_iov_length, _gsskrb5_store_cred, _gsskrb5_export_cred, - _gsskrb5_import_cred + _gsskrb5_import_cred, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + krb5_mo, + sizeof(krb5_mo) / sizeof(krb5_mo[0]) }; gssapi_mech_interface diff --git a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c index d6255bacb5..5ff6172fb9 100644 --- a/source4/heimdal/lib/gssapi/krb5/set_cred_option.c +++ b/source4/heimdal/lib/gssapi/krb5/set_cred_option.c @@ -32,15 +32,6 @@ #include "gsskrb5_locl.h" -/* 1.2.752.43.13.17 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")}; - -/* 1.2.752.43.13.18 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = -{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")}; - - static OM_uint32 import_cred(OM_uint32 *minor_status, krb5_context context, diff --git a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c index 5fc41d9954..b1368db91c 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c +++ b/source4/heimdal/lib/gssapi/mech/gss_mech_switch.c @@ -353,7 +353,7 @@ _gss_load_mech(void) } gssapi_mech_interface -__gss_get_mechanism(gss_OID mech) +__gss_get_mechanism(gss_const_OID mech) { struct _gss_mech_switch *m; diff --git a/source4/heimdal/lib/gssapi/mech/gss_mo.c b/source4/heimdal/lib/gssapi/mech/gss_mo.c new file mode 100644 index 0000000000..354229f7ae --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_mo.c @@ -0,0 +1,464 @@ +/* + * Copyright (c) 2010 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Portions Copyright (c) 2010 Apple Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "mech_locl.h" + +static int +get_option_def(int def, gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + return def; +} + + +int +_gss_mo_get_option_1(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + return get_option_def(1, mech, mo, value); +} + +int +_gss_mo_get_option_0(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + return get_option_def(0, mech, mo, value); +} + +int +_gss_mo_get_ctx_as_string(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value) +{ + if (value) { + value->value = strdup((char *)mo->ctx); + if (value->value == NULL) + return 1; + value->length = strlen((char *)mo->ctx); + } + return 0; +} + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_set(gss_const_OID mech, gss_const_OID option, + int enable, gss_buffer_t value) +{ + gssapi_mech_interface m; + size_t n; + + if ((m = __gss_get_mechanism(mech)) == NULL) + return GSS_S_BAD_MECH; + + for (n = 0; n < m->gm_mo_num; n++) + if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].set) + return m->gm_mo[n].set(mech, &m->gm_mo[n], enable, value); + return 0; +} + +GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL +gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value) +{ + gssapi_mech_interface m; + size_t n; + + _mg_buffer_zero(value); + + if ((m = __gss_get_mechanism(mech)) == NULL) + return 0; + + for (n = 0; n < m->gm_mo_num; n++) + if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].get) + return m->gm_mo[n].get(mech, &m->gm_mo[n], value); + + return 0; +} + +static void +add_all_mo(gssapi_mech_interface m, gss_OID_set *options, OM_uint32 mask) +{ + OM_uint32 minor; + size_t n; + + for (n = 0; n < m->gm_mo_num; n++) + if ((m->gm_mo[n].flags & mask) == mask) + gss_add_oid_set_member(&minor, m->gm_mo[n].option, options); +} + +GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL +gss_mo_list(gss_const_OID mech, gss_OID_set *options) +{ + gssapi_mech_interface m; + OM_uint32 major, minor; + + if (options == NULL) + return; + + *options = GSS_C_NO_OID_SET; + + if ((m = __gss_get_mechanism(mech)) == NULL) + return; + + major = gss_create_empty_oid_set(&minor, options); + if (major != GSS_S_COMPLETE) + return; + + add_all_mo(m, options, 0); +} + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name) +{ + gssapi_mech_interface m; + size_t n; + + if (name == NULL) + return GSS_S_BAD_NAME; + + if ((m = __gss_get_mechanism(mech)) == NULL) + return GSS_S_BAD_MECH; + + for (n = 0; n < m->gm_mo_num; n++) { + if (gss_oid_equal(option, m->gm_mo[n].option)) { + /* + * If ther is no name, its because its a GSS_C_MA and there is already a table for that. + */ + if (m->gm_mo[n].name) { + name->value = strdup(m->gm_mo[n].name); + if (name->value == NULL) + return GSS_S_BAD_NAME; + name->length = strlen(m->gm_mo[n].name); + return GSS_S_COMPLETE; + } else { + OM_uint32 junk; + return gss_display_mech_attr(&junk, option, + NULL, name, NULL); + } + } + } + return GSS_S_BAD_NAME; +} + +/* + * Helper function to allow NULL name + */ + +static OM_uint32 +mo_value(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name) +{ + if (name == NULL) + return GSS_S_COMPLETE; + + if (gss_mo_get(mech, option, name) != 0 && name->length == 0) + return GSS_S_FAILURE; + + return GSS_S_COMPLETE; +} + +/** + * Returns differnt protocol names and description of the mechanism. + * + * @param minor_status minor status code + * @param desired_mech mech list query + * @param sasl_mech_name SASL GS2 protocol name + * @param mech_name gssapi protocol name + * @param mech_description description of gssapi mech + * + * @return returns GSS_S_COMPLETE or a error code. + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_saslname_for_mech(OM_uint32 *minor_status, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description) +{ + OM_uint32 major; + + _mg_buffer_zero(sasl_mech_name); + _mg_buffer_zero(mech_name); + _mg_buffer_zero(mech_description); + + if (minor_status) + *minor_status = 0; + + if (desired_mech == NULL) + return GSS_S_BAD_MECH; + + major = mo_value(desired_mech, GSS_C_MA_SASL_MECH_NAME, sasl_mech_name); + if (major) return major; + + major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name); + if (major) return major; + + major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description); + if (major) return major; + + return GSS_S_COMPLETE; +} + +/** + * Find a mech for a sasl name + * + * @param minor_status minor status code + * @param sasl_mech_name + * @param mech_type + * + * @return returns GSS_S_COMPLETE or an error code. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_mech_for_saslname(OM_uint32 *minor_status, + const gss_buffer_t sasl_mech_name, + gss_OID *mech_type) +{ + struct _gss_mech_switch *m; + gss_buffer_desc name; + OM_uint32 major; + + _gss_load_mech(); + + *mech_type = NULL; + + SLIST_FOREACH(m, &_gss_mechs, gm_link) { + + major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name); + if (major) + continue; + if (name.length == sasl_mech_name->length && + memcmp(name.value, sasl_mech_name->value, name.length) == 0) { + gss_release_buffer(&major, &name); + *mech_type = &m->gm_mech_oid; + return 0; + } + gss_release_buffer(&major, &name); + } + + return GSS_S_BAD_MECH; +} + +/** + * Return set of mechanism that fullfill the criteria + * + * @param minor_status minor status code + * @param desired_mech_attrs + * @param except_mech_attrs + * @param critical_mech_attrs + * @param mechs returned mechs, free with gss_release_oid_set(). + * + * @return returns GSS_S_COMPLETE or an error code. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_indicate_mechs_by_attrs(OM_uint32 * minor_status, + gss_const_OID_set desired_mech_attrs, + gss_const_OID_set except_mech_attrs, + gss_const_OID_set critical_mech_attrs, + gss_OID_set *mechs) +{ + struct _gss_mech_switch *ms; + OM_uint32 major; + size_t n, m; + + major = gss_create_empty_oid_set(minor_status, mechs); + if (major) + return major; + + _gss_load_mech(); + + SLIST_FOREACH(ms, &_gss_mechs, gm_link) { + gssapi_mech_interface mi = &ms->gm_mech; + + if (desired_mech_attrs) { + for (n = 0; n < desired_mech_attrs->count; n++) { + for (m = 0; m < mi->gm_mo_num; m++) + if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n])) + break; + if (m == mi->gm_mo_num) + goto next; + } + } + + if (except_mech_attrs) { + for (n = 0; n < desired_mech_attrs->count; n++) { + for (m = 0; m < mi->gm_mo_num; m++) { + if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n])) + goto next; + } + } + } + + if (critical_mech_attrs) { + for (n = 0; n < desired_mech_attrs->count; n++) { + for (m = 0; m < mi->gm_mo_num; m++) { + if (mi->gm_mo[m].flags & GSS_MO_MA_CRITICAL) + continue; + if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n])) + break; + } + if (m == mi->gm_mo_num) + goto next; + } + } + + + next: + do { } while(0); + } + + + return GSS_S_FAILURE; +} + +/** + * List support attributes for a mech and/or all mechanisms. + * + * @param minor_status minor status code + * @param mech given together with mech_attr will return the list of + * attributes for mechanism, can optionally be GSS_C_NO_OID. + * @param mech_attr see mech parameter, can optionally be NULL, + * release with gss_release_oid_set(). + * @param known_mech_attrs all attributes for mechanisms supported, + * release with gss_release_oid_set(). + * + * @ingroup gssapi + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_inquire_attrs_for_mech(OM_uint32 * minor_status, + gss_const_OID mech, + gss_OID_set *mech_attr, + gss_OID_set *known_mech_attrs) +{ + OM_uint32 major, junk; + + if (mech_attr && mech) { + gssapi_mech_interface m; + + if ((m = __gss_get_mechanism(mech)) == NULL) { + *minor_status = 0; + return GSS_S_BAD_MECH; + } + + major = gss_create_empty_oid_set(minor_status, mech_attr); + if (major != GSS_S_COMPLETE) + return major; + + add_all_mo(m, mech_attr, GSS_MO_MA); + } + + if (known_mech_attrs) { + struct _gss_mech_switch *m; + + major = gss_create_empty_oid_set(minor_status, known_mech_attrs); + if (major) { + if (mech_attr) + gss_release_oid_set(&junk, mech_attr); + return major; + } + + _gss_load_mech(); + + SLIST_FOREACH(m, &_gss_mechs, gm_link) + add_all_mo(&m->gm_mech, known_mech_attrs, GSS_MO_MA); + } + + + return GSS_S_COMPLETE; +} + +/** + * Return names and descriptions of mech attributes + * + * @param minor_status minor status code + * @param mech_attr + * @param name + * @param short_desc + * @param long_desc + * + * @return returns GSS_S_COMPLETE or an error code. + */ + +GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL +gss_display_mech_attr(OM_uint32 * minor_status, + gss_const_OID mech_attr, + gss_buffer_t name, + gss_buffer_t short_desc, + gss_buffer_t long_desc) +{ + struct _gss_oid_name_table *ma = NULL; + OM_uint32 major; + size_t n; + + _mg_buffer_zero(name); + _mg_buffer_zero(short_desc); + _mg_buffer_zero(long_desc); + + if (minor_status) + *minor_status = 0; + + for (n = 0; ma == NULL && _gss_ont_ma[n].oid; n++) + if (gss_oid_equal(mech_attr, _gss_ont_ma[n].oid)) + ma = &_gss_ont_ma[n]; + + if (ma == NULL) + return GSS_S_BAD_MECH_ATTR; + + if (name) { + gss_buffer_desc n; + n.value = rk_UNCONST(ma->name); + n.length = strlen(ma->name); + major = _gss_copy_buffer(minor_status, &n, name); + if (major != GSS_S_COMPLETE) + return major; + } + + if (short_desc) { + gss_buffer_desc n; + n.value = rk_UNCONST(ma->short_desc); + n.length = strlen(ma->short_desc); + major = _gss_copy_buffer(minor_status, &n, short_desc); + if (major != GSS_S_COMPLETE) + return major; + } + + if (long_desc) { + gss_buffer_desc n; + n.value = rk_UNCONST(ma->long_desc); + n.length = strlen(ma->long_desc); + major = _gss_copy_buffer(minor_status, &n, long_desc); + if (major != GSS_S_COMPLETE) + return major; + } + + return GSS_S_COMPLETE; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid.c b/source4/heimdal/lib/gssapi/mech/gss_oid.c new file mode 100644 index 0000000000..0bd016cd44 --- /dev/null +++ b/source4/heimdal/lib/gssapi/mech/gss_oid.c @@ -0,0 +1,253 @@ +/* Generated file */ +#include "mech_locl.h" + +/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" }; + +/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" }; + +/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" }; + +/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" }; + +/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" }; + +/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" }; + +/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" }; + +/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" }; + +/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" }; + +/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" }; + +/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" }; + +/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" }; + +/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" }; + +/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" }; + +/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" }; + +/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" }; + +/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" }; + +/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" }; + +/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" }; + +/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" }; + +/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" }; + +/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" }; + +/* GSS_C_NT_DN - 1.2.752.43.13.22 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" }; + +/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" }; + +/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" }; + +/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" }; + +/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" }; + +/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" }; + +/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" }; + +/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" }; + +/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" }; + +/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" }; + +/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" }; + +/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" }; + +/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" }; + +/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" }; + +/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" }; + +/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" }; + +/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" }; + +/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; + +/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" }; + +/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" }; + +/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" }; + +/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" }; + +/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" }; + +/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" }; + +/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" }; + +/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" }; + +/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" }; + +/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" }; + +/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" }; + +/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" }; + +/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" }; + +/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" }; + +/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" }; + +/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" }; + +/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" }; + +/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" }; + +/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" }; + +/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" }; + +/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" }; + +/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" }; + +/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" }; + +/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" }; + +/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" }; + +/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" }; + +/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" }; + +/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" }; + +/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" }; + +/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */ +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" }; + +struct _gss_oid_name_table _gss_ont_ma[] = { + { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" }, + { GSS_C_MA_AUTH_TARG_INIT, "GSS_C_MA_AUTH_TARG_INIT", "auth-targ-princ-initial", "" }, + { GSS_C_MA_CBINDINGS, "GSS_C_MA_CBINDINGS", "channel-bindings", "" }, + { GSS_C_MA_WRAP, "GSS_C_MA_WRAP", "wrap", "" }, + { GSS_C_MA_ITOK_FRAMED, "GSS_C_MA_ITOK_FRAMED", "initial-is-framed", "" }, + { GSS_C_MA_MECH_NEGO, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "" }, + { GSS_C_MA_MECH_COMPOSITE, "GSS_C_MA_MECH_COMPOSITE", "composite-mech", "" }, + { GSS_C_MA_REPLAY_DET, "GSS_C_MA_REPLAY_DET", "replay-detection", "" }, + { GSS_C_MA_AUTH_INIT_ANON, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "" }, + { GSS_C_MA_PROT_READY, "GSS_C_MA_PROT_READY", "prot-ready", "" }, + { GSS_C_MA_AUTH_INIT, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "" }, + { GSS_C_MA_PFS, "GSS_C_MA_PFS", "pfs", "" }, + { GSS_C_MA_CONF_PROT, "GSS_C_MA_CONF_PROT", "conf-prot", "" }, + { GSS_C_MA_MECH_PSEUDO, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "" }, + { GSS_C_MA_AUTH_TARG, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "" }, + { GSS_C_MA_MECH_NAME, "GSS_C_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" }, + { GSS_C_MA_NOT_MECH, "GSS_C_MA_NOT_MECH", "not-mech", "" }, + { GSS_C_MA_MIC, "GSS_C_MA_MIC", "mic", "" }, + { GSS_C_MA_DEPRECATED, "GSS_C_MA_DEPRECATED", "mech-deprecated", "" }, + { GSS_C_MA_MECH_GLUE, "GSS_C_MA_MECH_GLUE", "mech-glue", "" }, + { GSS_C_MA_DELEG_CRED, "GSS_C_MA_DELEG_CRED", "deleg-cred", "" }, + { GSS_C_MA_NOT_DFLT_MECH, "GSS_C_MA_NOT_DFLT_MECH", "mech-not-default", "" }, + { GSS_C_MA_AUTH_TARG_ANON, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "" }, + { GSS_C_MA_INTEG_PROT, "GSS_C_MA_INTEG_PROT", "integ-prot", "" }, + { GSS_C_MA_CTX_TRANS, "GSS_C_MA_CTX_TRANS", "context-transfer", "" }, + { GSS_C_MA_MECH_DESCRIPTION, "GSS_C_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" }, + { GSS_C_MA_OOS_DET, "GSS_C_MA_OOS_DET", "oos-detection", "" }, + { GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" }, + { GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" }, + { GSS_C_MA_SASL_MECH_NAME, "GSS_C_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" }, + { NULL } +}; + +struct _gss_oid_name_table _gss_ont_mech[] = { + { GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" }, + { GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" }, + { GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" }, + { NULL } +}; diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c index 3e64135089..7d6ded39e4 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_equal.c @@ -48,7 +48,7 @@ */ GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL -gss_oid_equal(const gss_OID a, const gss_OID b) +gss_oid_equal(gss_const_OID a, gss_const_OID b) { if (a == b && a != GSS_C_NO_OID) return 1; diff --git a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c index d8e188da08..a1d7768772 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c +++ b/source4/heimdal/lib/gssapi/mech/gss_oid_to_str.c @@ -65,3 +65,34 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) *minor_status = 0; return GSS_S_COMPLETE; } + +GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL +gss_oid_to_name(gss_const_OID oid) +{ + size_t i; + + for (i = 0; _gss_ont_mech[i].oid; i++) { + if (gss_oid_equal(oid, _gss_ont_mech[i].oid)) + return _gss_ont_mech[i].name; + } + return NULL; +} + +GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL +gss_name_to_oid(const char *name) +{ + size_t i, partial = (size_t)-1; + + for (i = 0; _gss_ont_mech[i].oid; i++) { + if (strcasecmp(name, _gss_ont_mech[i].short_desc) == 0) + return _gss_ont_mech[i].oid; + if (strncasecmp(name, _gss_ont_mech[i].short_desc, strlen(name)) == 0) { + if (partial != (size_t)-1) + return NULL; + partial = i; + } + } + if (partial != (size_t)-1) + return _gss_ont_mech[partial].oid; + return NULL; +} diff --git a/source4/heimdal/lib/gssapi/mech/gss_wrap.c b/source4/heimdal/lib/gssapi/mech/gss_wrap.c index dcbb4fcdfe..d9864b36cc 100644 --- a/source4/heimdal/lib/gssapi/mech/gss_wrap.c +++ b/source4/heimdal/lib/gssapi/mech/gss_wrap.c @@ -28,6 +28,21 @@ #include "mech_locl.h" +/** + * Wrap a message using either confidentiality (encryption + + * signature) or sealing (signature). + * + * @param minor_status minor status code. + * @param context_handle context handle. + * @param conf_req_flag if non zero, confidentiality is requestd. + * @param qop_req type of protection needed, in most cases it GSS_C_QOP_DEFAULT should be passed in. + * @param input_message_buffer messages to wrap + * @param conf_state returns non zero if confidentiality was honoured. + * @param output_message_buffer the resulting buffer, release with gss_release_buffer(). + * + * @ingroup gssapi + */ + GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_wrap(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, diff --git a/source4/heimdal/lib/gssapi/mech/mech_locl.h b/source4/heimdal/lib/gssapi/mech/mech_locl.h index 17721fd3ce..cb10c23c38 100644 --- a/source4/heimdal/lib/gssapi/mech/mech_locl.h +++ b/source4/heimdal/lib/gssapi/mech/mech_locl.h @@ -64,4 +64,17 @@ #include "utils.h" #define _mg_buffer_zero(buffer) \ - do { (buffer)->value = NULL; (buffer)->length = 0; } while(0) + do { \ + if (buffer) { \ + (buffer)->value = NULL; \ + (buffer)->length = 0; \ + } \ + } while(0) + +#define _mg_oid_set_zero(oid_set) \ + do { \ + if (oid_set) { \ + (oid_set)->elements = NULL; \ + (oid_set)->count = 0; \ + } \ + } while(0) diff --git a/source4/heimdal/lib/gssapi/spnego/external.c b/source4/heimdal/lib/gssapi/spnego/external.c index d21e4dc7fe..5054754150 100644 --- a/source4/heimdal/lib/gssapi/spnego/external.c +++ b/source4/heimdal/lib/gssapi/spnego/external.c @@ -40,6 +40,41 @@ * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). */ +static gss_mo_desc spnego_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + "SPNEGO", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + "SPNEGO", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + "Heimdal SPNEGO Mechanism", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NEGO, + GSS_MO_MA + }, + { + GSS_C_MA_MECH_PSEUDO, + GSS_MO_MA + } +}; + static gssapi_mech_interface_desc spnego_mech = { GMI_VERSION, "spnego", @@ -84,7 +119,16 @@ static gssapi_mech_interface_desc spnego_mech = { _gss_spnego_wrap_iov_length, NULL, _gss_spnego_export_cred, - _gss_spnego_import_cred + _gss_spnego_import_cred, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + spnego_mo, + sizeof(spnego_mo) / sizeof(spnego_mo[0]) }; gssapi_mech_interface @@ -92,6 +136,3 @@ __gss_spnego_initialize(void) { return &spnego_mech; } - -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = - {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; -- cgit