Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2018 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "gsskrb5_locl.h"
35 : #include <gssapi_mech.h>
36 :
37 : /*
38 : * The implementation must reserve static storage for a
39 : * gss_OID_desc object containing the value
40 : * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
41 : * "\x01\x02\x01\x01"},
42 : * corresponding to an object-identifier value of
43 : * {iso(1) member-body(2) United States(840) mit(113554)
44 : * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
45 : * GSS_C_NT_USER_NAME should be initialized to point
46 : * to that gss_OID_desc.
47 : */
48 :
49 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc =
50 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
51 :
52 : /*
53 : * The implementation must reserve static storage for a
54 : * gss_OID_desc object containing the value
55 : * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
56 : * "\x01\x02\x01\x02"},
57 : * corresponding to an object-identifier value of
58 : * {iso(1) member-body(2) United States(840) mit(113554)
59 : * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
60 : * The constant GSS_C_NT_MACHINE_UID_NAME should be
61 : * initialized to point to that gss_OID_desc.
62 : */
63 :
64 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc =
65 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
66 :
67 : /*
68 : * The implementation must reserve static storage for a
69 : * gss_OID_desc object containing the value
70 : * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
71 : * "\x01\x02\x01\x03"},
72 : * corresponding to an object-identifier value of
73 : * {iso(1) member-body(2) United States(840) mit(113554)
74 : * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
75 : * The constant GSS_C_NT_STRING_UID_NAME should be
76 : * initialized to point to that gss_OID_desc.
77 : */
78 :
79 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc =
80 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
81 :
82 : /*
83 : * The implementation must reserve static storage for a
84 : * gss_OID_desc object containing the value
85 : * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
86 : * corresponding to an object-identifier value of
87 : * {iso(1) org(3) dod(6) internet(1) security(5)
88 : * nametypes(6) gss-host-based-services(2)). The constant
89 : * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
90 : * to that gss_OID_desc. This is a deprecated OID value, and
91 : * implementations wishing to support hostbased-service names
92 : * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
93 : * defined below, to identify such names;
94 : * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
95 : * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
96 : * parameter, but should not be emitted by GSS-API
97 : * implementations
98 : */
99 :
100 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc =
101 : {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
102 :
103 : /*
104 : * The implementation must reserve static storage for a
105 : * gss_OID_desc object containing the value
106 : * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
107 : * "\x01\x02\x01\x04"}, corresponding to an
108 : * object-identifier value of {iso(1) member-body(2)
109 : * Unites States(840) mit(113554) infosys(1) gssapi(2)
110 : * generic(1) service_name(4)}. The constant
111 : * GSS_C_NT_HOSTBASED_SERVICE should be initialized
112 : * to point to that gss_OID_desc.
113 : */
114 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc =
115 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
116 :
117 : /*
118 : * The implementation must reserve static storage for a
119 : * gss_OID_desc object containing the value
120 : * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
121 : * corresponding to an object identifier value of
122 : * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
123 : * 6(nametypes), 3(gss-anonymous-name)}. The constant
124 : * and GSS_C_NT_ANONYMOUS should be initialized to point
125 : * to that gss_OID_desc.
126 : */
127 :
128 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc =
129 : {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
130 :
131 : /*
132 : * The implementation must reserve static storage for a
133 : * gss_OID_desc object containing the value
134 : * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
135 : * corresponding to an object-identifier value of
136 : * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
137 : * 6(nametypes), 4(gss-api-exported-name)}. The constant
138 : * GSS_C_NT_EXPORT_NAME should be initialized to point
139 : * to that gss_OID_desc.
140 : */
141 :
142 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc =
143 : {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
144 :
145 : /*
146 : * This name form shall be represented by the Object Identifier {iso(1)
147 : * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
148 : * krb5(2) krb5_name(1)}. The recommended symbolic name for this type
149 : * is "GSS_KRB5_NT_PRINCIPAL_NAME".
150 : */
151 :
152 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
153 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
154 :
155 : /*
156 : * GSS_C_NT_COMPOSITE_EXPORT [RFC6680], OID {iso(1) identified-organization(3)
157 : * dod(6) internet(1) security(5) nametypes(6) gss-composite-export(6)}.
158 : */
159 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_composite_export_oid_desc =
160 : {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x06")};
161 :
162 : /*
163 : * draft-ietf-cat-iakerb-09, IAKERB:
164 : * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
165 : * with the mechanism proposed by SPNEGO [7] for negotiating protocol
166 : * variations, is: {iso(1) org(3) dod(6) internet(1) security(5)
167 : * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed
168 : * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in
169 : * accordance with the mechanism proposed by SPNEGO for negotiating
170 : * protocol variations, is: {iso(1) org(3) dod(6) internet(1)
171 : * security(5) mechanisms(5) iakerb(10)
172 : * iakerbMinimumMessagesProtocol(2)}.
173 : */
174 :
175 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc =
176 : {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
177 :
178 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
179 : {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
180 :
181 : /*
182 : * Context for krb5 calls.
183 : */
184 :
185 : static gss_mo_desc krb5_mo[] = {
186 : {
187 : GSS_C_MA_SASL_MECH_NAME,
188 : GSS_MO_MA,
189 : "SASL mech name",
190 : rk_UNCONST("GS2-KRB5"),
191 : _gss_mo_get_ctx_as_string,
192 : NULL
193 : },
194 : {
195 : GSS_C_MA_MECH_NAME,
196 : GSS_MO_MA,
197 : "Mechanism name",
198 : rk_UNCONST("KRB5"),
199 : _gss_mo_get_ctx_as_string,
200 : NULL
201 : },
202 : {
203 : GSS_C_MA_MECH_DESCRIPTION,
204 : GSS_MO_MA,
205 : "Mechanism description",
206 : rk_UNCONST("Heimdal Kerberos 5 mech"),
207 : _gss_mo_get_ctx_as_string,
208 : NULL
209 : },
210 : {
211 : GSS_C_MA_MECH_CONCRETE,
212 : GSS_MO_MA,
213 : NULL,
214 : NULL,
215 : NULL,
216 : NULL
217 : },
218 : {
219 : GSS_C_MA_ITOK_FRAMED,
220 : GSS_MO_MA,
221 : NULL,
222 : NULL,
223 : NULL,
224 : NULL
225 : },
226 : {
227 : GSS_C_MA_AUTH_INIT,
228 : GSS_MO_MA,
229 : NULL,
230 : NULL,
231 : NULL,
232 : NULL
233 : },
234 : {
235 : GSS_C_MA_AUTH_TARG,
236 : GSS_MO_MA,
237 : NULL,
238 : NULL,
239 : NULL,
240 : NULL
241 : },
242 : {
243 : GSS_C_MA_DELEG_CRED,
244 : GSS_MO_MA,
245 : NULL,
246 : NULL,
247 : NULL,
248 : NULL
249 : },
250 : {
251 : GSS_C_MA_INTEG_PROT,
252 : GSS_MO_MA,
253 : NULL,
254 : NULL,
255 : NULL,
256 : NULL
257 : },
258 : {
259 : GSS_C_MA_CONF_PROT,
260 : GSS_MO_MA,
261 : NULL,
262 : NULL,
263 : NULL,
264 : NULL
265 : },
266 : {
267 : GSS_C_MA_MIC,
268 : GSS_MO_MA,
269 : NULL,
270 : NULL,
271 : NULL,
272 : NULL
273 : },
274 : {
275 : GSS_C_MA_WRAP,
276 : GSS_MO_MA,
277 : NULL,
278 : NULL,
279 : NULL,
280 : NULL
281 : },
282 : {
283 : GSS_C_MA_PROT_READY,
284 : GSS_MO_MA,
285 : NULL,
286 : NULL,
287 : NULL,
288 : NULL
289 : },
290 : {
291 : GSS_C_MA_REPLAY_DET,
292 : GSS_MO_MA,
293 : NULL,
294 : NULL,
295 : NULL,
296 : NULL
297 : },
298 : {
299 : GSS_C_MA_OOS_DET,
300 : GSS_MO_MA,
301 : NULL,
302 : NULL,
303 : NULL,
304 : NULL
305 : },
306 : {
307 : GSS_C_MA_CBINDINGS,
308 : GSS_MO_MA,
309 : NULL,
310 : NULL,
311 : NULL,
312 : NULL
313 : },
314 : {
315 : GSS_C_MA_PFS,
316 : GSS_MO_MA,
317 : NULL,
318 : NULL,
319 : NULL,
320 : NULL
321 : },
322 : {
323 : GSS_C_MA_CTX_TRANS,
324 : GSS_MO_MA,
325 : NULL,
326 : NULL,
327 : NULL,
328 : NULL
329 : }
330 : };
331 :
332 : /*
333 : *
334 : */
335 :
336 : static gssapi_mech_interface_desc krb5_mech = {
337 : GMI_VERSION,
338 : "krb5",
339 : {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
340 : 0,
341 : NULL, /* gm_acquire_cred */
342 : _gsskrb5_release_cred,
343 : _gsskrb5_init_sec_context,
344 : _gsskrb5_accept_sec_context,
345 : _gsskrb5_process_context_token,
346 : _gsskrb5_delete_sec_context,
347 : _gsskrb5_context_time,
348 : _gsskrb5_get_mic,
349 : _gsskrb5_verify_mic,
350 : _gsskrb5_wrap,
351 : _gsskrb5_unwrap,
352 : _gsskrb5_display_status,
353 : _gsskrb5_indicate_mechs,
354 : _gsskrb5_compare_name,
355 : _gsskrb5_display_name,
356 : _gsskrb5_import_name,
357 : _gsskrb5_export_name,
358 : _gsskrb5_release_name,
359 : _gsskrb5_inquire_cred,
360 : _gsskrb5_inquire_context,
361 : _gsskrb5_wrap_size_limit,
362 : NULL, /* gm_add_cred */
363 : _gsskrb5_inquire_cred_by_mech,
364 : _gsskrb5_export_sec_context,
365 : _gsskrb5_import_sec_context,
366 : _gsskrb5_inquire_names_for_mech,
367 : _gsskrb5_inquire_mechs_for_name,
368 : _gsskrb5_canonicalize_name,
369 : _gsskrb5_duplicate_name,
370 : _gsskrb5_inquire_sec_context_by_oid,
371 : _gsskrb5_inquire_cred_by_oid,
372 : _gsskrb5_set_sec_context_option,
373 : _gsskrb5_set_cred_option,
374 : _gsskrb5_pseudo_random,
375 : _gk_wrap_iov,
376 : _gk_unwrap_iov,
377 : _gk_wrap_iov_length,
378 : NULL, /* gm_store_cred */
379 : _gsskrb5_export_cred,
380 : _gsskrb5_import_cred,
381 : _gsskrb5_acquire_cred_from,
382 : NULL, /* gm_acquire_cred_impersonate_name */
383 : NULL,
384 : NULL,
385 : NULL,
386 : NULL,
387 : NULL,
388 : NULL,
389 : krb5_mo,
390 : sizeof(krb5_mo) / sizeof(krb5_mo[0]),
391 : _gsskrb5_localname,
392 : _gsskrb5_authorize_localname,
393 : _gsskrb5_display_name_ext,
394 : _gsskrb5_inquire_name,
395 : _gsskrb5_get_name_attribute,
396 : _gsskrb5_set_name_attribute,
397 : _gsskrb5_delete_name_attribute,
398 : _gsskrb5_export_name_composite,
399 : _gsskrb5_duplicate_cred,
400 : _gsskrb5_add_cred_from,
401 : _gsskrb5_store_cred_into,
402 : NULL, /* gm_query_mechanism_info */
403 : NULL, /* gm_query_meta_data */
404 : NULL, /* gm_exchange_meta_data */
405 : _gsskrb5_store_cred_into2,
406 : NULL /* gm_compat */
407 : };
408 :
409 : gssapi_mech_interface
410 22586 : __gss_krb5_initialize(void)
411 : {
412 22586 : return &krb5_mech;
413 : }
|
