Line data    Source code

       1             : /*
       2             :  * Copyright (c) 2004, PADL Software Pty Ltd.
       3             :  * All rights reserved.
       4             :  *
       5             :  * Redistribution and use in source and binary forms, with or without
       6             :  * modification, are permitted provided that the following conditions
       7             :  * are met:
       8             :  *
       9             :  * 1. Redistributions of source code must retain the above copyright
      10             :  *    notice, this list of conditions and the following disclaimer.
      11             :  *
      12             :  * 2. Redistributions in binary form must reproduce the above copyright
      13             :  *    notice, this list of conditions and the following disclaimer in the
      14             :  *    documentation and/or other materials provided with the distribution.
      15             :  *
      16             :  * 3. Neither the name of PADL Software nor the names of its contributors
      17             :  *    may be used to endorse or promote products derived from this software
      18             :  *    without specific prior written permission.
      19             :  *
      20             :  * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
      21             :  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
      22             :  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
      23             :  * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
      24             :  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
      25             :  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
      26             :  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
      27             :  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
      28             :  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
      29             :  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
      30             :  * SUCH DAMAGE.
      31             :  */
      32             : 
      33             : /* $Id$ */
      34             : 
      35             : #ifndef SPNEGO_LOCL_H
      36             : #define SPNEGO_LOCL_H
      37             : 
      38             : #include <config.h>
      39             : 
      40             : #ifdef HAVE_SYS_TYPES_H
      41             : #include <sys/types.h>
      42             : #endif
      43             : #ifdef HAVE_SYS_PARAM_H
      44             : #include <sys/param.h>
      45             : #endif
      46             : 
      47             : #include <roken.h>
      48             : 
      49             : #ifdef HAVE_PTHREAD_H
      50             : #include <pthread.h>
      51             : #endif
      52             : 
      53             : #include <krb5.h>
      54             : #include <gssapi.h>
      55             : #include <gssapi_krb5.h>
      56             : #include <gssapi_spnego.h>
      57             : #include <assert.h>
      58             : #include <stdlib.h>
      59             : #include <string.h>
      60             : #include <errno.h>
      61             : #include <ctype.h>
      62             : #ifdef HAVE_NETDB_H
      63             : #include <netdb.h>
      64             : #endif
      65             : 
      66             : #include <heim_threads.h>
      67             : #include <heimqueue.h>
      68             : #include <asn1_err.h>
      69             : 
      70             : #include <gssapi_mech.h>
      71             : 
      72             : #include "spnego_asn1.h"
      73             : #include "negoex_locl.h"
      74             : #include "utils.h"
      75             : #include <der.h>
      76             : 
      77             : #include <heimbase.h>
      78             : 
      79             : #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
      80             : 
      81             : #define CHECK(ret, x) do { (ret) = (x); if (ret) goto fail; } while (0)
      82             : 
      83             : struct gssspnego_ctx_desc;
      84             : typedef struct gssspnego_ctx_desc *gssspnego_ctx;
      85             : 
      86             : typedef OM_uint32
      87             : (*gssspnego_initiator_state)(OM_uint32 * minor_status,
      88             :                              gss_const_cred_id_t cred,
      89             :                              gssspnego_ctx ctx,
      90             :                              gss_const_name_t name,
      91             :                              gss_const_OID mech_type,
      92             :                              OM_uint32 req_flags,
      93             :                              OM_uint32 time_req,
      94             :                              const gss_channel_bindings_t input_chan_bindings,
      95             :                              gss_const_buffer_t input_token,
      96             :                              gss_buffer_t output_token,
      97             :                              OM_uint32 * ret_flags,
      98             :                              OM_uint32 * time_rec);
      99             : 
     100             : struct gssspnego_ctx_desc {
     101             :         gss_buffer_desc         NegTokenInit_mech_types;
     102             :         gss_OID                 preferred_mech_type;
     103             :         gss_OID                 selected_mech_type;
     104             :         gss_OID                 negotiated_mech_type;
     105             :         gss_ctx_id_t            negotiated_ctx_id;
     106             :         OM_uint32               mech_flags;
     107             :         OM_uint32               mech_time_rec;
     108             :         gss_name_t              mech_src_name;
     109             :         struct spnego_flags {
     110             :             unsigned int                open : 1;
     111             :             unsigned int                local : 1;
     112             :             unsigned int                require_mic : 1;
     113             :             unsigned int                peer_require_mic : 1;
     114             :             unsigned int                sent_mic : 1;
     115             :             unsigned int                verified_mic : 1;
     116             :             unsigned int                safe_omit : 1;
     117             :             unsigned int                maybe_open : 1;
     118             :             unsigned int                seen_supported_mech : 1;
     119             :         } flags;
     120             :         HEIMDAL_MUTEX           ctx_id_mutex;
     121             : 
     122             :         gss_name_t              target_name;
     123             :         gssspnego_initiator_state   initiator_state;
     124             : 
     125             :         uint8_t                 negoex_step;
     126             :         krb5_storage            *negoex_transcript;
     127             :         uint32_t                negoex_seqnum;
     128             :         conversation_id         negoex_conv_id;
     129             :         HEIM_TAILQ_HEAD(negoex_mech_list, negoex_auth_mech) negoex_mechs;
     130             : };
     131             : 
     132             : extern gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc;
     133             : 
     134             : struct gssspnego_optimistic_ctx {
     135             :     gssspnego_ctx spnegoctx;
     136             :     OM_uint32 req_flags;
     137             :     gss_name_t target_name;
     138             :     OM_uint32 time_req;
     139             :     gss_channel_bindings_t input_chan_bindings;
     140             :     /* out */
     141             :     gss_OID preferred_mech_type;
     142             :     gss_OID negotiated_mech_type;
     143             :     gss_buffer_desc optimistic_token;
     144             :     OM_uint32 optimistic_flags, optimistic_time_rec;
     145             :     gss_ctx_id_t gssctx;
     146             :     int complete;
     147             :     auth_scheme scheme;
     148             : };
     149             : 
     150             : #include "spnego-private.h"
     151             : 
     152             : static inline int
     153           0 : gssspnego_ctx_complete_p(gssspnego_ctx ctx)
     154             : {
     155           0 :     return ctx->flags.open &&
     156           0 :             (ctx->flags.safe_omit || (ctx->flags.sent_mic && ctx->flags.verified_mic));
     157             : }
     158             : 
     159             : #endif /* SPNEGO_LOCL_H */