diff --git a/lib/gssapi/gssapi/gssapi_oid.h b/lib/gssapi/gssapi/gssapi_oid.h index 2aa30b3ef..a9cb5cdef 100644 --- a/lib/gssapi/gssapi/gssapi_oid.h +++ b/lib/gssapi/gssapi/gssapi_oid.h @@ -99,24 +99,14 @@ extern gss_OID_desc __gss_krb5_import_cred_x_oid_desc; #define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc) /* glue for gss_inquire_saslname_for_mech */ -extern gss_OID_desc __gss_ma_sasl_mech_name_oid_desc; -#define GSS_MA_SASL_MECH_NAME (&__gss_ma_sasl_mech_name_oid_desc) +extern gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc; +#define GSS_C_MA_SASL_MECH_NAME (&__gss_c_ma_sasl_mech_name_oid_desc) -extern gss_OID_desc __gss_ma_mech_name_oid_desc; -#define GSS_MA_MECH_NAME (&__gss_ma_mech_name_oid_desc) +extern gss_OID_desc __gss_c_ma_mech_name_oid_desc; +#define GSS_C_MA_MECH_NAME (&__gss_c_ma_mech_name_oid_desc) -extern gss_OID_desc __gss_ma_mech_description_oid_desc; -#define GSS_MA_MECH_DESCRIPTION (&__gss_ma_mech_description_oid_desc) - - /* glue for gss_display_mech_attr */ -extern gss_OID_desc __gss_ma_attr_name_oid_desc; -#define GSS_MA_ATTR_NAME (&__gss_ma_attr_name_oid_desc) - -extern gss_OID_desc __gss_ma_attr_short_desc_oid_desc; -#define GSS_MA_ATTR_SHORT_DESC (&__gss_ma_attr_short_desc_oid_desc) - -extern gss_OID_desc __gss_ma_attr_long_desc_oid_desc; -#define GSS_MA_ATTR_LONG_DESC (&__gss_ma_attr_long_desc_oid_desc) +extern gss_OID_desc __gss_c_ma_mech_description_oid_desc; +#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc) /* * Digest mechanisms - 1.2.752.43.14 @@ -143,4 +133,88 @@ extern gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc; /* * OID mappings with name and short description and and slightly longer description */ +/* + * RFC5587 + */ +extern gss_OID_desc __gss_c_ma_mech_concrete_oid_desc; +#define GSS_C_MA_MECH_CONCRETE (&__gss_c_ma_mech_concrete_oid_desc) + +extern gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc; +#define GSS_C_MA_MECH_PSEUDO (&__gss_c_ma_mech_pseudo_oid_desc) + +extern gss_OID_desc __gss_c_ma_mech_composite_oid_desc; +#define GSS_C_MA_MECH_COMPOSITE (&__gss_c_ma_mech_composite_oid_desc) + +extern gss_OID_desc __gss_c_ma_mech_nego_oid_desc; +#define GSS_C_MA_MECH_NEGO (&__gss_c_ma_mech_nego_oid_desc) + +extern gss_OID_desc __gss_c_ma_mech_glue_oid_desc; +#define GSS_C_MA_MECH_GLUE (&__gss_c_ma_mech_glue_oid_desc) + +extern gss_OID_desc __gss_c_ma_not_mech_oid_desc; +#define GSS_C_MA_NOT_MECH (&__gss_c_ma_not_mech_oid_desc) + +extern gss_OID_desc __gss_c_ma_deprecated_oid_desc; +#define GSS_C_MA_DEPRECATED (&__gss_c_ma_deprecated_oid_desc) + +extern gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc; +#define GSS_C_MA_NOT_DFLT_MECH (&__gss_c_ma_not_dflt_mech_oid_desc) + +extern gss_OID_desc __gss_c_ma_itok_framed_oid_desc; +#define GSS_C_MA_ITOK_FRAMED (&__gss_c_ma_itok_framed_oid_desc) + +extern gss_OID_desc __gss_c_ma_auth_init_oid_desc; +#define GSS_C_MA_AUTH_INIT (&__gss_c_ma_auth_init_oid_desc) + +extern gss_OID_desc __gss_c_ma_auth_targ_oid_desc; +#define GSS_C_MA_AUTH_TARG (&__gss_c_ma_auth_targ_oid_desc) + +extern gss_OID_desc __gss_c_ma_auth_init_init_oid_desc; +#define GSS_C_MA_AUTH_INIT_INIT (&__gss_c_ma_auth_init_init_oid_desc) + +extern gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc; +#define GSS_C_MA_AUTH_TARG_INIT (&__gss_c_ma_auth_targ_init_oid_desc) + +extern gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc; +#define GSS_C_MA_AUTH_INIT_ANON (&__gss_c_ma_auth_init_anon_oid_desc) + +extern gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc; +#define GSS_C_MA_AUTH_TARG_ANON (&__gss_c_ma_auth_targ_anon_oid_desc) + +extern gss_OID_desc __gss_c_ma_deleg_cred_oid_desc; +#define GSS_C_MA_DELEG_CRED (&__gss_c_ma_deleg_cred_oid_desc) + +extern gss_OID_desc __gss_c_ma_integ_prot_oid_desc; +#define GSS_C_MA_INTEG_PROT (&__gss_c_ma_integ_prot_oid_desc) + +extern gss_OID_desc __gss_c_ma_conf_prot_oid_desc; +#define GSS_C_MA_CONF_PROT (&__gss_c_ma_conf_prot_oid_desc) + +extern gss_OID_desc __gss_c_ma_mic_oid_desc; +#define GSS_C_MA_MIC (&__gss_c_ma_mic_oid_desc) + +extern gss_OID_desc __gss_c_ma_wrap_oid_desc; +#define GSS_C_MA_WRAP (&__gss_c_ma_wrap_oid_desc) + +extern gss_OID_desc __gss_c_ma_prot_ready_oid_desc; +#define GSS_C_MA_PROT_READY (&__gss_c_ma_prot_ready_oid_desc) + +extern gss_OID_desc __gss_c_ma_replay_det_oid_desc; +#define GSS_C_MA_REPLAY_DET (&__gss_c_ma_replay_det_oid_desc) + +extern gss_OID_desc __gss_c_ma_oos_det_oid_desc; +#define GSS_C_MA_OOS_DET (&__gss_c_ma_oos_det_oid_desc) + +extern gss_OID_desc __gss_c_ma_cbindings_oid_desc; +#define GSS_C_MA_CBINDINGS (&__gss_c_ma_cbindings_oid_desc) + +extern gss_OID_desc __gss_c_ma_pfs_oid_desc; +#define GSS_C_MA_PFS (&__gss_c_ma_pfs_oid_desc) + +extern gss_OID_desc __gss_c_ma_compress_oid_desc; +#define GSS_C_MA_COMPRESS (&__gss_c_ma_compress_oid_desc) + +extern gss_OID_desc __gss_c_ma_ctx_trans_oid_desc; +#define GSS_C_MA_CTX_TRANS (&__gss_c_ma_ctx_trans_oid_desc) + #endif /* GSSAPI_GSSAPI_OID */ diff --git a/lib/gssapi/gssapi_mech.h b/lib/gssapi/gssapi_mech.h index fd989e0f0..3378ea8c8 100644 --- a/lib/gssapi/gssapi_mech.h +++ b/lib/gssapi/gssapi_mech.h @@ -397,13 +397,13 @@ typedef struct gss_mo_desc_struct gss_mo_desc; struct gss_mo_desc_struct { gss_OID option; + OM_uint32 flags; +#define GSS_MO_MA 1 +#define GSS_MO_MA_CRITICAL 2 const char *name; void *ctx; int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t); int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t); - OM_uint32 flags; -#define GSS_MO_MA 1 -#define GSS_MO_MA_CRITICAL 2 }; diff --git a/lib/gssapi/gsstool.c b/lib/gssapi/gsstool.c index e5971880a..9410018ae 100644 --- a/lib/gssapi/gsstool.c +++ b/lib/gssapi/gsstool.c @@ -69,6 +69,7 @@ usage (int ret) #define COL_VALUE "Value" #define COL_MECH "Mech" #define COL_EXPIRE "Expire" +#define COL_SASL "SASL" int supported_mechanisms(void *argptr, int argc, char **argv) @@ -91,10 +92,11 @@ supported_mechanisms(void *argptr, int argc, char **argv) rtbl_set_separator(ct, " "); rtbl_add_column(ct, COL_OID, 0); rtbl_add_column(ct, COL_NAME, 0); + rtbl_add_column(ct, COL_DESC, 0); + rtbl_add_column(ct, COL_SASL, 0); for (i = 0; i < mechs->count; i++) { - gss_buffer_desc str; - const char *name = NULL; + gss_buffer_desc str, sasl_name, mech_name, mech_desc; maj_stat = gss_oid_to_str(&min_stat, &mechs->elements[i], &str); if (maj_stat != GSS_S_COMPLETE) @@ -104,9 +106,23 @@ supported_mechanisms(void *argptr, int argc, char **argv) (int)str.length, (char *)str.value); gss_release_buffer(&min_stat, &str); - name = gss_oid_to_name(&mechs->elements[i]); - if (name) - rtbl_add_column_entry(ct, COL_NAME, name); + (void)gss_inquire_saslname_for_mech(&min_stat, + &mechs->elements[i], + &sasl_name, + &mech_name, + &mech_desc); + + rtbl_add_column_entryv(ct, COL_NAME, "%.*s", + (int)mech_name.length, (char *)mech_name.value); + rtbl_add_column_entryv(ct, COL_DESC, "%.*s", + (int)mech_desc.length, (char *)mech_desc.value); + rtbl_add_column_entryv(ct, COL_SASL, "%.*s", + (int)sasl_name.length, (char *)sasl_name.value); + + gss_release_buffer(&min_stat, &mech_name); + gss_release_buffer(&min_stat, &mech_desc); + gss_release_buffer(&min_stat, &sasl_name); + } gss_release_oid_set(&min_stat, &mechs); diff --git a/lib/gssapi/krb5/external.c b/lib/gssapi/krb5/external.c index 986adff78..d6f14a48f 100644 --- a/lib/gssapi/krb5/external.c +++ b/lib/gssapi/krb5/external.c @@ -175,29 +175,93 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc = * Context for krb5 calls. */ -static gss_mo_desc _gsskrb5_mech_options[] = { +static gss_mo_desc krb5_mo[] = { { - GSS_MA_SASL_MECH_NAME, + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, "SASL mech name", "GS2-KRB5", _gss_mo_get_ctx_as_string, - NULL, - GSS_MO_MA + NULL }, { - GSS_MA_MECH_NAME, + GSS_C_MA_MECH_NAME, + GSS_MO_MA, "Mechanism name", "KRB5", _gss_mo_get_ctx_as_string, - NULL, - GSS_MO_MA, + NULL }, { - GSS_MA_MECH_DESCRIPTION, + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, "Mechanism description", "Heimdal Kerberos 5 mech", _gss_mo_get_ctx_as_string, - NULL, + NULL + }, + { + GSS_C_MA_MECH_CONCRETE, + GSS_MO_MA + }, + { + GSS_C_MA_ITOK_FRAMED, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_INIT, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_TARG, + GSS_MO_MA + }, + { + GSS_C_MA_AUTH_INIT_ANON, + GSS_MO_MA + }, + { + GSS_C_MA_DELEG_CRED, + GSS_MO_MA + }, + { + GSS_C_MA_INTEG_PROT, + GSS_MO_MA + }, + { + GSS_C_MA_CONF_PROT, + GSS_MO_MA + }, + { + GSS_C_MA_MIC, + GSS_MO_MA + }, + { + GSS_C_MA_WRAP, + GSS_MO_MA + }, + { + GSS_C_MA_PROT_READY, + GSS_MO_MA + }, + { + GSS_C_MA_REPLAY_DET, + GSS_MO_MA + }, + { + GSS_C_MA_OOS_DET, + GSS_MO_MA + }, + { + GSS_C_MA_CBINDINGS, + GSS_MO_MA + }, + { + GSS_C_MA_PFS, + GSS_MO_MA + }, + { + GSS_C_MA_CTX_TRANS, GSS_MO_MA } }; @@ -258,8 +322,8 @@ static gssapi_mech_interface_desc krb5_mech = { NULL, NULL, NULL, - _gsskrb5_mech_options, - sizeof(_gsskrb5_mech_options) / sizeof(_gsskrb5_mech_options[0]) + krb5_mo, + sizeof(krb5_mo) / sizeof(krb5_mo[0]) }; gssapi_mech_interface diff --git a/lib/gssapi/mech/gss_mo.c b/lib/gssapi/mech/gss_mo.c index 5c08d3ca3..8c8099d98 100644 --- a/lib/gssapi/mech/gss_mo.c +++ b/lib/gssapi/mech/gss_mo.c @@ -146,11 +146,20 @@ gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name) for (n = 0; n < m->gm_mo_num; n++) { if (gss_oid_equal(option, m->gm_mo[n].option)) { - name->value = strdup(m->gm_mo[n].name); - if (name->value == NULL) - return GSS_S_BAD_NAME; - name->length = strlen(m->gm_mo[n].name); - return GSS_S_COMPLETE; + /* + * If ther is no name, its because its a GSS_C_MA and there is already a table for that. + */ + if (m->gm_mo[n].name) { + name->value = strdup(m->gm_mo[n].name); + if (name->value == NULL) + return GSS_S_BAD_NAME; + name->length = strlen(m->gm_mo[n].name); + return GSS_S_COMPLETE; + } else { + OM_uint32 junk; + return gss_display_mech_attr(&junk, option, + NULL, name, NULL); + } } } return GSS_S_BAD_NAME; @@ -161,7 +170,7 @@ gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name) */ static OM_uint32 -mo_name(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name) +mo_value(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name) { if (name == NULL) return GSS_S_COMPLETE; @@ -202,16 +211,16 @@ gss_inquire_saslname_for_mech(OM_uint32 *minor_status, if (minor_status) *minor_status = 0; - if (desired_mech) + if (desired_mech == NULL) return GSS_S_BAD_MECH; - major = mo_name(desired_mech, GSS_MA_SASL_MECH_NAME, sasl_mech_name); + major = mo_value(desired_mech, GSS_C_MA_SASL_MECH_NAME, sasl_mech_name); if (major) return major; - major = mo_name(desired_mech, GSS_MA_MECH_NAME, mech_name); + major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name); if (major) return major; - major = mo_name(desired_mech, GSS_MA_MECH_DESCRIPTION, mech_description); + major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description); if (major) return major; return GSS_S_COMPLETE; @@ -242,7 +251,7 @@ gss_inquire_mech_for_saslname(OM_uint32 *minor_status, SLIST_FOREACH(m, &_gss_mechs, gm_link) { - major = mo_name(&m->gm_mech_oid, GSS_MA_SASL_MECH_NAME, &name); + major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name); if (major) continue; if (name.length == sasl_mech_name->length && diff --git a/lib/gssapi/mech/gss_oid.c b/lib/gssapi/mech/gss_oid.c index feca48a27..43c581110 100644 --- a/lib/gssapi/mech/gss_oid.c +++ b/lib/gssapi/mech/gss_oid.c @@ -95,23 +95,14 @@ gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d /* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */ gss_OID_desc __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" }; -/* GSS_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */ -gss_OID_desc __gss_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" }; +/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */ +gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" }; -/* GSS_MA_MECH_NAME - 1.2.752.43.13.101 */ -gss_OID_desc __gss_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" }; +/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */ +gss_OID_desc __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" }; -/* GSS_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */ -gss_OID_desc __gss_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" }; - -/* GSS_MA_ATTR_NAME - 1.2.752.43.13.103 */ -gss_OID_desc __gss_ma_attr_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x67" }; - -/* GSS_MA_ATTR_SHORT_DESC - 1.2.752.43.13.104 */ -gss_OID_desc __gss_ma_attr_short_desc_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x68" }; - -/* GSS_MA_ATTR_LONG_DESC - 1.2.752.43.13.104 */ -gss_OID_desc __gss_ma_attr_long_desc_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x68" }; +/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */ +gss_OID_desc __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" }; /* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */ gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" }; @@ -128,17 +119,125 @@ gss_OID_desc __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" } /* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */ gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" }; +/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */ +gss_OID_desc __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" }; + +/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */ +gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" }; + +/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */ +gss_OID_desc __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" }; + +/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */ +gss_OID_desc __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" }; + +/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */ +gss_OID_desc __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" }; + +/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */ +gss_OID_desc __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" }; + +/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */ +gss_OID_desc __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" }; + +/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */ +gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" }; + +/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */ +gss_OID_desc __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" }; + +/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */ +gss_OID_desc __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" }; + +/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */ +gss_OID_desc __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" }; + +/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */ +gss_OID_desc __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" }; + +/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */ +gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" }; + +/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */ +gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" }; + +/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */ +gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" }; + +/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */ +gss_OID_desc __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" }; + +/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */ +gss_OID_desc __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" }; + +/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */ +gss_OID_desc __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" }; + +/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */ +gss_OID_desc __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" }; + +/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */ +gss_OID_desc __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" }; + +/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */ +gss_OID_desc __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" }; + +/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */ +gss_OID_desc __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" }; + +/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */ +gss_OID_desc __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" }; + +/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */ +gss_OID_desc __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" }; + +/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */ +gss_OID_desc __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" }; + +/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */ +gss_OID_desc __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" }; + +/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */ +gss_OID_desc __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" }; + struct _gss_oid_name_table _gss_ont_ma[] = { - { GSS_MA_SASL_MECH_NAME, "GSS_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" }, - { GSS_MA_MECH_NAME, "GSS_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" }, - { GSS_MA_MECH_DESCRIPTION, "GSS_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" }, + { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" }, + { GSS_C_MA_AUTH_TARG_INIT, "GSS_C_MA_AUTH_TARG_INIT", "auth-targ-princ-initial", "" }, + { GSS_C_MA_CBINDINGS, "GSS_C_MA_CBINDINGS", "channel-bindings", "" }, + { GSS_C_MA_WRAP, "GSS_C_MA_WRAP", "wrap", "" }, + { GSS_C_MA_ITOK_FRAMED, "GSS_C_MA_ITOK_FRAMED", "initial-is-framed", "" }, + { GSS_C_MA_MECH_NEGO, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "" }, + { GSS_C_MA_MECH_COMPOSITE, "GSS_C_MA_MECH_COMPOSITE", "composite-mech", "" }, + { GSS_C_MA_REPLAY_DET, "GSS_C_MA_REPLAY_DET", "replay-detection", "" }, + { GSS_C_MA_AUTH_INIT_ANON, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "" }, + { GSS_C_MA_PROT_READY, "GSS_C_MA_PROT_READY", "prot-ready", "" }, + { GSS_C_MA_AUTH_INIT, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "" }, + { GSS_C_MA_PFS, "GSS_C_MA_PFS", "pfs", "" }, + { GSS_C_MA_CONF_PROT, "GSS_C_MA_CONF_PROT", "conf-prot", "" }, + { GSS_C_MA_MECH_PSEUDO, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "" }, + { GSS_C_MA_AUTH_TARG, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "" }, + { GSS_C_MA_MECH_NAME, "GSS_C_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" }, + { GSS_C_MA_NOT_MECH, "GSS_C_MA_NOT_MECH", "not-mech", "" }, + { GSS_C_MA_MIC, "GSS_C_MA_MIC", "mic", "" }, + { GSS_C_MA_DEPRECATED, "GSS_C_MA_DEPRECATED", "mech-deprecated", "" }, + { GSS_C_MA_MECH_GLUE, "GSS_C_MA_MECH_GLUE", "mech-glue", "" }, + { GSS_C_MA_DELEG_CRED, "GSS_C_MA_DELEG_CRED", "deleg-cred", "" }, + { GSS_C_MA_NOT_DFLT_MECH, "GSS_C_MA_NOT_DFLT_MECH", "mech-not-default", "" }, + { GSS_C_MA_AUTH_TARG_ANON, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "" }, + { GSS_C_MA_INTEG_PROT, "GSS_C_MA_INTEG_PROT", "integ-prot", "" }, + { GSS_C_MA_CTX_TRANS, "GSS_C_MA_CTX_TRANS", "context-transfer", "" }, + { GSS_C_MA_MECH_DESCRIPTION, "GSS_C_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" }, + { GSS_C_MA_OOS_DET, "GSS_C_MA_OOS_DET", "oos-detection", "" }, + { GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" }, + { GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" }, + { GSS_C_MA_SASL_MECH_NAME, "GSS_C_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" }, { NULL } }; struct _gss_oid_name_table _gss_ont_mech[] = { + { GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" }, { GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" }, { GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" }, - { GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" }, { NULL } }; diff --git a/lib/gssapi/ntlm/external.c b/lib/gssapi/ntlm/external.c index 0cc0439fb..66afe2694 100644 --- a/lib/gssapi/ntlm/external.c +++ b/lib/gssapi/ntlm/external.c @@ -33,6 +33,33 @@ #include "ntlm.h" +static gss_mo_desc ntlm_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + "NTLM", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + "NTLMSPP", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + "Heimdal NTLMSSP Mechanism", + _gss_mo_get_ctx_as_string, + NULL + } +}; + static gssapi_mech_interface_desc ntlm_mech = { GMI_VERSION, "ntlm", @@ -66,7 +93,27 @@ static gssapi_mech_interface_desc ntlm_mech = { _gss_ntlm_inquire_names_for_mech, _gss_ntlm_inquire_mechs_for_name, _gss_ntlm_canonicalize_name, - _gss_ntlm_duplicate_name + _gss_ntlm_duplicate_name, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + ntlm_mo, + sizeof(ntlm_mo) / sizeof(ntlm_mo[0]) }; gssapi_mech_interface diff --git a/lib/gssapi/oid.txt b/lib/gssapi/oid.txt index a242f11d7..3bd7f3956 100644 --- a/lib/gssapi/oid.txt +++ b/lib/gssapi/oid.txt @@ -37,13 +37,9 @@ oid base GSS_KRB5_CRED_NO_CI_FLAGS_X 1.2.752.43.13.29 oid base GSS_KRB5_IMPORT_CRED_X 1.2.752.43.13.30 # /* glue for gss_inquire_saslname_for_mech */ -oid base GSS_MA_SASL_MECH_NAME 1.2.752.43.13.100 -oid base GSS_MA_MECH_NAME 1.2.752.43.13.101 -oid base GSS_MA_MECH_DESCRIPTION 1.2.752.43.13.102 -# /* glue for gss_display_mech_attr */ -oid base GSS_MA_ATTR_NAME 1.2.752.43.13.103 -oid base GSS_MA_ATTR_SHORT_DESC 1.2.752.43.13.104 -oid base GSS_MA_ATTR_LONG_DESC 1.2.752.43.13.104 +oid base GSS_C_MA_SASL_MECH_NAME 1.2.752.43.13.100 +oid base GSS_C_MA_MECH_NAME 1.2.752.43.13.101 +oid base GSS_C_MA_MECH_DESCRIPTION 1.2.752.43.13.102 #/* # * Digest mechanisms - 1.2.752.43.14 @@ -71,6 +67,66 @@ desc mech GSS_KRB5_MECHANISM "Kerberos 5" "Heimdal Kerberos 5 mechanism" desc mech GSS_NTLM_MECHANISM "NTLM" "Heimdal NTLM mechanism" desc mech GSS_SPNEGO_MECHANISM "SPNEGO" "Heimdal SPNEGO mechanism" -desc ma GSS_MA_MECH_NAME "GSS mech name" "The name of the GSS-API mechanism" -desc ma GSS_MA_SASL_MECH_NAME "SASL mechanism name" "The name of the SASL mechanism" -desc ma GSS_MA_MECH_DESCRIPTION "Mech description" "The long description of the mechanism" +desc ma GSS_C_MA_MECH_NAME "GSS mech name" "The name of the GSS-API mechanism" +desc ma GSS_C_MA_SASL_MECH_NAME "SASL mechanism name" "The name of the SASL mechanism" +desc ma GSS_C_MA_MECH_DESCRIPTION "Mech description" "The long description of the mechanism" + +#/* +# * RFC5587 +# */ + +oid base GSS_C_MA_MECH_CONCRETE 1.3.6.1.5.5.13.1 +oid base GSS_C_MA_MECH_PSEUDO 1.3.6.1.5.5.13.2 +oid base GSS_C_MA_MECH_COMPOSITE 1.3.6.1.5.5.13.3 +oid base GSS_C_MA_MECH_NEGO 1.3.6.1.5.5.13.4 +oid base GSS_C_MA_MECH_GLUE 1.3.6.1.5.5.13.5 +oid base GSS_C_MA_NOT_MECH 1.3.6.1.5.5.13.6 +oid base GSS_C_MA_DEPRECATED 1.3.6.1.5.5.13.7 +oid base GSS_C_MA_NOT_DFLT_MECH 1.3.6.1.5.5.13.8 +oid base GSS_C_MA_ITOK_FRAMED 1.3.6.1.5.5.13.9 +oid base GSS_C_MA_AUTH_INIT 1.3.6.1.5.5.13.10 +oid base GSS_C_MA_AUTH_TARG 1.3.6.1.5.5.13.11 +oid base GSS_C_MA_AUTH_INIT_INIT 1.3.6.1.5.5.13.12 +oid base GSS_C_MA_AUTH_TARG_INIT 1.3.6.1.5.5.13.13 +oid base GSS_C_MA_AUTH_INIT_ANON 1.3.6.1.5.5.13.14 +oid base GSS_C_MA_AUTH_TARG_ANON 1.3.6.1.5.5.13.15 +oid base GSS_C_MA_DELEG_CRED 1.3.6.1.5.5.13.16 +oid base GSS_C_MA_INTEG_PROT 1.3.6.1.5.5.13.17 +oid base GSS_C_MA_CONF_PROT 1.3.6.1.5.5.13.18 +oid base GSS_C_MA_MIC 1.3.6.1.5.5.13.19 +oid base GSS_C_MA_WRAP 1.3.6.1.5.5.13.20 +oid base GSS_C_MA_PROT_READY 1.3.6.1.5.5.13.21 +oid base GSS_C_MA_REPLAY_DET 1.3.6.1.5.5.13.22 +oid base GSS_C_MA_OOS_DET 1.3.6.1.5.5.13.23 +oid base GSS_C_MA_CBINDINGS 1.3.6.1.5.5.13.24 +oid base GSS_C_MA_PFS 1.3.6.1.5.5.13.25 +oid base GSS_C_MA_COMPRESS 1.3.6.1.5.5.13.26 +oid base GSS_C_MA_CTX_TRANS 1.3.6.1.5.5.13.27 + +desc ma GSS_C_MA_MECH_CONCRETE "concrete-mech" "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" +desc ma GSS_C_MA_MECH_PSEUDO "pseudo-mech" "" +desc ma GSS_C_MA_MECH_COMPOSITE "composite-mech" "" +desc ma GSS_C_MA_MECH_NEGO "mech-negotiation-mech" "" +desc ma GSS_C_MA_MECH_GLUE "mech-glue" "" +desc ma GSS_C_MA_NOT_MECH "not-mech" "" +desc ma GSS_C_MA_DEPRECATED "mech-deprecated" "" +desc ma GSS_C_MA_NOT_DFLT_MECH "mech-not-default" "" +desc ma GSS_C_MA_ITOK_FRAMED "initial-is-framed" "" +desc ma GSS_C_MA_AUTH_INIT "auth-init-princ" "" +desc ma GSS_C_MA_AUTH_TARG "auth-targ-princ" "" +desc ma GSS_C_MA_AUTH_INIT_INIT "auth-init-princ-initial" "" +desc ma GSS_C_MA_AUTH_TARG_INIT "auth-targ-princ-initial" "" +desc ma GSS_C_MA_AUTH_INIT_ANON "auth-init-princ-anon" "" +desc ma GSS_C_MA_AUTH_TARG_ANON "auth-targ-princ-anon" "" +desc ma GSS_C_MA_DELEG_CRED "deleg-cred" "" +desc ma GSS_C_MA_INTEG_PROT "integ-prot" "" +desc ma GSS_C_MA_CONF_PROT "conf-prot" "" +desc ma GSS_C_MA_MIC "mic" "" +desc ma GSS_C_MA_WRAP "wrap" "" +desc ma GSS_C_MA_PROT_READY "prot-ready" "" +desc ma GSS_C_MA_REPLAY_DET "replay-detection" "" +desc ma GSS_C_MA_OOS_DET "oos-detection" "" +desc ma GSS_C_MA_CBINDINGS "channel-bindings" "" +desc ma GSS_C_MA_PFS "pfs" "" +desc ma GSS_C_MA_COMPRESS "compress" "" +desc ma GSS_C_MA_CTX_TRANS "context-transfer" "" diff --git a/lib/gssapi/spnego/external.c b/lib/gssapi/spnego/external.c index 1eb03207e..505475415 100644 --- a/lib/gssapi/spnego/external.c +++ b/lib/gssapi/spnego/external.c @@ -40,6 +40,41 @@ * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). */ +static gss_mo_desc spnego_mo[] = { + { + GSS_C_MA_SASL_MECH_NAME, + GSS_MO_MA, + "SASL mech name", + "SPNEGO", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NAME, + GSS_MO_MA, + "Mechanism name", + "SPNEGO", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_DESCRIPTION, + GSS_MO_MA, + "Mechanism description", + "Heimdal SPNEGO Mechanism", + _gss_mo_get_ctx_as_string, + NULL + }, + { + GSS_C_MA_MECH_NEGO, + GSS_MO_MA + }, + { + GSS_C_MA_MECH_PSEUDO, + GSS_MO_MA + } +}; + static gssapi_mech_interface_desc spnego_mech = { GMI_VERSION, "spnego", @@ -84,7 +119,16 @@ static gssapi_mech_interface_desc spnego_mech = { _gss_spnego_wrap_iov_length, NULL, _gss_spnego_export_cred, - _gss_spnego_import_cred + _gss_spnego_import_cred, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + spnego_mo, + sizeof(spnego_mo) / sizeof(spnego_mo[0]) }; gssapi_mech_interface