diff --git a/lib/gssapi/gen-oid.pl b/lib/gssapi/gen-oid.pl index 2b2a2bc91..df69f2610 100644 --- a/lib/gssapi/gen-oid.pl +++ b/lib/gssapi/gen-oid.pl @@ -20,8 +20,12 @@ if ($header) { printf "#define GSSAPI_GSSAPI_OID 1\n\n"; } else { printf "#include \"gssapi.h\"\n\n"; + printf "#include \"gssapi_mech.h\"\n\n"; } +my %tables; +my %types; + while(<>) { if (/^\w*#(.*)/) { @@ -65,10 +69,30 @@ while(<>) { printf "/* $name - $oid */\n"; printf "gss_OID_desc $store = { $length, \"$data\" };\n\n"; } + } elsif (/^desc\s+([\w]+)\s+(\w+)\s+(\"[^\"]*\")\s+(\"[^\"]*\")/) { + my ($type, $oid, $short, $long) = ($1, $2, $3, $4); + my $object = { type=> $type, oid => $oid, short => $short, long => $long }; + + $tables{$oid} = \$object; + $types{$type} = 1; } } +foreach my $k (keys %types) { + if (!$header) { + print "struct _gss_oid_name_table _gss_ont_" . $k . "[] = {\n"; + foreach my $m (values %tables) { + if ($$m->{type} eq $k) { + printf " { %s, \"%s\", %s, %s },\n", $$m->{oid}, $$m->{oid}, $$m->{short}, $$m->{long}; + } + } + printf " { NULL }\n"; + printf "};\n\n"; + + } +} + if ($header) { printf "#endif /* GSSAPI_GSSAPI_OID */\n"; } diff --git a/lib/gssapi/gssapi/gssapi.h b/lib/gssapi/gssapi/gssapi.h index 84dcf9c07..d052277bc 100644 --- a/lib/gssapi/gssapi/gssapi.h +++ b/lib/gssapi/gssapi/gssapi.h @@ -987,6 +987,16 @@ gss_display_mech_attr(OM_uint32 * minor_status, gss_buffer_t long_desc); +/* + * + */ + +GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL +gss_oid_to_name(gss_const_OID oid); + +GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL +gss_name_to_oid(const char *name); + GSSAPI_CPP_END #endif /* GSSAPI_GSSAPI_H_ */ diff --git a/lib/gssapi/gssapi/gssapi_ntlm.h b/lib/gssapi/gssapi/gssapi_ntlm.h index b44641a23..e37c003c7 100644 --- a/lib/gssapi/gssapi/gssapi_ntlm.h +++ b/lib/gssapi/gssapi/gssapi_ntlm.h @@ -38,11 +38,4 @@ #include -GSSAPI_CPP_START - -extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_mechanism_oid_desc; -#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc) - -GSSAPI_CPP_END - #endif /* GSSAPI_NTLM_H_ */ diff --git a/lib/gssapi/gssapi/gssapi_oid.h b/lib/gssapi/gssapi/gssapi_oid.h index cf85b967f..b9dda2e33 100644 --- a/lib/gssapi/gssapi/gssapi_oid.h +++ b/lib/gssapi/gssapi/gssapi_oid.h @@ -124,8 +124,33 @@ extern gss_OID_desc __gss_ma_attr_long_desc_oid_desc; extern gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc; #define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc) +/* + * To support ongoing experimentation, testing, and evolution of the + * specification, the Kerberos V5 GSS-API mechanism as defined in this + * and any successor memos will be identified with the following Object + * Identifier, as defined in RFC-1510, until the specification is + * advanced to the level of Proposed Standard RFC: + * + * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} + * + * Upon advancement to the level of Proposed Standard RFC, the Kerberos + * V5 GSS-API mechanism will be identified by an Object Identifier + * having the value: + * + * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) + * gssapi(2) krb5(2)} + */ +extern gss_OID_desc __gss_krb5_mechanism_oid_desc; +#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc) + +extern gss_OID_desc __gss_ntlm_mechanism_oid_desc; +#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc) + /* From Luke Howard */ extern gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc; #define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc) + /* + * OID mappings with name and short description and and slightly longer description + */ #endif /* GSSAPI_GSSAPI_OID */ diff --git a/lib/gssapi/gssapi_mech.h b/lib/gssapi/gssapi_mech.h index 36af693f2..a1370ad8a 100644 --- a/lib/gssapi/gssapi_mech.h +++ b/lib/gssapi/gssapi_mech.h @@ -478,4 +478,14 @@ void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32); int _gss_mo_get_option_1(gss_const_OID, gss_mo_desc *, gss_buffer_t); int _gss_mo_get_option_0(gss_const_OID, gss_mo_desc *, gss_buffer_t); +struct _gss_oid_name_table { + gss_OID oid; + const char *name; + const char *short_desc; + const char *long_desc; +}; + +extern struct _gss_oid_name_table _gss_ont_mech[]; +extern struct _gss_oid_name_table _gss_ont_ma[]; + #endif /* GSSAPI_MECH_H */ diff --git a/lib/gssapi/krb5/external.c b/lib/gssapi/krb5/external.c index 7f32380e7..d08cadfcf 100644 --- a/lib/gssapi/krb5/external.c +++ b/lib/gssapi/krb5/external.c @@ -152,47 +152,6 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc = gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc = {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) user_name(1)}. The recommended symbolic name for this - * type is "GSS_KRB5_NT_USER_NAME". - */ - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) machine_uid_name(2)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". - */ - -/* - * This name form shall be represented by the Object Identifier {iso(1) - * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) - * generic(1) string_uid_name(3)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_STRING_UID_NAME". - */ - -/* - * To support ongoing experimentation, testing, and evolution of the - * specification, the Kerberos V5 GSS-API mechanism as defined in this - * and any successor memos will be identified with the following Object - * Identifier, as defined in RFC-1510, until the specification is - * advanced to the level of Proposed Standard RFC: - * - * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)} - * - * Upon advancement to the level of Proposed Standard RFC, the Kerberos - * V5 GSS-API mechanism will be identified by an Object Identifier - * having the value: - * - * {iso(1) member-body(2) United States(840) mit(113554) infosys(1) - * gssapi(2) krb5(2)} - */ - -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = - {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; - /* * draft-ietf-cat-iakerb-09, IAKERB: * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance diff --git a/lib/gssapi/mech/gss_oid.c b/lib/gssapi/mech/gss_oid.c index a2354d967..2db32cde1 100644 --- a/lib/gssapi/mech/gss_oid.c +++ b/lib/gssapi/mech/gss_oid.c @@ -1,5 +1,7 @@ #include "gssapi.h" +#include "gssapi_mech.h" + /* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */ gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\xf0\x05\x2b\x0d\x01" }; @@ -114,6 +116,24 @@ gss_OID_desc __gss_ma_attr_long_desc_oid_desc = { 6, "\x2a\xf0\x05\x2b\x0d\x68" /* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */ gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\xf0\x05\x2b\x0e\x01" }; +/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */ +gss_OID_desc __gss_krb5_mechanism_oid_desc = { 9, "\x2a\xc8\x06\x92\xf7\x06\x01\x02\x02" }; + +/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */ +gss_OID_desc __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\xb7\x02\x02\x02\x0a" }; + /* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */ gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05" }; +struct _gss_oid_name_table _gss_ont_ma[] = { + { GSS_MA_SASL_MECH_NAME, "GSS_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" }, + { GSS_MA_MECH_NAME, "GSS_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" }, + { GSS_MA_MECH_DESCRIPTION, "GSS_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" }, + { NULL } +}; + +struct _gss_oid_name_table _gss_ont_mech[] = { + { GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" }, + { NULL } +}; + diff --git a/lib/gssapi/mech/gss_oid_to_str.c b/lib/gssapi/mech/gss_oid_to_str.c index d8e188da0..9e303502a 100644 --- a/lib/gssapi/mech/gss_oid_to_str.c +++ b/lib/gssapi/mech/gss_oid_to_str.c @@ -65,3 +65,34 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) *minor_status = 0; return GSS_S_COMPLETE; } + +GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL +gss_oid_to_name(gss_const_OID oid) +{ + size_t i; + + for (i = 0; _gss_ont_mech[i].oid; i++) { + if (gss_oid_equal(oid, _gss_ont_mech[i].oid)) + return _gss_ont_mech[i].name; + } + return NULL; +} + +GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL +gss_name_to_oid(const char *name) +{ + size_t i, partial = (size_t)-1; + + for (i = 0; _gss_ont_mech[i].oid; i++) { + if (strcasecmp(name, _gss_ont_mech[i].name) == 0) + return _gss_ont_mech[i].oid; + if (strncasecmp(name, _gss_ont_mech[i].name, strlen(name)) == 0) { + if (partial != (size_t)-1) + return NULL; + partial = i; + } + } + if (partial != (size_t)-1) + return _gss_ont_mech[partial].oid; + return NULL; +} diff --git a/lib/gssapi/ntlm/external.c b/lib/gssapi/ntlm/external.c index 1d2b2d628..0cc0439fb 100644 --- a/lib/gssapi/ntlm/external.c +++ b/lib/gssapi/ntlm/external.c @@ -74,6 +74,3 @@ __gss_ntlm_initialize(void) { return &ntlm_mech; } - -gss_OID_desc __gss_ntlm_mechanism_oid_desc = - {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") }; diff --git a/lib/gssapi/oid.txt b/lib/gssapi/oid.txt index 837762d1c..45830f2f1 100644 --- a/lib/gssapi/oid.txt +++ b/lib/gssapi/oid.txt @@ -51,6 +51,26 @@ oid base GSS_MA_ATTR_LONG_DESC 1.2.752.43.13.104 oid base GSS_SASL_DIGEST_MD5_MECHANISM 1.2.752.43.14.1 +#/* +# * "Standard" mechs +# */ + +oid base GSS_KRB5_MECHANISM 1.2.840.113554.1.2.2 +oid base GSS_NTLM_MECHANISM 1.3.6.1.4.1.311.2.2.10 +oid base GSS_SPNEGO_MECHANISM 1.3.6.1.5.5.2 + # /* From Luke Howard */ oid base GSS_C_PEER_HAS_UPDATED_SPNEGO 1.3.6.1.4.1.9513.19.5 + +#/* +# * OID mappings with name and short description and and slightly longer description +# */ + +desc mech GSS_KRB5_MECHANISM "Kerberos 5" "Heimdal Kerberos 5 mechanism" +/desc mech GSS_NTLM_MECHANISM "NTLM" "Heimdal NTLM mechanism" +/desc mech GSS_SPNEGO_MECHANISM "SPNEGO" "Heimdal SPNEGO mechanism" + +desc ma GSS_MA_MECH_NAME "GSS mech name" "The name of the GSS-API mechanism" +desc ma GSS_MA_SASL_MECH_NAME "SASL mechanism name" "The name of the SASL mechanism" +desc ma GSS_MA_MECH_DESCRIPTION "Mech description" "The long description of the mechanism"