oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

rfc 5587

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-11-26 00:13:40 -08:00
parent f974c34580 37abbc7d77
commit c49213259c
25 changed files with 2608 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/gssapi/Makefile.am
View File

@@ -111,7 +111,9 @@ mechsrc = \
mech/gss_inquire_names_for_mech.c \
mech/gss_krb5.c \
mech/gss_mech_switch.c \
mech/gss_mo.c \
mech/gss_names.c \
mech/gss_oid.c \
mech/gss_oid_equal.c \
mech/gss_oid_to_str.c \
mech/gss_process_context_token.c \
@@ -218,10 +220,12 @@ noinst_HEADERS = \
ntlm/ntlm-private.h \
spnego/spnego-private.h \
krb5/gsskrb5-private.h
nobase_include_HEADERS = \
gssapi/gssapi.h \
gssapi/gssapi_krb5.h \
gssapi/gssapi_ntlm.h \
gssapi/gssapi_oid.h \
gssapi/gssapi_spnego.h
gssapidir = $(includedir)/gssapi
@@ -281,7 +285,7 @@ test_cfx_SOURCES = krb5/test_cfx.c
check_PROGRAMS = test_acquire_cred $(TESTS)
bin_PROGRAMS = gss
bin_PROGRAMS = gsstool
noinst_PROGRAMS = test_cred test_kcred test_context test_ntlm
test_context_SOURCES = test_context.c test_common.c test_common.h
@@ -298,10 +302,10 @@ LDADD = libgssapi.la \
# gss
dist_gss_SOURCES = gss.c
nodist_gss_SOURCES = gss-commands.c gss-commands.h
dist_gsstool_SOURCES = gsstool.c
nodist_gsstool_SOURCES = gss-commands.c gss-commands.h
gss_LDADD = libgssapi.la \
gsstool_LDADD = libgssapi.la \
$(top_builddir)/lib/sl/libsl.la \
$(top_builddir)/lib/krb5/libkrb5.la \
$(LIB_readline) \
@@ -310,7 +314,7 @@ gss_LDADD = libgssapi.la \
gss-commands.c gss-commands.h: gss-commands.in
$(SLC) $(srcdir)/gss-commands.in
$(gss_OBJECTS): gss-commands.h
$(gsstool_OBJECTS): gss-commands.h
EXTRA_DIST = \
$(man_MANS) \
@@ -323,6 +327,11 @@ EXTRA_DIST = \
$(libgssapi_la_OBJECTS): gkrb5_err.h gssapi_asn1.h gssapi_asn1-priv.h
$(libgssapi_la_OBJECTS): spnego_asn1.h spnego_asn1-priv.h
$(libgssapi_la_OBJECTS): $(srcdir)/gssapi/gssapi_oid.h
gkrb5_err.h gkrb5_err.c: $(srcdir)/krb5/gkrb5_err.et
$(COMPILE_ET) $(srcdir)/krb5/gkrb5_err.et
$(srcdir)/gssapi/gssapi_oid.h $(srcdir)/mech/gss_oid.c:
perl $(srcdir)/gen-oid.pl -b base -h $(srcdir)/oid.txt > $(srcdir)/gssapi/gssapi_oid.h
perl $(srcdir)/gen-oid.pl -b base $(srcdir)/oid.txt > $(srcdir)/mech/gss_oid.c

110
lib/gssapi/gen-oid.pl Normal file
View File

@@ -0,0 +1,110 @@
#!/usr/bin/perl
require 'getopts.pl';
my $output;
my $CFILE, $HFILE;
my $onlybase;
my $header = 0;
Getopts('b:h') || die "foo";
if($opt_b) {
$onlybase = $opt_b;
}
$header = 1 if ($opt_h);
if ($header) {
printf "#ifndef GSSAPI_GSSAPI_OID\n";
printf "#define GSSAPI_GSSAPI_OID 1\n\n";
} else {
printf "#include \"gssapi.h\"\n\n";
printf "#include \"gssapi_mech.h\"\n\n";
}
my %tables;
my %types;
while(<>) {
if (/^\w*#(.*)/) {
my $comment = $1;
if ($header) {
printf("$comment\n");
}
} elsif (/^oid\s+([\w\.]+)\s+(\w+)\s+([\w\.]+)/) {
my ($base, $name, $oid) = ($1, $2, $3);
next if (defined $onlybase and $onlybase ne $base);
my $store = "__" . lc($name) . "_oid_desc";
# encode oid
my @array = split(/\./, $oid);
my $length = 0;
my $data = "";
my $num;
$n = $#array;
while ($n > 1) {
$num = $array[$n];
my $p = int($num % 128);
$data = sprintf("\\x%02x", $p) . $data;
$num = int($num / 128);
$length += 1;
while ($num > 0) {
$p = int($num % 128) + 128;
$num = int($num / 128);
$data = sprintf("\\x%02x", $p) . $data;
$length += 1;
}
$n--;
}
$num = int($array[0] * 40 + $array[1]);
$data = sprintf("\\x%x", $num) . $data;
$length += 1;
if ($header) {
printf "extern gss_OID_desc $store;\n";
printf "#define $name (&$store)\n\n";
} else {
printf "/* $name - $oid */\n";
printf "gss_OID_desc $store = { $length, \"$data\" };\n\n";
}
} elsif (/^desc\s+([\w]+)\s+(\w+)\s+(\"[^\"]*\")\s+(\"[^\"]*\")/) {
my ($type, $oid, $short, $long) = ($1, $2, $3, $4);
my $object = { type=> $type, oid => $oid, short => $short, long => $long };
$tables{$oid} = \$object;
$types{$type} = 1;
}
}
foreach my $k (keys %types) {
if (!$header) {
print "struct _gss_oid_name_table _gss_ont_" . $k . "[] = {\n";
foreach my $m (values %tables) {
if ($$m->{type} eq $k) {
printf " { %s, \"%s\", %s, %s },\n", $$m->{oid}, $$m->{oid}, $$m->{short}, $$m->{long};
}
}
printf " { NULL }\n";
printf "};\n\n";
}
}
if ($header) {
printf "#endif /* GSSAPI_GSSAPI_OID */\n";
}

13
lib/gssapi/gss-commands.in
View File

@@ -36,6 +36,19 @@ command = {
name = "supported-mechanisms"
help = "Print the supported mechanisms"
}
command = {
name = "attrs-for-mech"
help = "Print the attributes for mechs"
option = {
long = "all"
type = "flag"
}
option = {
long = "mech"
type = "string"
argument = "mechanism"
}
}
command = {
name = "help"
name = "?"

85
lib/gssapi/gssapi/gssapi.h
View File

@@ -90,29 +90,35 @@ typedef uint32_t gss_uint32;
struct gss_name_t_desc_struct;
typedef struct gss_name_t_desc_struct *gss_name_t;
typedef const struct gss_name_t_desc_struct *gss_const_name_t;
struct gss_ctx_id_t_desc_struct;
typedef struct gss_ctx_id_t_desc_struct *gss_ctx_id_t;
typedef const struct gss_ctx_id_t_desc_struct gss_const_ctx_id_t;
typedef struct gss_OID_desc_struct {
OM_uint32 length;
void *elements;
} gss_OID_desc, *gss_OID;
typedef const gss_OID_desc * gss_const_OID;
typedef struct gss_OID_set_desc_struct {
size_t count;
gss_OID elements;
} gss_OID_set_desc, *gss_OID_set;
typedef const gss_OID_set_desc * gss_const_OID_set;
typedef int gss_cred_usage_t;
struct gss_cred_id_t_desc_struct;
typedef struct gss_cred_id_t_desc_struct *gss_cred_id_t;
typedef const struct gss_cred_id_t_desc_struct *gss_const_cred_id_t;
typedef struct gss_buffer_desc_struct {
size_t length;
void *value;
} gss_buffer_desc, *gss_buffer_t;
typedef const gss_buffer_desc * gss_const_buffer_t;
typedef struct gss_channel_bindings_struct {
OM_uint32 initiator_addrtype;
@@ -121,6 +127,7 @@ typedef struct gss_channel_bindings_struct {
gss_buffer_desc acceptor_address;
gss_buffer_desc application_data;
} *gss_channel_bindings_t;
typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t;
/* GGF extension data types */
typedef struct gss_buffer_set_desc_struct {
@@ -138,6 +145,8 @@ typedef struct gss_iov_buffer_desc_struct {
*/
typedef OM_uint32 gss_qop_t;
/*
* Flag bits for context-level services.
*/
@@ -261,6 +270,8 @@ typedef OM_uint32 gss_qop_t;
GSSAPI_CPP_START
#include <gssapi/gssapi_oid.h>
/*
* The implementation must reserve static storage for a
* gss_OID_desc object containing the value
@@ -363,14 +374,6 @@ extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_anonymous_oid_desc;
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_nt_export_name_oid_desc;
#define GSS_C_NT_EXPORT_NAME (&__gss_c_nt_export_name_oid_desc)
/*
* Digest mechanism
*/
extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc;
#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc)
/* Major status codes */
#define GSS_S_COMPLETE 0
@@ -438,6 +441,7 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc
#define GSS_S_UNAVAILABLE (16ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_DUPLICATE_ELEMENT (17ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_NAME_NOT_MN (18ul << GSS_C_ROUTINE_ERROR_OFFSET)
#define GSS_S_BAD_MECH_ATTR (19ul << GSS_C_ROUTINE_ERROR_OFFSET)
/*
* Supplementary info bits:
@@ -756,7 +760,7 @@ gss_set_cred_option (OM_uint32 *minor_status,
const gss_buffer_t value);
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_oid_equal(const gss_OID a, const gss_OID b);
gss_oid_equal(gss_const_OID a, gss_const_OID b);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_create_empty_buffer_set
@@ -929,6 +933,69 @@ gss_import_cred(OM_uint32 * /* minor_status */,
gss_buffer_t /* cred_token */,
gss_cred_id_t * /* cred_handle */);
/*
* mech option
*/
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_mo_set(gss_const_OID mech, gss_const_OID option,
int enable, gss_buffer_t value);
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value);
GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL
gss_mo_list(gss_const_OID mech, gss_OID_set *options);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_mo_name(gss_const_OID mech, gss_const_OID options, gss_buffer_t name);
/*
* SASL glue functions and mech inquire
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
const gss_OID desired_mech,
gss_buffer_t sasl_mech_name,
gss_buffer_t mech_name,
gss_buffer_t mech_description);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
const gss_buffer_t sasl_mech_name,
gss_OID *mech_type);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_indicate_mechs_by_attrs(OM_uint32 * minor_status,
gss_const_OID_set desired_mech_attrs,
gss_const_OID_set except_mech_attrs,
gss_const_OID_set critical_mech_attrs,
gss_OID_set *mechs);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
gss_const_OID mech,
gss_OID_set *mech_attr,
gss_OID_set *known_mech_attrs);
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_display_mech_attr(OM_uint32 * minor_status,
gss_const_OID mech_attr,
gss_buffer_t name,
gss_buffer_t short_desc,
gss_buffer_t long_desc);
/*
*
*/
GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL
gss_oid_to_name(gss_const_OID oid);
GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL
gss_name_to_oid(const char *name);
GSSAPI_CPP_END

73
lib/gssapi/gssapi/gssapi_krb5.h
View File

@@ -68,79 +68,6 @@ extern gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc;
#define gss_mech_krb5 GSS_KRB5_MECHANISM
#define gss_krb5_nt_general_name GSS_KRB5_NT_PRINCIPAL_NAME
/* Extensions set contexts options */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc;
#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc;
#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc;
#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc;
#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc;
#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc;
#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_ccache_name_x_oid_desc;
#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc;
#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc;
#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_plugin_register_x_oid_desc;
#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc)
/* Extensions inquire context */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc;
#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc;
#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc;
#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc;
#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_subkey_x_oid_desc;
#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc;
#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc;
#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_authtime_x_oid_desc;
#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc;
#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc)
/* Extensions creds */
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_import_cred_x_oid_desc;
#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc;
#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc)
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc;
#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc)
/*
* kerberos mechanism specific functions
*/

7
lib/gssapi/gssapi/gssapi_ntlm.h
View File

@@ -38,11 +38,4 @@
#include <gssapi.h>
GSSAPI_CPP_START
extern GSSAPI_LIB_VARIABLE gss_OID_desc __gss_ntlm_mechanism_oid_desc;
#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc)
GSSAPI_CPP_END
#endif /* GSSAPI_NTLM_H_ */

220
lib/gssapi/gssapi/gssapi_oid.h Normal file
View File

@@ -0,0 +1,220 @@
#ifndef GSSAPI_GSSAPI_OID
#define GSSAPI_GSSAPI_OID 1
/* contact Love Hörnquist Åstrand <lha@h5l.org> for new oid arcs */
/*
* 1.2.752.43.13 Heimdal GSS-API Extentions
*/
extern gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc;
#define GSS_KRB5_COPY_CCACHE_X (&__gss_krb5_copy_ccache_x_oid_desc)
extern gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc;
#define GSS_KRB5_GET_TKT_FLAGS_X (&__gss_krb5_get_tkt_flags_x_oid_desc)
extern gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X (&__gss_krb5_extract_authz_data_from_sec_context_x_oid_desc)
extern gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc;
#define GSS_KRB5_COMPAT_DES3_MIC_X (&__gss_krb5_compat_des3_mic_x_oid_desc)
extern gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc;
#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X (&__gss_krb5_register_acceptor_identity_x_oid_desc)
extern gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc;
#define GSS_KRB5_EXPORT_LUCID_CONTEXT_X (&__gss_krb5_export_lucid_context_x_oid_desc)
extern gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc;
#define GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X (&__gss_krb5_export_lucid_context_v1_x_oid_desc)
extern gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc;
#define GSS_KRB5_SET_DNS_CANONICALIZE_X (&__gss_krb5_set_dns_canonicalize_x_oid_desc)
extern gss_OID_desc __gss_krb5_get_subkey_x_oid_desc;
#define GSS_KRB5_GET_SUBKEY_X (&__gss_krb5_get_subkey_x_oid_desc)
extern gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc;
#define GSS_KRB5_GET_INITIATOR_SUBKEY_X (&__gss_krb5_get_initiator_subkey_x_oid_desc)
extern gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc;
#define GSS_KRB5_GET_ACCEPTOR_SUBKEY_X (&__gss_krb5_get_acceptor_subkey_x_oid_desc)
extern gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc;
#define GSS_KRB5_SEND_TO_KDC_X (&__gss_krb5_send_to_kdc_x_oid_desc)
extern gss_OID_desc __gss_krb5_get_authtime_x_oid_desc;
#define GSS_KRB5_GET_AUTHTIME_X (&__gss_krb5_get_authtime_x_oid_desc)
extern gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc;
#define GSS_KRB5_GET_SERVICE_KEYBLOCK_X (&__gss_krb5_get_service_keyblock_x_oid_desc)
extern gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc;
#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X (&__gss_krb5_set_allowable_enctypes_x_oid_desc)
extern gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc;
#define GSS_KRB5_SET_DEFAULT_REALM_X (&__gss_krb5_set_default_realm_x_oid_desc)
extern gss_OID_desc __gss_krb5_ccache_name_x_oid_desc;
#define GSS_KRB5_CCACHE_NAME_X (&__gss_krb5_ccache_name_x_oid_desc)
extern gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc;
#define GSS_KRB5_SET_TIME_OFFSET_X (&__gss_krb5_set_time_offset_x_oid_desc)
extern gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc;
#define GSS_KRB5_GET_TIME_OFFSET_X (&__gss_krb5_get_time_offset_x_oid_desc)
extern gss_OID_desc __gss_krb5_plugin_register_x_oid_desc;
#define GSS_KRB5_PLUGIN_REGISTER_X (&__gss_krb5_plugin_register_x_oid_desc)
extern gss_OID_desc __gss_ntlm_get_session_key_x_oid_desc;
#define GSS_NTLM_GET_SESSION_KEY_X (&__gss_ntlm_get_session_key_x_oid_desc)
extern gss_OID_desc __gss_c_nt_ntlm_oid_desc;
#define GSS_C_NT_NTLM (&__gss_c_nt_ntlm_oid_desc)
extern gss_OID_desc __gss_c_nt_dn_oid_desc;
#define GSS_C_NT_DN (&__gss_c_nt_dn_oid_desc)
extern gss_OID_desc __gss_krb5_nt_principal_name_referral_oid_desc;
#define GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL (&__gss_krb5_nt_principal_name_referral_oid_desc)
extern gss_OID_desc __gss_c_ntlm_avguest_oid_desc;
#define GSS_C_NTLM_AVGUEST (&__gss_c_ntlm_avguest_oid_desc)
extern gss_OID_desc __gss_c_ntlm_v1_oid_desc;
#define GSS_C_NTLM_V1 (&__gss_c_ntlm_v1_oid_desc)
extern gss_OID_desc __gss_c_ntlm_v2_oid_desc;
#define GSS_C_NTLM_V2 (&__gss_c_ntlm_v2_oid_desc)
extern gss_OID_desc __gss_c_ntlm_session_key_oid_desc;
#define GSS_C_NTLM_SESSION_KEY (&__gss_c_ntlm_session_key_oid_desc)
extern gss_OID_desc __gss_c_ntlm_force_v1_oid_desc;
#define GSS_C_NTLM_FORCE_V1 (&__gss_c_ntlm_force_v1_oid_desc)
extern gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc;
#define GSS_KRB5_CRED_NO_CI_FLAGS_X (&__gss_krb5_cred_no_ci_flags_x_oid_desc)
extern gss_OID_desc __gss_krb5_import_cred_x_oid_desc;
#define GSS_KRB5_IMPORT_CRED_X (&__gss_krb5_import_cred_x_oid_desc)
/* glue for gss_inquire_saslname_for_mech */
extern gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc;
#define GSS_C_MA_SASL_MECH_NAME (&__gss_c_ma_sasl_mech_name_oid_desc)
extern gss_OID_desc __gss_c_ma_mech_name_oid_desc;
#define GSS_C_MA_MECH_NAME (&__gss_c_ma_mech_name_oid_desc)
extern gss_OID_desc __gss_c_ma_mech_description_oid_desc;
#define GSS_C_MA_MECH_DESCRIPTION (&__gss_c_ma_mech_description_oid_desc)
/*
* Digest mechanisms - 1.2.752.43.14
*/
extern gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc;
#define GSS_SASL_DIGEST_MD5_MECHANISM (&__gss_sasl_digest_md5_mechanism_oid_desc)
/*
* "Standard" mechs
*/
extern gss_OID_desc __gss_krb5_mechanism_oid_desc;
#define GSS_KRB5_MECHANISM (&__gss_krb5_mechanism_oid_desc)
extern gss_OID_desc __gss_ntlm_mechanism_oid_desc;
#define GSS_NTLM_MECHANISM (&__gss_ntlm_mechanism_oid_desc)
extern gss_OID_desc __gss_spnego_mechanism_oid_desc;
#define GSS_SPNEGO_MECHANISM (&__gss_spnego_mechanism_oid_desc)
/* From Luke Howard */
extern gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc;
#define GSS_C_PEER_HAS_UPDATED_SPNEGO (&__gss_c_peer_has_updated_spnego_oid_desc)
/*
* OID mappings with name and short description and and slightly longer description
*/
/*
* RFC5587
*/
extern gss_OID_desc __gss_c_ma_mech_concrete_oid_desc;
#define GSS_C_MA_MECH_CONCRETE (&__gss_c_ma_mech_concrete_oid_desc)
extern gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc;
#define GSS_C_MA_MECH_PSEUDO (&__gss_c_ma_mech_pseudo_oid_desc)
extern gss_OID_desc __gss_c_ma_mech_composite_oid_desc;
#define GSS_C_MA_MECH_COMPOSITE (&__gss_c_ma_mech_composite_oid_desc)
extern gss_OID_desc __gss_c_ma_mech_nego_oid_desc;
#define GSS_C_MA_MECH_NEGO (&__gss_c_ma_mech_nego_oid_desc)
extern gss_OID_desc __gss_c_ma_mech_glue_oid_desc;
#define GSS_C_MA_MECH_GLUE (&__gss_c_ma_mech_glue_oid_desc)
extern gss_OID_desc __gss_c_ma_not_mech_oid_desc;
#define GSS_C_MA_NOT_MECH (&__gss_c_ma_not_mech_oid_desc)
extern gss_OID_desc __gss_c_ma_deprecated_oid_desc;
#define GSS_C_MA_DEPRECATED (&__gss_c_ma_deprecated_oid_desc)
extern gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc;
#define GSS_C_MA_NOT_DFLT_MECH (&__gss_c_ma_not_dflt_mech_oid_desc)
extern gss_OID_desc __gss_c_ma_itok_framed_oid_desc;
#define GSS_C_MA_ITOK_FRAMED (&__gss_c_ma_itok_framed_oid_desc)
extern gss_OID_desc __gss_c_ma_auth_init_oid_desc;
#define GSS_C_MA_AUTH_INIT (&__gss_c_ma_auth_init_oid_desc)
extern gss_OID_desc __gss_c_ma_auth_targ_oid_desc;
#define GSS_C_MA_AUTH_TARG (&__gss_c_ma_auth_targ_oid_desc)
extern gss_OID_desc __gss_c_ma_auth_init_init_oid_desc;
#define GSS_C_MA_AUTH_INIT_INIT (&__gss_c_ma_auth_init_init_oid_desc)
extern gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc;
#define GSS_C_MA_AUTH_TARG_INIT (&__gss_c_ma_auth_targ_init_oid_desc)
extern gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc;
#define GSS_C_MA_AUTH_INIT_ANON (&__gss_c_ma_auth_init_anon_oid_desc)
extern gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc;
#define GSS_C_MA_AUTH_TARG_ANON (&__gss_c_ma_auth_targ_anon_oid_desc)
extern gss_OID_desc __gss_c_ma_deleg_cred_oid_desc;
#define GSS_C_MA_DELEG_CRED (&__gss_c_ma_deleg_cred_oid_desc)
extern gss_OID_desc __gss_c_ma_integ_prot_oid_desc;
#define GSS_C_MA_INTEG_PROT (&__gss_c_ma_integ_prot_oid_desc)
extern gss_OID_desc __gss_c_ma_conf_prot_oid_desc;
#define GSS_C_MA_CONF_PROT (&__gss_c_ma_conf_prot_oid_desc)
extern gss_OID_desc __gss_c_ma_mic_oid_desc;
#define GSS_C_MA_MIC (&__gss_c_ma_mic_oid_desc)
extern gss_OID_desc __gss_c_ma_wrap_oid_desc;
#define GSS_C_MA_WRAP (&__gss_c_ma_wrap_oid_desc)
extern gss_OID_desc __gss_c_ma_prot_ready_oid_desc;
#define GSS_C_MA_PROT_READY (&__gss_c_ma_prot_ready_oid_desc)
extern gss_OID_desc __gss_c_ma_replay_det_oid_desc;
#define GSS_C_MA_REPLAY_DET (&__gss_c_ma_replay_det_oid_desc)
extern gss_OID_desc __gss_c_ma_oos_det_oid_desc;
#define GSS_C_MA_OOS_DET (&__gss_c_ma_oos_det_oid_desc)
extern gss_OID_desc __gss_c_ma_cbindings_oid_desc;
#define GSS_C_MA_CBINDINGS (&__gss_c_ma_cbindings_oid_desc)
extern gss_OID_desc __gss_c_ma_pfs_oid_desc;
#define GSS_C_MA_PFS (&__gss_c_ma_pfs_oid_desc)
extern gss_OID_desc __gss_c_ma_compress_oid_desc;
#define GSS_C_MA_COMPRESS (&__gss_c_ma_compress_oid_desc)
extern gss_OID_desc __gss_c_ma_ctx_trans_oid_desc;
#define GSS_C_MA_CTX_TRANS (&__gss_c_ma_ctx_trans_oid_desc)
#endif /* GSSAPI_GSSAPI_OID */

80
lib/gssapi/gssapi_mech.h
View File

@@ -354,7 +354,60 @@ _gss_import_cred_t(OM_uint32 * minor_status,
gss_cred_id_t * cred_handle);
#define GMI_VERSION 2
typedef OM_uint32
_gss_acquire_cred_ex_t(void * /* status */,
const gss_name_t /* desired_name */,
OM_uint32 /* flags */,
OM_uint32 /* time_req */,
gss_cred_usage_t /* cred_usage */,
void * /* identity */,
void * /* ctx */,
void (* /*complete */)(void *, OM_uint32, void *, gss_cred_id_t, OM_uint32));
typedef void
_gss_iter_creds_t(OM_uint32 /* flags */,
void * /* userctx */,
void (* /*cred_iter */ )(void *, gss_OID, gss_cred_id_t));
typedef OM_uint32
_gss_destroy_cred_t(OM_uint32 * /* minor_status */,
gss_cred_id_t */* cred */);
typedef OM_uint32
_gss_cred_hold_t(OM_uint32 * /* minor_status */,
gss_cred_id_t /* cred */);
typedef OM_uint32
_gss_cred_unhold_t(OM_uint32 * /* minor_status */,
gss_cred_id_t /* cred */);
typedef OM_uint32
_gss_cred_label_set_t(OM_uint32 * /* minor_status */,
gss_cred_id_t /* cred */,
const char * /* label */,
gss_buffer_t /* value */);
typedef OM_uint32
_gss_cred_label_get_t(OM_uint32 * /* minor_status */,
gss_cred_id_t /* cred */,
const char * /* label */,
gss_buffer_t /* value */);
typedef struct gss_mo_desc_struct gss_mo_desc;
struct gss_mo_desc_struct {
gss_OID option;
OM_uint32 flags;
#define GSS_MO_MA 1
#define GSS_MO_MA_CRITICAL 2
const char *name;
void *ctx;
int (*get)(gss_const_OID, gss_mo_desc *, gss_buffer_t);
int (*set)(gss_const_OID, gss_mo_desc *, int, gss_buffer_t);
};
#define GMI_VERSION 4
/* gm_flags */
#define GM_USE_MG_CRED 1 /* uses mech glue credentials */
@@ -405,10 +458,19 @@ typedef struct gssapi_mech_interface_desc {
_gss_store_cred_t *gm_store_cred;
_gss_export_cred_t *gm_export_cred;
_gss_import_cred_t *gm_import_cred;
_gss_acquire_cred_ex_t *gm_acquire_cred_ex;
_gss_iter_creds_t *gm_iter_creds;
_gss_destroy_cred_t *gm_destroy_cred;
_gss_cred_hold_t *gm_cred_hold;
_gss_cred_unhold_t *gm_cred_unhold;
_gss_cred_label_get_t *gm_cred_label_get;
_gss_cred_label_set_t *gm_cred_label_set;
gss_mo_desc *gm_mo;
size_t gm_mo_num;
} gssapi_mech_interface_desc, *gssapi_mech_interface;
gssapi_mech_interface
__gss_get_mechanism(gss_OID /* oid */);
__gss_get_mechanism(gss_const_OID /* oid */);
gssapi_mech_interface __gss_spnego_initialize(void);
gssapi_mech_interface __gss_krb5_initialize(void);
@@ -416,4 +478,18 @@ gssapi_mech_interface __gss_ntlm_initialize(void);
void gss_mg_collect_error(gss_OID, OM_uint32, OM_uint32);
int _gss_mo_get_option_1(gss_const_OID, gss_mo_desc *, gss_buffer_t);
int _gss_mo_get_option_0(gss_const_OID, gss_mo_desc *, gss_buffer_t);
int _gss_mo_get_ctx_as_string(gss_const_OID, gss_mo_desc *, gss_buffer_t);
struct _gss_oid_name_table {
gss_OID oid;
const char *name;
const char *short_desc;
const char *long_desc;
};
extern struct _gss_oid_name_table _gss_ont_mech[];
extern struct _gss_oid_name_table _gss_ont_ma[];
#endif /* GSSAPI_MECH_H */

155
lib/gssapi/gss.c → lib/gssapi/gsstool.c
View File

@@ -3,6 +3,8 @@
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2009 - 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -31,9 +33,7 @@
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <gssapi.h>
@@ -45,7 +45,7 @@
#include <getarg.h>
#include <rtbl.h>
#include <gss-commands.h>
#include <krb5.h>
static int version_flag = 0;
static int help_flag = 0;
@@ -65,6 +65,11 @@ usage (int ret)
#define COL_OID "OID"
#define COL_NAME "Name"
#define COL_DESC "Description"
#define COL_VALUE "Value"
#define COL_MECH "Mech"
#define COL_EXPIRE "Expire"
#define COL_SASL "SASL"
int
supported_mechanisms(void *argptr, int argc, char **argv)
@@ -87,24 +92,37 @@ supported_mechanisms(void *argptr, int argc, char **argv)
rtbl_set_separator(ct, " ");
rtbl_add_column(ct, COL_OID, 0);
rtbl_add_column(ct, COL_NAME, 0);
rtbl_add_column(ct, COL_DESC, 0);
rtbl_add_column(ct, COL_SASL, 0);
for (i = 0; i < mechs->count; i++) {
gss_buffer_desc name;
gss_buffer_desc str, sasl_name, mech_name, mech_desc;
maj_stat = gss_oid_to_str(&min_stat, &mechs->elements[i], &name);
maj_stat = gss_oid_to_str(&min_stat, &mechs->elements[i], &str);
if (maj_stat != GSS_S_COMPLETE)
errx(1, "gss_oid_to_str failed");
rtbl_add_column_entryv(ct, COL_OID, "%.*s",
(int)name.length, (char *)name.value);
gss_release_buffer(&min_stat, &name);
(int)str.length, (char *)str.value);
gss_release_buffer(&min_stat, &str);
(void)gss_inquire_saslname_for_mech(&min_stat,
&mechs->elements[i],
&sasl_name,
&mech_name,
&mech_desc);
rtbl_add_column_entryv(ct, COL_NAME, "%.*s",
(int)mech_name.length, (char *)mech_name.value);
rtbl_add_column_entryv(ct, COL_DESC, "%.*s",
(int)mech_desc.length, (char *)mech_desc.value);
rtbl_add_column_entryv(ct, COL_SASL, "%.*s",
(int)sasl_name.length, (char *)sasl_name.value);
gss_release_buffer(&min_stat, &mech_name);
gss_release_buffer(&min_stat, &mech_desc);
gss_release_buffer(&min_stat, &sasl_name);
if (gss_oid_equal(&mechs->elements[i], GSS_KRB5_MECHANISM))
rtbl_add_column_entry(ct, COL_NAME, "Kerberos 5");
else if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
rtbl_add_column_entry(ct, COL_NAME, "SPNEGO");
else if (gss_oid_equal(&mechs->elements[i], GSS_NTLM_MECHANISM))
rtbl_add_column_entry(ct, COL_NAME, "NTLM");
}
gss_release_oid_set(&min_stat, &mechs);
@@ -114,57 +132,88 @@ supported_mechanisms(void *argptr, int argc, char **argv)
return 0;
}
#if 0
/*
*
*/
void static
print_mech_attr(const char *mechname, gss_const_OID mech, gss_OID_set set)
{
gss_buffer_desc name, desc;
OM_uint32 major, minor;
rtbl_t ct;
size_t n;
#define DOVEDOT_MAJOR_VERSION 1
#define DOVEDOT_MINOR_VERSION 0
ct = rtbl_create();
if (ct == NULL)
errx(1, "rtbl_create");
/*
S: MECH mech mech-parameters
S: MECH mech mech-parameters
S: VERSION major minor
S: CPID pid
S: CUID pid
S: ...
S: DONE
C: VERSION major minor
C: CPID pid
rtbl_set_separator(ct, " ");
rtbl_add_column(ct, COL_OID, 0);
rtbl_add_column(ct, COL_DESC, 0);
if (mech)
rtbl_add_column(ct, COL_VALUE, 0);
C: AUTH id method service= resp=
C: CONT id message
for (n = 0; n < set->count; n++) {
major = gss_display_mech_attr(&minor, &set->elements[n], &name, &desc, NULL);
if (major)
continue;
rtbl_add_column_entryv(ct, COL_OID, "%.*s",
(int)name.length, (char *)name.value);
rtbl_add_column_entryv(ct, COL_DESC, "%.*s",
(int)desc.length, (char *)desc.value);
if (mech) {
gss_buffer_desc value;
if (gss_mo_get(mech, &set->elements[n], &value) != 0)
value.length = 0;
if (value.length)
rtbl_add_column_entryv(ct, COL_VALUE, "%.*s",
(int)value.length, (char *)value.value);
else
rtbl_add_column_entryv(ct, COL_VALUE, "<>");
gss_release_buffer(&minor, &value);
}
gss_release_buffer(&minor, &name);
gss_release_buffer(&minor, &desc);
}
printf("attributes for: %s\n", mechname);
rtbl_format(ct, stdout);
rtbl_destroy(ct);
}
S: OK id user=
S: FAIL id reason=
S: CONTINUE id message
*/
int
dovecot_server(void *argptr, int argc, char **argv)
attrs_for_mech(struct attrs_for_mech_options *opt, int argc, char **argv)
{
krb5_storage *sp;
int fd = 0;
gss_OID_set mech_attr = NULL, known_mech_attrs = NULL;
gss_OID mech = GSS_C_NO_OID;
OM_uint32 major, minor;
sp = krb5_storage_from_fd(fd);
if (sp == NULL)
errx(1, "krb5_storage_from_fd");
krb5_store_stringnl(sp, "MECH\tGSSAPI");
krb5_store_stringnl(sp, "VERSION\t1\t0");
krb5_store_stringnl(sp, "DONE");
while (1) {
char *cmd;
if (krb5_ret_stringnl(sp, &cmd) != 0)
break;
printf("cmd: %s\n", cmd);
free(cmd);
if (opt->mech_string) {
mech = gss_name_to_oid(opt->mech_string);
if (mech == NULL)
errx(1, "mech %s is unknown", opt->mech_string);
}
major = gss_inquire_attrs_for_mech(&minor, mech, &mech_attr, &known_mech_attrs);
if (major)
errx(1, "gss_inquire_attrs_for_mech");
if (mech) {
print_mech_attr(opt->mech_string, mech, mech_attr);
}
if (opt->all_flag) {
print_mech_attr("all mechs", NULL, known_mech_attrs);
}
gss_release_oid_set(&minor, &mech_attr);
gss_release_oid_set(&minor, &known_mech_attrs);
return 0;
}
#endif
/*
*

238
lib/gssapi/krb5/external.c
View File

@@ -152,47 +152,6 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc =
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
{10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) user_name(1)}. The recommended symbolic name for this
* type is "GSS_KRB5_NT_USER_NAME".
*/
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) machine_uid_name(2)}. The recommended symbolic name for
* this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
*/
/*
* This name form shall be represented by the Object Identifier {iso(1)
* member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
* generic(1) string_uid_name(3)}. The recommended symbolic name for
* this type is "GSS_KRB5_NT_STRING_UID_NAME".
*/
/*
* To support ongoing experimentation, testing, and evolution of the
* specification, the Kerberos V5 GSS-API mechanism as defined in this
* and any successor memos will be identified with the following Object
* Identifier, as defined in RFC-1510, until the specification is
* advanced to the level of Proposed Standard RFC:
*
* {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
*
* Upon advancement to the level of Proposed Standard RFC, the Kerberos
* V5 GSS-API mechanism will be identified by an Object Identifier
* having the value:
*
* {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
* gssapi(2) krb5(2)}
*/
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc =
{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
/*
* draft-ietf-cat-iakerb-09, IAKERB:
* The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
@@ -212,105 +171,101 @@ gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc =
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
{7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
/*
*
*/
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc =
{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
/*
* 1.2.752.43.13 Heimdal GSS-API Extentions
*/
/* 1.2.752.43.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
/* 1.2.752.43.13.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
/* 1.2.752.43.13.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
/* 1.2.752.43.13.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
/* 1.2.752.43.13.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
/* 1.2.752.43.13.6 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
/* 1.2.752.43.13.6.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc =
{7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
/* 1.2.752.43.13.7 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
/* 1.2.752.43.13.8 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
/* 1.2.752.43.13.9 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
/* 1.2.752.43.13.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
/* 1.2.752.43.13.11 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
/* 1.2.752.43.13.12 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
/* 1.2.752.43.13.13 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
/* 1.2.752.43.13.14 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
/* 1.2.752.43.13.15 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
/* 1.2.752.43.13.16 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
/* 1.2.752.43.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
/* 1.2.752.43.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
/* 1.2.752.43.13.19 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13")};
/* 1.2.752.43.14.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
/*
* Context for krb5 calls.
*/
static gss_mo_desc krb5_mo[] = {
{
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
"GS2-KRB5",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
"KRB5",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
"Heimdal Kerberos 5 mech",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_CONCRETE,
GSS_MO_MA
},
{
GSS_C_MA_ITOK_FRAMED,
GSS_MO_MA
},
{
GSS_C_MA_AUTH_INIT,
GSS_MO_MA
},
{
GSS_C_MA_AUTH_TARG,
GSS_MO_MA
},
{
GSS_C_MA_AUTH_INIT_ANON,
GSS_MO_MA
},
{
GSS_C_MA_DELEG_CRED,
GSS_MO_MA
},
{
GSS_C_MA_INTEG_PROT,
GSS_MO_MA
},
{
GSS_C_MA_CONF_PROT,
GSS_MO_MA
},
{
GSS_C_MA_MIC,
GSS_MO_MA
},
{
GSS_C_MA_WRAP,
GSS_MO_MA
},
{
GSS_C_MA_PROT_READY,
GSS_MO_MA
},
{
GSS_C_MA_REPLAY_DET,
GSS_MO_MA
},
{
GSS_C_MA_OOS_DET,
GSS_MO_MA
},
{
GSS_C_MA_CBINDINGS,
GSS_MO_MA
},
{
GSS_C_MA_PFS,
GSS_MO_MA
},
{
GSS_C_MA_CTX_TRANS,
GSS_MO_MA
}
};
/*
*
*/
@@ -359,7 +314,16 @@ static gssapi_mech_interface_desc krb5_mech = {
_gk_wrap_iov_length,
_gsskrb5_store_cred,
_gsskrb5_export_cred,
_gsskrb5_import_cred
_gsskrb5_import_cred,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
krb5_mo,
sizeof(krb5_mo) / sizeof(krb5_mo[0])
};
gssapi_mech_interface

9
lib/gssapi/krb5/set_cred_option.c
View File

@@ -32,15 +32,6 @@
#include "gsskrb5_locl.h"
/* 1.2.752.43.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
/* 1.2.752.43.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc =
{6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
static OM_uint32
import_cred(OM_uint32 *minor_status,
krb5_context context,

2
lib/gssapi/mech/gss_mech_switch.c
View File

@@ -353,7 +353,7 @@ _gss_load_mech(void)
}
gssapi_mech_interface
__gss_get_mechanism(gss_OID mech)
__gss_get_mechanism(gss_const_OID mech)
{
struct _gss_mech_switch *m;

464
lib/gssapi/mech/gss_mo.c Normal file
View File

@@ -0,0 +1,464 @@
/*
* Copyright (c) 2010 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Portions Copyright (c) 2010 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "mech_locl.h"
static int
get_option_def(int def, gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
return def;
}
int
_gss_mo_get_option_1(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
return get_option_def(1, mech, mo, value);
}
int
_gss_mo_get_option_0(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
return get_option_def(0, mech, mo, value);
}
int
_gss_mo_get_ctx_as_string(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
{
if (value) {
value->value = strdup((char *)mo->ctx);
if (value->value == NULL)
return 1;
value->length = strlen((char *)mo->ctx);
}
return 0;
}
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_mo_set(gss_const_OID mech, gss_const_OID option,
int enable, gss_buffer_t value)
{
gssapi_mech_interface m;
size_t n;
if ((m = __gss_get_mechanism(mech)) == NULL)
return GSS_S_BAD_MECH;
for (n = 0; n < m->gm_mo_num; n++)
if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].set)
return m->gm_mo[n].set(mech, &m->gm_mo[n], enable, value);
return 0;
}
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_mo_get(gss_const_OID mech, gss_const_OID option, gss_buffer_t value)
{
gssapi_mech_interface m;
size_t n;
_mg_buffer_zero(value);
if ((m = __gss_get_mechanism(mech)) == NULL)
return 0;
for (n = 0; n < m->gm_mo_num; n++)
if (gss_oid_equal(option, m->gm_mo[n].option) && m->gm_mo[n].get)
return m->gm_mo[n].get(mech, &m->gm_mo[n], value);
return 0;
}
static void
add_all_mo(gssapi_mech_interface m, gss_OID_set *options, OM_uint32 mask)
{
OM_uint32 minor;
size_t n;
for (n = 0; n < m->gm_mo_num; n++)
if ((m->gm_mo[n].flags & mask) == mask)
gss_add_oid_set_member(&minor, m->gm_mo[n].option, options);
}
GSSAPI_LIB_FUNCTION void GSSAPI_LIB_CALL
gss_mo_list(gss_const_OID mech, gss_OID_set *options)
{
gssapi_mech_interface m;
OM_uint32 major, minor;
if (options == NULL)
return;
*options = GSS_C_NO_OID_SET;
if ((m = __gss_get_mechanism(mech)) == NULL)
return;
major = gss_create_empty_oid_set(&minor, options);
if (major != GSS_S_COMPLETE)
return;
add_all_mo(m, options, 0);
}
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_mo_name(gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
{
gssapi_mech_interface m;
size_t n;
if (name == NULL)
return GSS_S_BAD_NAME;
if ((m = __gss_get_mechanism(mech)) == NULL)
return GSS_S_BAD_MECH;
for (n = 0; n < m->gm_mo_num; n++) {
if (gss_oid_equal(option, m->gm_mo[n].option)) {
/*
* If ther is no name, its because its a GSS_C_MA and there is already a table for that.
*/
if (m->gm_mo[n].name) {
name->value = strdup(m->gm_mo[n].name);
if (name->value == NULL)
return GSS_S_BAD_NAME;
name->length = strlen(m->gm_mo[n].name);
return GSS_S_COMPLETE;
} else {
OM_uint32 junk;
return gss_display_mech_attr(&junk, option,
NULL, name, NULL);
}
}
}
return GSS_S_BAD_NAME;
}
/*
* Helper function to allow NULL name
*/
static OM_uint32
mo_value(const gss_const_OID mech, gss_const_OID option, gss_buffer_t name)
{
if (name == NULL)
return GSS_S_COMPLETE;
if (gss_mo_get(mech, option, name) != 0 && name->length == 0)
return GSS_S_FAILURE;
return GSS_S_COMPLETE;
}
/**
* Returns differnt protocol names and description of the mechanism.
*
* @param minor_status minor status code
* @param desired_mech mech list query
* @param sasl_mech_name SASL GS2 protocol name
* @param mech_name gssapi protocol name
* @param mech_description description of gssapi mech
*
* @return returns GSS_S_COMPLETE or a error code.
*
* @ingroup gssapi
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_saslname_for_mech(OM_uint32 *minor_status,
const gss_OID desired_mech,
gss_buffer_t sasl_mech_name,
gss_buffer_t mech_name,
gss_buffer_t mech_description)
{
OM_uint32 major;
_mg_buffer_zero(sasl_mech_name);
_mg_buffer_zero(mech_name);
_mg_buffer_zero(mech_description);
if (minor_status)
*minor_status = 0;
if (desired_mech == NULL)
return GSS_S_BAD_MECH;
major = mo_value(desired_mech, GSS_C_MA_SASL_MECH_NAME, sasl_mech_name);
if (major) return major;
major = mo_value(desired_mech, GSS_C_MA_MECH_NAME, mech_name);
if (major) return major;
major = mo_value(desired_mech, GSS_C_MA_MECH_DESCRIPTION, mech_description);
if (major) return major;
return GSS_S_COMPLETE;
}
/**
* Find a mech for a sasl name
*
* @param minor_status minor status code
* @param sasl_mech_name
* @param mech_type
*
* @return returns GSS_S_COMPLETE or an error code.
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_mech_for_saslname(OM_uint32 *minor_status,
const gss_buffer_t sasl_mech_name,
gss_OID *mech_type)
{
struct _gss_mech_switch *m;
gss_buffer_desc name;
OM_uint32 major;
_gss_load_mech();
*mech_type = NULL;
SLIST_FOREACH(m, &_gss_mechs, gm_link) {
major = mo_value(&m->gm_mech_oid, GSS_C_MA_SASL_MECH_NAME, &name);
if (major)
continue;
if (name.length == sasl_mech_name->length &&
memcmp(name.value, sasl_mech_name->value, name.length) == 0) {
gss_release_buffer(&major, &name);
*mech_type = &m->gm_mech_oid;
return 0;
}
gss_release_buffer(&major, &name);
}
return GSS_S_BAD_MECH;
}
/**
* Return set of mechanism that fullfill the criteria
*
* @param minor_status minor status code
* @param desired_mech_attrs
* @param except_mech_attrs
* @param critical_mech_attrs
* @param mechs returned mechs, free with gss_release_oid_set().
*
* @return returns GSS_S_COMPLETE or an error code.
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_indicate_mechs_by_attrs(OM_uint32 * minor_status,
gss_const_OID_set desired_mech_attrs,
gss_const_OID_set except_mech_attrs,
gss_const_OID_set critical_mech_attrs,
gss_OID_set *mechs)
{
struct _gss_mech_switch *ms;
OM_uint32 major;
size_t n, m;
major = gss_create_empty_oid_set(minor_status, mechs);
if (major)
return major;
_gss_load_mech();
SLIST_FOREACH(ms, &_gss_mechs, gm_link) {
gssapi_mech_interface mi = &ms->gm_mech;
if (desired_mech_attrs) {
for (n = 0; n < desired_mech_attrs->count; n++) {
for (m = 0; m < mi->gm_mo_num; m++)
if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
break;
if (m == mi->gm_mo_num)
goto next;
}
}
if (except_mech_attrs) {
for (n = 0; n < desired_mech_attrs->count; n++) {
for (m = 0; m < mi->gm_mo_num; m++) {
if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
goto next;
}
}
}
if (critical_mech_attrs) {
for (n = 0; n < desired_mech_attrs->count; n++) {
for (m = 0; m < mi->gm_mo_num; m++) {
if (mi->gm_mo[m].flags & GSS_MO_MA_CRITICAL)
continue;
if (gss_oid_equal(mi->gm_mo[m].option, &desired_mech_attrs->elements[n]))
break;
}
if (m == mi->gm_mo_num)
goto next;
}
}
next:
do { } while(0);
}
return GSS_S_FAILURE;
}
/**
* List support attributes for a mech and/or all mechanisms.
*
* @param minor_status minor status code
* @param mech given together with mech_attr will return the list of
* attributes for mechanism, can optionally be GSS_C_NO_OID.
* @param mech_attr see mech parameter, can optionally be NULL,
* release with gss_release_oid_set().
* @param known_mech_attrs all attributes for mechanisms supported,
* release with gss_release_oid_set().
*
* @ingroup gssapi
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_attrs_for_mech(OM_uint32 * minor_status,
gss_const_OID mech,
gss_OID_set *mech_attr,
gss_OID_set *known_mech_attrs)
{
OM_uint32 major, junk;
if (mech_attr && mech) {
gssapi_mech_interface m;
if ((m = __gss_get_mechanism(mech)) == NULL) {
*minor_status = 0;
return GSS_S_BAD_MECH;
}
major = gss_create_empty_oid_set(minor_status, mech_attr);
if (major != GSS_S_COMPLETE)
return major;
add_all_mo(m, mech_attr, GSS_MO_MA);
}
if (known_mech_attrs) {
struct _gss_mech_switch *m;
major = gss_create_empty_oid_set(minor_status, known_mech_attrs);
if (major) {
if (mech_attr)
gss_release_oid_set(&junk, mech_attr);
return major;
}
_gss_load_mech();
SLIST_FOREACH(m, &_gss_mechs, gm_link)
add_all_mo(&m->gm_mech, known_mech_attrs, GSS_MO_MA);
}
return GSS_S_COMPLETE;
}
/**
* Return names and descriptions of mech attributes
*
* @param minor_status minor status code
* @param mech_attr
* @param name
* @param short_desc
* @param long_desc
*
* @return returns GSS_S_COMPLETE or an error code.
*/
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_display_mech_attr(OM_uint32 * minor_status,
gss_const_OID mech_attr,
gss_buffer_t name,
gss_buffer_t short_desc,
gss_buffer_t long_desc)
{
struct _gss_oid_name_table *ma = NULL;
OM_uint32 major;
size_t n;
_mg_buffer_zero(name);
_mg_buffer_zero(short_desc);
_mg_buffer_zero(long_desc);
if (minor_status)
*minor_status = 0;
for (n = 0; ma == NULL && _gss_ont_ma[n].oid; n++)
if (gss_oid_equal(mech_attr, _gss_ont_ma[n].oid))
ma = &_gss_ont_ma[n];
if (ma == NULL)
return GSS_S_BAD_MECH_ATTR;
if (name) {
gss_buffer_desc n;
n.value = rk_UNCONST(ma->name);
n.length = strlen(ma->name);
major = _gss_copy_buffer(minor_status, &n, name);
if (major != GSS_S_COMPLETE)
return major;
}
if (short_desc) {
gss_buffer_desc n;
n.value = rk_UNCONST(ma->short_desc);
n.length = strlen(ma->short_desc);
major = _gss_copy_buffer(minor_status, &n, short_desc);
if (major != GSS_S_COMPLETE)
return major;
}
if (long_desc) {
gss_buffer_desc n;
n.value = rk_UNCONST(ma->long_desc);
n.length = strlen(ma->long_desc);
major = _gss_copy_buffer(minor_status, &n, long_desc);
if (major != GSS_S_COMPLETE)
return major;
}
return GSS_S_COMPLETE;
}

243
lib/gssapi/mech/gss_oid.c Normal file
View File

@@ -0,0 +1,243 @@
#include "gssapi.h"
#include "gssapi_mech.h"
/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */
gss_OID_desc __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" };
/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */
gss_OID_desc __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" };
/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */
gss_OID_desc __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" };
/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */
gss_OID_desc __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" };
/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */
gss_OID_desc __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */
gss_OID_desc __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */
gss_OID_desc __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" };
/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */
gss_OID_desc __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" };
/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */
gss_OID_desc __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" };
/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */
gss_OID_desc __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" };
/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */
gss_OID_desc __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" };
/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */
gss_OID_desc __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" };
/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */
gss_OID_desc __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" };
/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */
gss_OID_desc __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" };
/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */
gss_OID_desc __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" };
/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */
gss_OID_desc __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" };
/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */
gss_OID_desc __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" };
/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */
gss_OID_desc __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" };
/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */
gss_OID_desc __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" };
/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */
gss_OID_desc __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" };
/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */
gss_OID_desc __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" };
/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */
gss_OID_desc __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" };
/* GSS_C_NT_DN - 1.2.752.43.13.22 */
gss_OID_desc __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" };
/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */
gss_OID_desc __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" };
/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */
gss_OID_desc __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" };
/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */
gss_OID_desc __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" };
/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */
gss_OID_desc __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" };
/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */
gss_OID_desc __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" };
/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */
gss_OID_desc __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" };
/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */
gss_OID_desc __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" };
/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */
gss_OID_desc __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" };
/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */
gss_OID_desc __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" };
/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */
gss_OID_desc __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" };
/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */
gss_OID_desc __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" };
/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */
gss_OID_desc __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" };
/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
gss_OID_desc __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
gss_OID_desc __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */
gss_OID_desc __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" };
/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */
gss_OID_desc __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" };
/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
gss_OID_desc __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" };
/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */
gss_OID_desc __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" };
/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */
gss_OID_desc __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" };
/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */
gss_OID_desc __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" };
/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */
gss_OID_desc __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" };
/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */
gss_OID_desc __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" };
/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */
gss_OID_desc __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" };
/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */
gss_OID_desc __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" };
/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */
gss_OID_desc __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" };
/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */
gss_OID_desc __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" };
/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */
gss_OID_desc __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" };
/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */
gss_OID_desc __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" };
/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */
gss_OID_desc __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" };
/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */
gss_OID_desc __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" };
/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */
gss_OID_desc __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" };
/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */
gss_OID_desc __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" };
/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */
gss_OID_desc __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" };
/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */
gss_OID_desc __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" };
/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */
gss_OID_desc __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" };
/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */
gss_OID_desc __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" };
/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */
gss_OID_desc __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" };
/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */
gss_OID_desc __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" };
/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */
gss_OID_desc __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" };
/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */
gss_OID_desc __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" };
/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */
gss_OID_desc __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" };
/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */
gss_OID_desc __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" };
/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */
gss_OID_desc __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" };
struct _gss_oid_name_table _gss_ont_ma[] = {
{ GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" },
{ GSS_C_MA_AUTH_TARG_INIT, "GSS_C_MA_AUTH_TARG_INIT", "auth-targ-princ-initial", "" },
{ GSS_C_MA_CBINDINGS, "GSS_C_MA_CBINDINGS", "channel-bindings", "" },
{ GSS_C_MA_WRAP, "GSS_C_MA_WRAP", "wrap", "" },
{ GSS_C_MA_ITOK_FRAMED, "GSS_C_MA_ITOK_FRAMED", "initial-is-framed", "" },
{ GSS_C_MA_MECH_NEGO, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "" },
{ GSS_C_MA_MECH_COMPOSITE, "GSS_C_MA_MECH_COMPOSITE", "composite-mech", "" },
{ GSS_C_MA_REPLAY_DET, "GSS_C_MA_REPLAY_DET", "replay-detection", "" },
{ GSS_C_MA_AUTH_INIT_ANON, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "" },
{ GSS_C_MA_PROT_READY, "GSS_C_MA_PROT_READY", "prot-ready", "" },
{ GSS_C_MA_AUTH_INIT, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "" },
{ GSS_C_MA_PFS, "GSS_C_MA_PFS", "pfs", "" },
{ GSS_C_MA_CONF_PROT, "GSS_C_MA_CONF_PROT", "conf-prot", "" },
{ GSS_C_MA_MECH_PSEUDO, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "" },
{ GSS_C_MA_AUTH_TARG, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "" },
{ GSS_C_MA_MECH_NAME, "GSS_C_MA_MECH_NAME", "GSS mech name", "The name of the GSS-API mechanism" },
{ GSS_C_MA_NOT_MECH, "GSS_C_MA_NOT_MECH", "not-mech", "" },
{ GSS_C_MA_MIC, "GSS_C_MA_MIC", "mic", "" },
{ GSS_C_MA_DEPRECATED, "GSS_C_MA_DEPRECATED", "mech-deprecated", "" },
{ GSS_C_MA_MECH_GLUE, "GSS_C_MA_MECH_GLUE", "mech-glue", "" },
{ GSS_C_MA_DELEG_CRED, "GSS_C_MA_DELEG_CRED", "deleg-cred", "" },
{ GSS_C_MA_NOT_DFLT_MECH, "GSS_C_MA_NOT_DFLT_MECH", "mech-not-default", "" },
{ GSS_C_MA_AUTH_TARG_ANON, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "" },
{ GSS_C_MA_INTEG_PROT, "GSS_C_MA_INTEG_PROT", "integ-prot", "" },
{ GSS_C_MA_CTX_TRANS, "GSS_C_MA_CTX_TRANS", "context-transfer", "" },
{ GSS_C_MA_MECH_DESCRIPTION, "GSS_C_MA_MECH_DESCRIPTION", "Mech description", "The long description of the mechanism" },
{ GSS_C_MA_OOS_DET, "GSS_C_MA_OOS_DET", "oos-detection", "" },
{ GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" },
{ GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" },
{ GSS_C_MA_SASL_MECH_NAME, "GSS_C_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" },
{ NULL }
};
struct _gss_oid_name_table _gss_ont_mech[] = {
{ GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" },
{ GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" },
{ GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" },
{ NULL }
};

2
lib/gssapi/mech/gss_oid_equal.c
View File

@@ -48,7 +48,7 @@
*/
GSSAPI_LIB_FUNCTION int GSSAPI_LIB_CALL
gss_oid_equal(const gss_OID a, const gss_OID b)
gss_oid_equal(gss_const_OID a, gss_const_OID b)
{
if (a == b && a != GSS_C_NO_OID)
return 1;

31
lib/gssapi/mech/gss_oid_to_str.c
View File

@@ -65,3 +65,34 @@ gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str)
*minor_status = 0;
return GSS_S_COMPLETE;
}
GSSAPI_LIB_FUNCTION const char * GSSAPI_LIB_CALL
gss_oid_to_name(gss_const_OID oid)
{
size_t i;
for (i = 0; _gss_ont_mech[i].oid; i++) {
if (gss_oid_equal(oid, _gss_ont_mech[i].oid))
return _gss_ont_mech[i].name;
}
return NULL;
}
GSSAPI_LIB_FUNCTION gss_OID GSSAPI_LIB_CALL
gss_name_to_oid(const char *name)
{
size_t i, partial = (size_t)-1;
for (i = 0; _gss_ont_mech[i].oid; i++) {
if (strcasecmp(name, _gss_ont_mech[i].short_desc) == 0)
return _gss_ont_mech[i].oid;
if (strncasecmp(name, _gss_ont_mech[i].short_desc, strlen(name)) == 0) {
if (partial != (size_t)-1)
return NULL;
partial = i;
}
}
if (partial != (size_t)-1)
return _gss_ont_mech[partial].oid;
return NULL;
}

15
lib/gssapi/mech/mech_locl.h
View File

@@ -64,4 +64,17 @@
#include "utils.h"
#define _mg_buffer_zero(buffer) \
do { (buffer)->value = NULL; (buffer)->length = 0; } while(0)
do { \
if (buffer) { \
(buffer)->value = NULL; \
(buffer)->length = 0; \
} \
} while(0)
#define _mg_oid_set_zero(oid_set) \
do { \
if (oid_set) { \
(oid_set)->elements = NULL; \
(oid_set)->count = 0; \
} \
} while(0)

52
lib/gssapi/ntlm/external.c
View File

@@ -33,6 +33,33 @@
#include "ntlm.h"
static gss_mo_desc ntlm_mo[] = {
{
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
"NTLM",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
"NTLMSPP",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
"Heimdal NTLMSSP Mechanism",
_gss_mo_get_ctx_as_string,
NULL
}
};
static gssapi_mech_interface_desc ntlm_mech = {
GMI_VERSION,
"ntlm",
@@ -66,7 +93,27 @@ static gssapi_mech_interface_desc ntlm_mech = {
_gss_ntlm_inquire_names_for_mech,
_gss_ntlm_inquire_mechs_for_name,
_gss_ntlm_canonicalize_name,
_gss_ntlm_duplicate_name
_gss_ntlm_duplicate_name,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
ntlm_mo,
sizeof(ntlm_mo) / sizeof(ntlm_mo[0])
};
gssapi_mech_interface
@@ -74,6 +121,3 @@ __gss_ntlm_initialize(void)
{
return &ntlm_mech;
}
gss_OID_desc __gss_ntlm_mechanism_oid_desc =
{10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") };

132
lib/gssapi/oid.txt Normal file
View File

@@ -0,0 +1,132 @@
# /* contact Love Hörnquist Åstrand <lha@h5l.org> for new oid arcs */
# /*
# * 1.2.752.43.13 Heimdal GSS-API Extentions
# */
oid base GSS_KRB5_COPY_CCACHE_X 1.2.752.43.13.1
oid base GSS_KRB5_GET_TKT_FLAGS_X 1.2.752.43.13.2
oid base GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X 1.2.752.43.13.3
oid base GSS_KRB5_COMPAT_DES3_MIC_X 1.2.752.43.13.4
oid base GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X 1.2.752.43.13.5
oid base GSS_KRB5_EXPORT_LUCID_CONTEXT_X 1.2.752.43.13.6
oid base GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X 1.2.752.43.13.6.1
oid base GSS_KRB5_SET_DNS_CANONICALIZE_X 1.2.752.43.13.7
oid base GSS_KRB5_GET_SUBKEY_X 1.2.752.43.13.8
oid base GSS_KRB5_GET_INITIATOR_SUBKEY_X 1.2.752.43.13.9
oid base GSS_KRB5_GET_ACCEPTOR_SUBKEY_X 1.2.752.43.13.10
oid base GSS_KRB5_SEND_TO_KDC_X 1.2.752.43.13.11
oid base GSS_KRB5_GET_AUTHTIME_X 1.2.752.43.13.12
oid base GSS_KRB5_GET_SERVICE_KEYBLOCK_X 1.2.752.43.13.13
oid base GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X 1.2.752.43.13.14
oid base GSS_KRB5_SET_DEFAULT_REALM_X 1.2.752.43.13.15
oid base GSS_KRB5_CCACHE_NAME_X 1.2.752.43.13.16
oid base GSS_KRB5_SET_TIME_OFFSET_X 1.2.752.43.13.17
oid base GSS_KRB5_GET_TIME_OFFSET_X 1.2.752.43.13.18
oid base GSS_KRB5_PLUGIN_REGISTER_X 1.2.752.43.13.19
oid base GSS_NTLM_GET_SESSION_KEY_X 1.2.752.43.13.20
oid base GSS_C_NT_NTLM 1.2.752.43.13.21
oid base GSS_C_NT_DN 1.2.752.43.13.22
oid base GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL 1.2.752.43.13.23
oid base GSS_C_NTLM_AVGUEST 1.2.752.43.13.24
oid base GSS_C_NTLM_V1 1.2.752.43.13.25
oid base GSS_C_NTLM_V2 1.2.752.43.13.26
oid base GSS_C_NTLM_SESSION_KEY 1.2.752.43.13.27
oid base GSS_C_NTLM_FORCE_V1 1.2.752.43.13.28
oid base GSS_KRB5_CRED_NO_CI_FLAGS_X 1.2.752.43.13.29
oid base GSS_KRB5_IMPORT_CRED_X 1.2.752.43.13.30
# /* glue for gss_inquire_saslname_for_mech */
oid base GSS_C_MA_SASL_MECH_NAME 1.2.752.43.13.100
oid base GSS_C_MA_MECH_NAME 1.2.752.43.13.101
oid base GSS_C_MA_MECH_DESCRIPTION 1.2.752.43.13.102
#/*
# * Digest mechanisms - 1.2.752.43.14
# */
oid base GSS_SASL_DIGEST_MD5_MECHANISM 1.2.752.43.14.1
#/*
# * "Standard" mechs
# */
oid base GSS_KRB5_MECHANISM 1.2.840.113554.1.2.2
oid base GSS_NTLM_MECHANISM 1.3.6.1.4.1.311.2.2.10
oid base GSS_SPNEGO_MECHANISM 1.3.6.1.5.5.2
# /* From Luke Howard */
oid base GSS_C_PEER_HAS_UPDATED_SPNEGO 1.3.6.1.4.1.9513.19.5
#/*
# * OID mappings with name and short description and and slightly longer description
# */
desc mech GSS_KRB5_MECHANISM "Kerberos 5" "Heimdal Kerberos 5 mechanism"
desc mech GSS_NTLM_MECHANISM "NTLM" "Heimdal NTLM mechanism"
desc mech GSS_SPNEGO_MECHANISM "SPNEGO" "Heimdal SPNEGO mechanism"
desc ma GSS_C_MA_MECH_NAME "GSS mech name" "The name of the GSS-API mechanism"
desc ma GSS_C_MA_SASL_MECH_NAME "SASL mechanism name" "The name of the SASL mechanism"
desc ma GSS_C_MA_MECH_DESCRIPTION "Mech description" "The long description of the mechanism"
#/*
# * RFC5587
# */
oid base GSS_C_MA_MECH_CONCRETE 1.3.6.1.5.5.13.1
oid base GSS_C_MA_MECH_PSEUDO 1.3.6.1.5.5.13.2
oid base GSS_C_MA_MECH_COMPOSITE 1.3.6.1.5.5.13.3
oid base GSS_C_MA_MECH_NEGO 1.3.6.1.5.5.13.4
oid base GSS_C_MA_MECH_GLUE 1.3.6.1.5.5.13.5
oid base GSS_C_MA_NOT_MECH 1.3.6.1.5.5.13.6
oid base GSS_C_MA_DEPRECATED 1.3.6.1.5.5.13.7
oid base GSS_C_MA_NOT_DFLT_MECH 1.3.6.1.5.5.13.8
oid base GSS_C_MA_ITOK_FRAMED 1.3.6.1.5.5.13.9
oid base GSS_C_MA_AUTH_INIT 1.3.6.1.5.5.13.10
oid base GSS_C_MA_AUTH_TARG 1.3.6.1.5.5.13.11
oid base GSS_C_MA_AUTH_INIT_INIT 1.3.6.1.5.5.13.12
oid base GSS_C_MA_AUTH_TARG_INIT 1.3.6.1.5.5.13.13
oid base GSS_C_MA_AUTH_INIT_ANON 1.3.6.1.5.5.13.14
oid base GSS_C_MA_AUTH_TARG_ANON 1.3.6.1.5.5.13.15
oid base GSS_C_MA_DELEG_CRED 1.3.6.1.5.5.13.16
oid base GSS_C_MA_INTEG_PROT 1.3.6.1.5.5.13.17
oid base GSS_C_MA_CONF_PROT 1.3.6.1.5.5.13.18
oid base GSS_C_MA_MIC 1.3.6.1.5.5.13.19
oid base GSS_C_MA_WRAP 1.3.6.1.5.5.13.20
oid base GSS_C_MA_PROT_READY 1.3.6.1.5.5.13.21
oid base GSS_C_MA_REPLAY_DET 1.3.6.1.5.5.13.22
oid base GSS_C_MA_OOS_DET 1.3.6.1.5.5.13.23
oid base GSS_C_MA_CBINDINGS 1.3.6.1.5.5.13.24
oid base GSS_C_MA_PFS 1.3.6.1.5.5.13.25
oid base GSS_C_MA_COMPRESS 1.3.6.1.5.5.13.26
oid base GSS_C_MA_CTX_TRANS 1.3.6.1.5.5.13.27
desc ma GSS_C_MA_MECH_CONCRETE "concrete-mech" "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism"
desc ma GSS_C_MA_MECH_PSEUDO "pseudo-mech" ""
desc ma GSS_C_MA_MECH_COMPOSITE "composite-mech" ""
desc ma GSS_C_MA_MECH_NEGO "mech-negotiation-mech" ""
desc ma GSS_C_MA_MECH_GLUE "mech-glue" ""
desc ma GSS_C_MA_NOT_MECH "not-mech" ""
desc ma GSS_C_MA_DEPRECATED "mech-deprecated" ""
desc ma GSS_C_MA_NOT_DFLT_MECH "mech-not-default" ""
desc ma GSS_C_MA_ITOK_FRAMED "initial-is-framed" ""
desc ma GSS_C_MA_AUTH_INIT "auth-init-princ" ""
desc ma GSS_C_MA_AUTH_TARG "auth-targ-princ" ""
desc ma GSS_C_MA_AUTH_INIT_INIT "auth-init-princ-initial" ""
desc ma GSS_C_MA_AUTH_TARG_INIT "auth-targ-princ-initial" ""
desc ma GSS_C_MA_AUTH_INIT_ANON "auth-init-princ-anon" ""
desc ma GSS_C_MA_AUTH_TARG_ANON "auth-targ-princ-anon" ""
desc ma GSS_C_MA_DELEG_CRED "deleg-cred" ""
desc ma GSS_C_MA_INTEG_PROT "integ-prot" ""
desc ma GSS_C_MA_CONF_PROT "conf-prot" ""
desc ma GSS_C_MA_MIC "mic" ""
desc ma GSS_C_MA_WRAP "wrap" ""
desc ma GSS_C_MA_PROT_READY "prot-ready" ""
desc ma GSS_C_MA_REPLAY_DET "replay-detection" ""
desc ma GSS_C_MA_OOS_DET "oos-detection" ""
desc ma GSS_C_MA_CBINDINGS "channel-bindings" ""
desc ma GSS_C_MA_PFS "pfs" ""
desc ma GSS_C_MA_COMPRESS "compress" ""
desc ma GSS_C_MA_CTX_TRANS "context-transfer" ""

49
lib/gssapi/spnego/external.c
View File

@@ -40,6 +40,41 @@
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/
static gss_mo_desc spnego_mo[] = {
{
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
"SPNEGO",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
"SPNEGO",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
"Heimdal SPNEGO Mechanism",
_gss_mo_get_ctx_as_string,
NULL
},
{
GSS_C_MA_MECH_NEGO,
GSS_MO_MA
},
{
GSS_C_MA_MECH_PSEUDO,
GSS_MO_MA
}
};
static gssapi_mech_interface_desc spnego_mech = {
GMI_VERSION,
"spnego",
@@ -84,7 +119,16 @@ static gssapi_mech_interface_desc spnego_mech = {
_gss_spnego_wrap_iov_length,
NULL,
_gss_spnego_export_cred,
_gss_spnego_import_cred
_gss_spnego_import_cred,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
spnego_mo,
sizeof(spnego_mo) / sizeof(spnego_mo[0])
};
gssapi_mech_interface
@@ -92,6 +136,3 @@ __gss_spnego_initialize(void)
{
return &spnego_mech;
}
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc =
{6, (void *)"\x2b\x06\x01\x05\x05\x02"};

6
lib/gssapi/version-script.map
View File

@@ -96,7 +96,11 @@ HEIMDAL_GSS_2.0 {
gsskrb5_set_send_to_kdc;
gsskrb5_set_time_offset;
krb5_gss_register_acceptor_identity;
gss_display_mech_attr;
gss_inquire_attrs_for_mech;
gss_indicate_mechs_by_attrs;
gss_inquire_mech_for_saslname;
gss_inquire_saslname_for_mech;
# _gsskrb5cfx_ are really internal symbols, but export
# then now to make testing easier.