diff options
author | Simo Sorce <simo@redhat.com> | 2012-08-28 14:55:12 +0200 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2012-10-25 15:53:30 -0400 |
commit | 72632725edd5e12bbb74e377b975700af527d971 (patch) | |
tree | 83aeb3f2f60545ee78c256d364aaa40d956e33cd | |
parent | 996edd872f5c8be5947200fc2dc0d8b32f748d9d (diff) | |
download | gss-proxy-72632725edd5e12bbb74e377b975700af527d971.tar.gz gss-proxy-72632725edd5e12bbb74e377b975700af527d971.tar.xz gss-proxy-72632725edd5e12bbb74e377b975700af527d971.zip |
Implement misc spi calls
-rw-r--r-- | proxy/Makefile.am | 1 | ||||
-rw-r--r-- | proxy/src/mechglue/gpp_misc.c | 185 | ||||
-rw-r--r-- | proxy/src/mechglue/gss_plugin.h | 33 |
3 files changed, 219 insertions, 0 deletions
diff --git a/proxy/Makefile.am b/proxy/Makefile.am index baeff16..d6b1299 100644 --- a/proxy/Makefile.am +++ b/proxy/Makefile.am @@ -110,6 +110,7 @@ GP_MECHGLUE_OBJ = \ src/mechglue/gpp_import_and_canon_name.c \ src/mechglue/gpp_indicate_mechs.c \ src/mechglue/gpp_priv_integ.c \ + src/mechglue/gpp_misc.c \ src/mechglue/gss_plugin.c dist_noinst_HEADERS = \ diff --git a/proxy/src/mechglue/gpp_misc.c b/proxy/src/mechglue/gpp_misc.c new file mode 100644 index 0000000..f97d97e --- /dev/null +++ b/proxy/src/mechglue/gpp_misc.c @@ -0,0 +1,185 @@ +/* + GSS-PROXY + + Copyright (C) 2012 Red Hat, Inc. + Copyright (C) 2012 Simo Sorce <simo.sorce@redhat.com> + + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the "Software"), + to deal in the Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. +*/ + +#include "gss_plugin.h" + +OM_uint32 gssi_mech_invoke(OM_uint32 *minor_status, + const gss_OID desired_mech, + const gss_OID desired_object, + gss_buffer_t value) +{ + enum gpp_behavior behavior; + OM_uint32 maj, min; + + /* FIXME: implement remote invoke mech, only local for now */ + behavior = gpp_get_behavior(); + if (behavior == GPP_REMOTE_ONLY) { + return GSS_S_UNAVAILABLE; + } + + maj = gssspi_mech_invoke(&min, gpp_special_mech(desired_mech), + desired_object, value); + + *minor_status = gpp_map_error(min); + return maj; +} + +/* NOTE: This call is currently useful only for the Spnego mech which we + * never interpose */ +#if 0 +OM_uint32 gssi_set_neg_mechs(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + const gss_OID_set mech_set); +#endif + +/* NOTE: I know of no mechanism that uses this yet, although NTLM might */ +#if 0 +OM_uint32 gssi_complete_auth_token(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer); +#endif + +OM_uint32 gssi_localname(OM_uint32 *minor_status, const gss_name_t name, + gss_OID mech_type, gss_buffer_t localname) +{ + struct gpp_name_handle *gpname; + OM_uint32 maj, min; + + *minor_status = 0; + if (name == GSS_C_NO_NAME) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + /* FIXME: implement remote localname lookup ? Only local for now */ + gpname = (struct gpp_name_handle *)name; + if (gpname->remote && !gpname->local) { + maj = gpp_name_to_local(&min, gpname->remote, + mech_type, &gpname->local); + if (maj) { + goto done; + } + } + + maj = gss_localname(&min, gpname->local, + gpp_special_mech(mech_type), + localname); + +done: + *minor_status = gpp_map_error(min); + return maj; +} + +OM_uint32 gssi_authorize_localname(OM_uint32 *minor_status, + const gss_name_t name, + gss_buffer_t local_user, + gss_OID local_nametype) +{ + struct gpp_name_handle *gpname; + gss_name_t username = GSS_C_NO_NAME; + OM_uint32 maj, min; + + *minor_status = 0; + if (name == GSS_C_NO_NAME) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + /* FIXME: implement remote localname lookup ? Only local for now */ + gpname = (struct gpp_name_handle *)name; + if (gpname->remote && !gpname->local) { + maj = gpp_name_to_local(&min, gpname->remote, + gpname->mech_type, &gpname->local); + if (maj != GSS_S_COMPLETE) { + goto done; + } + } + + maj = gss_import_name(&min, local_user, local_nametype, &username); + if (maj != GSS_S_COMPLETE) { + goto done; + } + + maj = gss_authorize_localname(&min, gpname->local, username); + +done: + *minor_status = gpp_map_error(min); + (void)gss_release_name(&min, &username); + return maj; +} + +OM_uint32 gssi_map_name_to_any(OM_uint32 *minor_status, gss_name_t name, + int authenticated, gss_buffer_t type_id, + gss_any_t *output) +{ + struct gpp_name_handle *gpname; + OM_uint32 maj, min; + + *minor_status = 0; + if (name == GSS_C_NO_NAME) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + /* FIXME: implement remote localname lookup ? Only local for now */ + gpname = (struct gpp_name_handle *)name; + if (gpname->remote && !gpname->local) { + maj = gpp_name_to_local(&min, gpname->remote, + gpname->mech_type, &gpname->local); + if (maj != GSS_S_COMPLETE) { + goto done; + } + } + + maj = gss_map_name_to_any(&min, gpname->local, + authenticated, type_id, output); + +done: + *minor_status = gpp_map_error(min); + return maj; +} + +OM_uint32 gssi_release_any_name_mapping(OM_uint32 *minor_status, + gss_name_t name, + gss_buffer_t type_id, + gss_any_t *input) +{ + struct gpp_name_handle *gpname; + OM_uint32 maj, min; + + *minor_status = 0; + if (name == GSS_C_NO_NAME) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + /* FIXME: implement remote localname lookup ? Only local for now */ + gpname = (struct gpp_name_handle *)name; + if (!gpname->local) { + return GSS_S_UNAVAILABLE; + } + + maj = gss_release_any_name_mapping(&min, gpname->local, type_id, input); + + *minor_status = gpp_map_error(min); + return maj; + +} diff --git a/proxy/src/mechglue/gss_plugin.h b/proxy/src/mechglue/gss_plugin.h index e69e1ec..7dcacec 100644 --- a/proxy/src/mechglue/gss_plugin.h +++ b/proxy/src/mechglue/gss_plugin.h @@ -385,4 +385,37 @@ OM_uint32 gssi_verify_mic(OM_uint32 *minor_status, gss_buffer_t message_token, gss_qop_t *qop_state); +OM_uint32 gssi_mech_invoke(OM_uint32 *minor_status, + const gss_OID desired_mech, + const gss_OID desired_object, + gss_buffer_t value); + +#if 0 +OM_uint32 gssi_set_neg_mechs(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + const gss_OID_set mech_set); +#endif +#if 0 +OM_uint32 gssi_complete_auth_token(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer); +#endif + +OM_uint32 gssi_localname(OM_uint32 *minor_status, const gss_name_t name, + gss_OID mech_type, gss_buffer_t localname); + +OM_uint32 gssi_authorize_localname(OM_uint32 *minor_status, + const gss_name_t name, + gss_buffer_t local_user, + gss_OID local_nametype); + +OM_uint32 gssi_map_name_to_any(OM_uint32 *minor_status, gss_name_t name, + int authenticated, gss_buffer_t type_id, + gss_any_t *output); + +OM_uint32 gssi_release_any_name_mapping(OM_uint32 *minor_status, + gss_name_t name, + gss_buffer_t type_id, + gss_any_t *input); + #endif /* _GSS_PLUGIN_H_ */ |