3 files changed, 206 insertions, 2 deletions

diff --git a/proxy/Makefile.am b/proxy/Makefile.am
index 11e780e..4274cef 100644
--- a/proxy/Makefile.am
+++ b/proxy/Makefile.am
@@ -85,7 +85,7 @@ if BUILD_SELINUX
 endif
 
 GP_RPCGEN_OBJ = rpcgen/gp_rpc_xdr.c rpcgen/gss_proxy_xdr.c
-GP_MECHGLUE_OBJ = \
+GP_RPCCLI_OBJ = \
     src/client/gpm_display_status.c \
     src/client/gpm_accept_sec_context.c \
     src/client/gpm_release_handle.c \
@@ -100,6 +100,8 @@ GP_MECHGLUE_OBJ = \
     src/client/gpm_unwrap.c \
     src/client/gpm_wrap_size_limit.c \
     src/client/gpm_common.c
+GP_MECHGLUE_OBJ = \
+    src/mechglue/gss_plugin.c
 
 dist_noinst_HEADERS = \
     rpcgen/gp_rpc.h \
@@ -149,6 +151,7 @@ gssproxy_SOURCES = \
 proxymech_la_SOURCES = \
     src/gp_conv.c \
     $(GP_RPCGEN_OBJ) \
+    $(GP_RPCCLI_OBJ) \
     $(GP_MECHGLUE_OBJ)
 proxymech_la_CFLAGS = \
     $(AM_FLAGS)
@@ -160,7 +163,7 @@ cli_srv_comm_SOURCES = \
     src/gp_conv.c \
     src/gp_debug.c \
     $(GP_RPCGEN_OBJ) \
-    $(GP_MECHGLUE_OBJ) \
+    $(GP_RPCCLI_OBJ) \
     tests/cli_srv_comm.c
 
 gssproxy_LDADD = \
diff --git a/proxy/src/mechglue/gss_plugin.c b/proxy/src/mechglue/gss_plugin.c
new file mode 100644
index 0000000..8612dc6
--- /dev/null
+++ b/proxy/src/mechglue/gss_plugin.c
@@ -0,0 +1,166 @@
+/*
+   GSS-PROXY
+
+   Copyright (C) 2012 Red Hat, Inc.
+   Copyright (C) 2012 Simo Sorce <simo.sorce@redhat.com>
+
+   Permission is hereby granted, free of charge, to any person obtaining a
+   copy of this software and associated documentation files (the "Software"),
+   to deal in the Software without restriction, including without limitation
+   the rights to use, copy, modify, merge, publish, distribute, sublicense,
+   and/or sell copies of the Software, and to permit persons to whom the
+   Software is furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+   THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+   DEALINGS IN THE SOFTWARE.
+*/
+
+#include "gss_plugin.h"
+#include <gssapi/gssapi_krb5.h>
+
+#define KRB5_OID_LEN 9
+#define KRB5_OID "\052\206\110\206\367\022\001\002\002"
+
+#define KRB5_OLD_OID_LEN 5
+#define KRB5_OLD_OID "\053\005\001\005\002"
+
+/* Incorrect krb5 mech OID emitted by MS. */
+#define KRB5_WRONG_OID_LEN 9
+#define KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002"
+
+#define IAKERB_OID_LEN 6
+#define IAKERB_OID "\053\006\001\005\002\005"
+
+const gss_OID_desc gpoid_krb5 = {
+    .length = KRB5_OID_LEN,
+    .elements = KRB5_OID
+};
+const gss_OID_desc gpoid_krb5_old = {
+    .length = KRB5_OLD_OID_LEN,
+    .elements = KRB5_OLD_OID
+};
+const gss_OID_desc gpoid_krb5_wrong = {
+    .length = KRB5_WRONG_OID_LEN,
+    .elements = KRB5_WRONG_OID
+};
+const gss_OID_desc gpoid_iakerb = {
+    .length = IAKERB_OID_LEN,
+    .elements = IAKERB_OID
+};
+
+/* 2.16.840.1.113730.3.8.15.1 */
+const gss_OID_desc gssproxy_mech_interposer = {
+    .length = 11,
+    .elements = "\140\206\110\001\206\370\102\003\010\017\001"
+};
+
+gss_OID_set gss_mech_interposer(gss_OID mech_type)
+{
+    gss_OID_set interposed_mechs;
+    OM_uint32 maj, min;
+
+    interposed_mechs = NULL;
+    maj = 0;
+    if (gss_oid_equal(&gssproxy_mech_interposer, mech_type)) {
+        maj = gss_create_empty_oid_set(&min, &interposed_mechs);
+        if (maj != 0) {
+            return NULL;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_old),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_wrong),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_iakerb),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+    }
+
+done:
+    if (maj != 0) {
+        (void)gss_release_oid_set(&min, &interposed_mechs);
+        interposed_mechs = NULL;
+    }
+
+    return interposed_mechs;
+}
+
+/*
+gssi_acquire_cred
+gssi_release_cred
+gssi_init_sec_context
+gssi_accept_sec_context
+gssi_process_context_token
+gssi_delete_sec_context
+gssi_context_time
+gssi_get_mic
+gssi_verify_mic
+gssi_wrap
+gssi_unwrap
+gssi_display_status
+gssi_indicate_mechs
+gssi_compare_name
+gssi_display_name
+gssi_import_name
+gssi_release_name
+gssi_inquire_cred
+gssi_add_cred
+gssi_export_sec_context
+gssi_import_sec_context
+gssi_inquire_cred_by_mech
+gssi_inquire_names_for_mech
+gssi_inquire_context
+gssi_internal_release_oid
+gssi_wrap_size_limit
+gssi_localname
+gssi_authorize_localname
+gssi_export_name
+gssi_duplicate_name
+gssi_store_cred
+gssi_inquire_sec_context_by_oid
+gssi_inquire_cred_by_oid
+gssi_set_sec_context_option
+gssi_set_cred_option
+gssi_mech_invoke
+gssi_wrap_aead
+gssi_unwrap_aead
+gssi_wrap_iov
+gssi_unwrap_iov
+gssi_wrap_iov_length
+gssi_complete_auth_token
+gssi_acquire_cred_impersonate_name
+gssi_add_cred_impersonate_name
+gssi_display_name_ext
+gssi_inquire_name
+gssi_get_name_attribute
+gssi_set_name_attribute
+gssi_delete_name_attribute
+gssi_export_name_composite
+gssi_map_name_to_any
+gssi_release_any_name_mapping
+gssi_pseudo_random
+gssi_set_neg_mechs
+gssi_inquire_saslname_for_mech
+gssi_inquire_mech_for_saslname
+gssi_inquire_attrs_for_mech
+*/
diff --git a/proxy/src/mechglue/gss_plugin.h b/proxy/src/mechglue/gss_plugin.h
new file mode 100644
index 0000000..2b24e74
--- /dev/null
+++ b/proxy/src/mechglue/gss_plugin.h
@@ -0,0 +1,35 @@
+/*
+   GSS-PROXY
+
+   Copyright (C) 2012 Red Hat, Inc.
+   Copyright (C) 2012 Simo Sorce <simo.sorce@redhat.com>
+
+   Permission is hereby granted, free of charge, to any person obtaining a
+   copy of this software and associated documentation files (the "Software"),
+   to deal in the Software without restriction, including without limitation
+   the rights to use, copy, modify, merge, publish, distribute, sublicense,
+   and/or sell copies of the Software, and to permit persons to whom the
+   Software is furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+   THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+   DEALINGS IN THE SOFTWARE.
+*/
+
+#ifndef _GSS_PLUGIN_H_
+#define _GSS_PLUGIN_H_
+
+#include "src/client/gssapi_gpm.h"
+
+extern const gss_OID_desc gssproxy_mech_interposer;
+
+gss_OID_set gss_mech_interposer(gss_OID mech_type);
+
+#endif /* _GSS_PLUGIN_H_ */