diff options
Diffstat (limited to 'proxy/src/mechglue/gss_plugin.c')
| -rw-r--r-- | proxy/src/mechglue/gss_plugin.c | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/proxy/src/mechglue/gss_plugin.c b/proxy/src/mechglue/gss_plugin.c index ba41e80..a0a0aab 100644 --- a/proxy/src/mechglue/gss_plugin.c +++ b/proxy/src/mechglue/gss_plugin.c @@ -113,6 +113,66 @@ done: return interposed_mechs; } + +#define SP_KRB5_OID_LEN (KRB5_OID_LEN + 1) +#define SP_KRB5_OID "\377" KRB5_OID + +#define SP_KRB5_OLD_OID_LEN (KRB5_OLD_OID_LEN + 1) +#define SP_KRB5_OLD_OID "\377" KRB5_OLD_OID + +#define SP_KRB5_WRONG_OID_LEN (KRB5_WRONG_OID_LEN + 1) +#define SP_KRB5_WRONG_OID "\377" KRB5_WRONG_OID + +#define SP_IAKERB_OID_LEN (IAKERB_OID_LEN + 1) +#define SP_IAKERB_OID "\377" IAKERB_OID + +const gss_OID_desc gpoid_sp_krb5 = { + .length = SP_KRB5_OID_LEN, + .elements = SP_KRB5_OID +}; +const gss_OID_desc gpoid_sp_krb5_old = { + .length = SP_KRB5_OLD_OID_LEN, + .elements = SP_KRB5_OLD_OID +}; +const gss_OID_desc gpoid_sp_krb5_wrong = { + .length = SP_KRB5_WRONG_OID_LEN, + .elements = SP_KRB5_WRONG_OID +}; +const gss_OID_desc gpoid_sp_iakerb = { + .length = SP_IAKERB_OID_LEN, + .elements = SP_IAKERB_OID +}; +/* In future we may want to make this structure dynamic so we can proxy + * arbitrary mechanisms based on what the server returns. */ +struct gpm_mechs { + gss_OID_desc const * real; + gss_OID_desc const * special; +} gpm_mechs[] = { + { &gpoid_krb5, &gpoid_sp_krb5, }, + { &gpoid_krb5_old, &gpoid_sp_krb5_old, }, + { &gpoid_krb5_wrong, &gpoid_sp_krb5_wrong, }, + { &gpoid_iakerb, &gpoid_sp_iakerb, }, + { NULL, NULL } +}; + +const gss_OID gpm_special_mech(const gss_OID mech_type) +{ + int i; + + if (mech_type == GSS_C_NO_OID) { + /* return the first special one if none specified */ + return (const gss_OID)gpm_mechs[0].special; + } + + for (i = 0; gpm_mechs[i].real != NULL; i++) { + if (gss_oid_equal(gpm_mechs[i].real, mech_type)) { + return (const gss_OID)gpm_mechs[i].special; + } + } + + return mech_type; +} + /* gssi_acquire_cred gssi_release_cred |