/* GSS-PROXY Copyright (C) 2012 Red Hat, Inc. Copyright (C) 2012 Simo Sorce Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ #include "gss_plugin.h" #include #define KRB5_OID_LEN 9 #define KRB5_OID "\052\206\110\206\367\022\001\002\002" #define KRB5_OLD_OID_LEN 5 #define KRB5_OLD_OID "\053\005\001\005\002" /* Incorrect krb5 mech OID emitted by MS. */ #define KRB5_WRONG_OID_LEN 9 #define KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002" #define IAKERB_OID_LEN 6 #define IAKERB_OID "\053\006\001\005\002\005" const gss_OID_desc gpoid_krb5 = { .length = KRB5_OID_LEN, .elements = KRB5_OID }; const gss_OID_desc gpoid_krb5_old = { .length = KRB5_OLD_OID_LEN, .elements = KRB5_OLD_OID }; const gss_OID_desc gpoid_krb5_wrong = { .length = KRB5_WRONG_OID_LEN, .elements = KRB5_WRONG_OID }; const gss_OID_desc gpoid_iakerb = { .length = IAKERB_OID_LEN, .elements = IAKERB_OID }; /* 2.16.840.1.113730.3.8.15.1 */ const gss_OID_desc gssproxy_mech_interposer = { .length = 11, .elements = "\140\206\110\001\206\370\102\003\010\017\001" }; gss_OID_set gss_mech_interposer(gss_OID mech_type) { gss_OID_set interposed_mechs; OM_uint32 maj, min; interposed_mechs = NULL; maj = 0; if (gss_oid_equal(&gssproxy_mech_interposer, mech_type)) { maj = gss_create_empty_oid_set(&min, &interposed_mechs); if (maj != 0) { return NULL; } maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5), &interposed_mechs); if (maj != 0) { goto done; } maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_old), &interposed_mechs); if (maj != 0) { goto done; } maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_wrong), &interposed_mechs); if (maj != 0) { goto done; } maj = gss_add_oid_set_member(&min, no_const(&gpoid_iakerb), &interposed_mechs); if (maj != 0) { goto done; } } done: if (maj != 0) { (void)gss_release_oid_set(&min, &interposed_mechs); interposed_mechs = NULL; } return interposed_mechs; } /* gssi_acquire_cred gssi_release_cred gssi_init_sec_context gssi_accept_sec_context gssi_process_context_token gssi_delete_sec_context gssi_context_time gssi_get_mic gssi_verify_mic gssi_wrap gssi_unwrap gssi_display_status gssi_indicate_mechs gssi_compare_name gssi_display_name gssi_import_name gssi_release_name gssi_inquire_cred gssi_add_cred gssi_export_sec_context gssi_import_sec_context gssi_inquire_cred_by_mech gssi_inquire_names_for_mech gssi_inquire_context gssi_internal_release_oid gssi_wrap_size_limit gssi_localname gssi_authorize_localname gssi_export_name gssi_duplicate_name gssi_store_cred gssi_inquire_sec_context_by_oid gssi_inquire_cred_by_oid gssi_set_sec_context_option gssi_set_cred_option gssi_mech_invoke gssi_wrap_aead gssi_unwrap_aead gssi_wrap_iov gssi_unwrap_iov gssi_wrap_iov_length gssi_complete_auth_token gssi_acquire_cred_impersonate_name gssi_add_cred_impersonate_name gssi_display_name_ext gssi_inquire_name gssi_get_name_attribute gssi_set_name_attribute gssi_delete_name_attribute gssi_export_name_composite gssi_map_name_to_any gssi_release_any_name_mapping gssi_pseudo_random gssi_set_neg_mechs gssi_inquire_saslname_for_mech gssi_inquire_mech_for_saslname gssi_inquire_attrs_for_mech */