summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2013-01-11 13:21:02 +0100
committerGünther Deschner <gd@samba.org>2013-01-11 20:31:31 +0100
commit39784e952b1cacf795e18ea036ed1052a1bc677d (patch)
tree0c57c2068da644366e3b692f9f27596293304f4e
parentbca8e86b4aebb123f71d8d503ca98050a64cfe73 (diff)
downloadkrb5-proxymech.tar.gz
krb5-proxymech.tar.xz
krb5-proxymech.zip
Add reenter gssapi interposer plugin.proxymech
Once finished, this module is supposed to just reenter into gssapi.
Diffstat
-rw-r--r--src/Makefile.in4
-rw-r--r--src/configure.in1
-rw-r--r--src/plugins/gssapi/interposer/Makefile.in37
-rw-r--r--src/plugins/gssapi/interposer/deps7
-rw-r--r--src/plugins/gssapi/interposer/reenter.exports49
-rw-r--r--src/plugins/gssapi/interposer/reenter.h40
-rw-r--r--src/plugins/gssapi/interposer/reenter_gssi.c741
-rw-r--r--src/plugins/gssapi/interposer/reenter_gssi.h344
-rw-r--r--src/plugins/gssapi/interposer/reenter_main.c126
9 files changed, 1348 insertions, 1 deletions
diff --git a/src/Makefile.in b/src/Makefile.in
index eef705cccb..a805177a87 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -13,6 +13,7 @@ SUBDIRS=util include lib \
plugins/kdb/db2 \
@ldap_plugin_dir@ \
plugins/preauth/pkinit \
+ plugins/gssapi/interposer \
kdc kadmin slave clients appl tests \
config-files gen-manpages man doc @po@
WINSUBDIRS=include util lib ccapi windows clients appl
@@ -62,7 +63,8 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROOT) $(KRB5OTHERMKDIRS) \
$(KRB5_AD_MODULE_DIR) \
$(KRB5_LIBKRB5_MODULE_DIR) \
@localstatedir@ @localstatedir@/krb5kdc \
- $(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR)
+ $(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) \
+ $(GSS_MODULE_DIR)
install-strip:
$(MAKE) install INSTALL_STRIP=-s
diff --git a/src/configure.in b/src/configure.in
index 7154f686bd..2b711bc124 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -1342,6 +1342,7 @@ dnl ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test
plugins/authdata/greet
plugins/authdata/greet_client
plugins/authdata/greet_server
+ plugins/gssapi/interposer
clients clients/klist clients/kinit clients/kvno
clients/kdestroy clients/kpasswd clients/ksu clients/kswitch
diff --git a/src/plugins/gssapi/interposer/Makefile.in b/src/plugins/gssapi/interposer/Makefile.in
new file mode 100644
index 0000000000..e1e5059e16
--- /dev/null
+++ b/src/plugins/gssapi/interposer/Makefile.in
@@ -0,0 +1,37 @@
+mydir=plugins$(S)gssapi$(S)interposer
+BUILDTOP=$(REL)..$(S)..$(S)..
+KRB5_RUN_ENV = @KRB5_RUN_ENV@
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+MODULE_INSTALL_DIR = $(GSS_MODULE_DIR)
+DEFS=@DEFS@
+
+LOCALINCLUDES = -I../../../include/gssapi -I.
+
+LIBBASE=reenter
+LIBMAJOR=0
+LIBMINOR=0
+SO_EXT=.so
+RELDIR=../plugins/gssapi/interposer
+# Depends on
+SHLIB_EXPDEPS =
+SHLIB_EXPLIBS= -lgssapi_krb5 $(SUPPORT_LIB) $(LIBS)
+
+SHLIB_DIRS=-L$(TOPLIBD)
+SHLIB_RDIRS=$(KRB5_LIBDIR)
+STOBJLISTS=OBJS.ST
+STLIBOBJS=reenter_main.o reenter_gssi.o
+
+SRCS=reenter_main.c reenter_gssi.c
+
+all-unix:: $(LIBBASE)$(SO_EXT)
+install-unix:: install-libs
+clean-unix:: clean-libs clean-libobjs
+
+clean::
+ $(RM) lib$(LIBBASE)$(SO_EXT)
+
+@libnover_frag@
+@libobj_frag@
+
diff --git a/src/plugins/gssapi/interposer/deps b/src/plugins/gssapi/interposer/deps
new file mode 100644
index 0000000000..adff01b8e2
--- /dev/null
+++ b/src/plugins/gssapi/interposer/deps
@@ -0,0 +1,7 @@
+#
+# Generated makefile dependencies follow.
+#
+reenter.so $(OUTPRE)reenter.$(OBJEXT): \
+ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
+ $(COM_ERR_DEPS) \
+ reenter_main.c reenter_gssi.c
diff --git a/src/plugins/gssapi/interposer/reenter.exports b/src/plugins/gssapi/interposer/reenter.exports
new file mode 100644
index 0000000000..2e4e0d7952
--- /dev/null
+++ b/src/plugins/gssapi/interposer/reenter.exports
@@ -0,0 +1,49 @@
+gssi_acquire_cred
+gssi_add_cred
+gssi_acquire_cred_with_password
+gssi_inquire_cred
+gssi_inquire_cred_by_mech
+gssi_inquire_cred_by_oid
+gssi_set_cred_option
+gssi_store_cred
+gssi_release_cred
+gssi_export_sec_context
+gssi_import_sec_context
+gssi_process_context_token
+gssi_context_time
+gssi_inquire_context
+gssi_inquire_sec_context_by_oid
+gssi_set_sec_context_option
+gssi_pseudo_random
+gssi_delete_sec_context
+gssi_accept_sec_context
+gssi_init_sec_context
+gssi_display_status
+gssi_display_name
+gssi_display_name_ext
+gssi_import_name
+gssi_release_name
+gssi_export_name
+gssi_export_name_composite
+gssi_duplicate_name
+gssi_compare_name
+gssi_inquire_name
+gssi_get_name_attribute
+gssi_set_name_attribute
+gssi_delete_name_attribute
+gssi_indicate_mechs
+gssi_inquire_names_for_mech
+gssi_inquire_attrs_for_mech
+gssi_inquire_saslname_for_mech
+gssi_inquire_mech_for_saslname
+gssi_wrap
+gssi_wrap_size_limit
+gssi_wrap_iov
+gssi_wrap_iov_length
+gssi_wrap_aead
+gssi_unwrap
+gssi_unwrap_iov
+gssi_unwrap_aead
+gssi_get_mic
+gssi_verify_mic
+gss_mech_interposer
diff --git a/src/plugins/gssapi/interposer/reenter.h b/src/plugins/gssapi/interposer/reenter.h
new file mode 100644
index 0000000000..b9470f4d85
--- /dev/null
+++ b/src/plugins/gssapi/interposer/reenter.h
@@ -0,0 +1,40 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2013 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Red Hat, Inc., nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _REENTER_H_
+#define _REENTER_H_
+
+#define LOG(fn) \
+ do { \
+ fprintf(stderr, "reenter: " #fn "\n"); \
+ } while (0);
+
+#endif /* _REENTER_H_ */
diff --git a/src/plugins/gssapi/interposer/reenter_gssi.c b/src/plugins/gssapi/interposer/reenter_gssi.c
new file mode 100644
index 0000000000..802fb1a77a
--- /dev/null
+++ b/src/plugins/gssapi/interposer/reenter_gssi.c
@@ -0,0 +1,741 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2013 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Red Hat, Inc., nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <stdio.h>
+#include <string.h>
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+
+#include "reenter.h"
+#include "reenter_gssi.h"
+
+OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status,
+ const gss_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *time_rec)
+{
+ LOG(gssi_acquire_cred);
+ return gss_acquire_cred(minor_status,
+ desired_name,
+ time_req,
+ desired_mechs,
+ cred_usage,
+ output_cred_handle,
+ actual_mechs,
+ time_rec);
+}
+
+OM_uint32 gssi_add_cred(OM_uint32 *minor_status,
+ const gss_cred_id_t input_cred_handle,
+ const gss_name_t desired_name,
+ const gss_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ OM_uint32 initiator_time_req,
+ OM_uint32 acceptor_time_req,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *initiator_time_rec,
+ OM_uint32 *acceptor_time_rec)
+{
+ LOG(gssi_add_cred);
+ return gss_add_cred(minor_status,
+ input_cred_handle,
+ desired_name,
+ desired_mech,
+ cred_usage,
+ initiator_time_req,
+ acceptor_time_req,
+ output_cred_handle,
+ actual_mechs,
+ initiator_time_rec,
+ acceptor_time_rec);
+}
+
+OM_uint32 gssi_acquire_cred_with_password(OM_uint32 *minor_status,
+ const gss_name_t desired_name,
+ const gss_buffer_t password,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *time_rec)
+{
+ LOG(gssi_acquire_cred_with_password);
+ return gss_acquire_cred_with_password(minor_status,
+ desired_name,
+ password,
+ time_req,
+ desired_mechs,
+ cred_usage,
+ output_cred_handle,
+ actual_mechs,
+ time_rec);
+}
+
+OM_uint32 gssi_inquire_cred(OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ gss_name_t *name,
+ OM_uint32 *lifetime,
+ gss_cred_usage_t *cred_usage,
+ gss_OID_set *mechanisms)
+{
+ LOG(gssi_inquire_cred);
+ return gss_inquire_cred(minor_status,
+ cred_handle,
+ name,
+ lifetime,
+ cred_usage,
+ mechanisms);
+}
+
+OM_uint32 gssi_inquire_cred_by_mech(OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ gss_OID mech_type,
+ gss_name_t *name,
+ OM_uint32 *initiator_lifetime,
+ OM_uint32 *acceptor_lifetime,
+ gss_cred_usage_t *cred_usage)
+{
+ LOG(gssi_inquire_cred_by_mech);
+ return gss_inquire_cred_by_mech(minor_status,
+ cred_handle,
+ mech_type,
+ name,
+ initiator_lifetime,
+ acceptor_lifetime,
+ cred_usage);
+}
+
+OM_uint32 gssi_inquire_cred_by_oid(OM_uint32 *minor_status,
+ const gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+{
+ LOG(gssi_inquire_cred_by_oid);
+ return gss_inquire_cred_by_oid(minor_status,
+ cred_handle,
+ desired_object,
+ data_set);
+}
+
+OM_uint32 gssi_set_cred_option(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ LOG(gssi_set_cred_option);
+ return gss_set_cred_option(minor_status,
+ cred_handle,
+ desired_object,
+ value);
+}
+
+OM_uint32 gssi_store_cred(OM_uint32 *minor_status,
+ const gss_cred_id_t input_cred_handle,
+ gss_cred_usage_t input_usage,
+ const gss_OID desired_mech,
+ OM_uint32 overwrite_cred,
+ OM_uint32 default_cred,
+ gss_OID_set *elements_stored,
+ gss_cred_usage_t *cred_usage_stored)
+{
+ LOG(gssi_store_cred);
+ return gss_store_cred(minor_status,
+ input_cred_handle,
+ input_usage,
+ desired_mech,
+ overwrite_cred,
+ default_cred,
+ elements_stored,
+ cred_usage_stored);
+}
+
+OM_uint32 gssi_release_cred(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle)
+{
+ LOG(gssi_release_cred);
+ return gss_release_cred(minor_status,
+ cred_handle);
+}
+
+OM_uint32 gssi_export_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_buffer_t interprocess_token)
+{
+ LOG(gssi_export_sec_context);
+ return gss_export_sec_context(minor_status,
+ context_handle,
+ interprocess_token);
+}
+
+OM_uint32 gssi_import_sec_context(OM_uint32 *minor_status,
+ gss_buffer_t interprocess_token,
+ gss_ctx_id_t *context_handle)
+{
+ LOG(gssi_import_sec_context);
+ return gss_import_sec_context(minor_status,
+ interprocess_token,
+ context_handle);
+}
+
+OM_uint32 gssi_process_context_token(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t token_buffer)
+{
+ LOG(gssi_process_context_token);
+ return gss_process_context_token(minor_status,
+ context_handle,
+ token_buffer);
+}
+
+OM_uint32 gssi_context_time(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ OM_uint32 *time_rec)
+{
+ LOG(gssi_context_time);
+ return gss_context_time(minor_status,
+ context_handle,
+ time_rec);
+}
+
+OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_name_t *src_name,
+ gss_name_t *targ_name,
+ OM_uint32 *lifetime_rec,
+ gss_OID *mech_type,
+ OM_uint32 *ctx_flags,
+ int *locally_initiated,
+ int *open)
+{
+ LOG(gssi_inquire_context);
+ return gss_inquire_context(minor_status,
+ context_handle,
+ src_name,
+ targ_name,
+ lifetime_rec,
+ mech_type,
+ ctx_flags,
+ locally_initiated,
+ open);
+}
+
+OM_uint32 gssi_inquire_sec_context_by_oid(OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set)
+{
+ LOG(gssi_inquire_sec_context_by_oid);
+ return gss_inquire_sec_context_by_oid(minor_status,
+ context_handle,
+ desired_object,
+ data_set);
+}
+
+OM_uint32 gssi_set_sec_context_option(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ LOG(gssi_set_sec_context_option);
+ return gss_set_sec_context_option(minor_status,
+ context_handle,
+ desired_object,
+ value);
+}
+
+OM_uint32 gssi_pseudo_random(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ ssize_t desired_output_len,
+ gss_buffer_t prf_out)
+{
+ LOG(gssi_pseudo_random);
+ return gss_pseudo_random(minor_status,
+ context_handle,
+ prf_key,
+ prf_in,
+ desired_output_len,
+ prf_out);
+}
+
+OM_uint32 gssi_delete_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_buffer_t output_token)
+{
+ LOG(gssi_delete_sec_context);
+ return gss_delete_sec_context(minor_status,
+ context_handle,
+ output_token);
+}
+
+OM_uint32 gssi_accept_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_cred_id_t acceptor_cred_handle,
+ gss_buffer_t input_token_buffer,
+ gss_channel_bindings_t input_chan_bindings,
+ gss_name_t *src_name,
+ gss_OID *mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 *ret_flags,
+ OM_uint32 *time_rec,
+ gss_cred_id_t *delegated_cred_handle)
+{
+ LOG(gssi_accept_sec_context);
+ return gss_accept_sec_context(minor_status,
+ context_handle,
+ acceptor_cred_handle,
+ input_token_buffer,
+ input_chan_bindings,
+ src_name,
+ mech_type,
+ output_token,
+ ret_flags,
+ time_rec,
+ delegated_cred_handle);
+}
+
+OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status,
+ gss_cred_id_t claimant_cred_handle,
+ gss_ctx_id_t *context_handle,
+ gss_name_t target_name,
+ gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ gss_channel_bindings_t input_cb,
+ gss_buffer_t input_token,
+ gss_OID *actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 *ret_flags,
+ OM_uint32 *time_rec)
+{
+ LOG(gssi_init_sec_context);
+ return gss_init_sec_context(minor_status,
+ claimant_cred_handle,
+ context_handle,
+ target_name,
+ mech_type,
+ req_flags,
+ time_req,
+ input_cb,
+ input_token,
+ actual_mech_type,
+ output_token,
+ ret_flags,
+ time_rec);
+}
+
+OM_uint32 gssi_display_status(OM_uint32 *minor_status,
+ OM_uint32 status_value,
+ int status_type,
+ const gss_OID mech_type,
+ OM_uint32 *message_context,
+ gss_buffer_t status_string)
+{
+ LOG(gssi_display_status);
+ return gss_display_status(minor_status,
+ status_value,
+ status_type,
+ mech_type,
+ message_context,
+ status_string);
+}
+
+OM_uint32 gssi_display_name(OM_uint32 *minor_status,
+ gss_name_t input_name,
+ gss_buffer_t output_name_buffer,
+ gss_OID *output_name_type)
+{
+ LOG(gssi_display_name);
+ return gss_display_name(minor_status,
+ input_name,
+ output_name_buffer,
+ output_name_type);
+}
+
+OM_uint32 gssi_display_name_ext(OM_uint32 *minor_status,
+ gss_name_t name,
+ gss_OID display_as_name_type,
+ gss_buffer_t display_name)
+{
+ LOG(gssi_display_name_ext);
+ return gss_display_name_ext(minor_status,
+ name,
+ display_as_name_type,
+ display_name);
+}
+
+OM_uint32 gssi_import_name(OM_uint32 *minor_status,
+ gss_buffer_t input_name_buffer,
+ gss_OID input_name_type,
+ gss_name_t *output_name)
+{
+ LOG(gssi_import_name);
+ return gss_import_name(minor_status,
+ input_name_buffer,
+ input_name_type,
+ output_name);
+}
+
+OM_uint32 gssi_release_name(OM_uint32 *minor_status,
+ gss_name_t *input_name)
+{
+ LOG(gssi_release_name);
+ return gss_release_name(minor_status,
+ input_name);
+}
+
+OM_uint32 gssi_export_name(OM_uint32 *minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t exported_name)
+{
+ LOG(gssi_export_name);
+ return gss_export_name(minor_status,
+ input_name,
+ exported_name);
+}
+
+OM_uint32 gssi_export_name_composite(OM_uint32 *minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t exported_composite_name)
+{
+ LOG(gssi_export_name_composite);
+ return gss_export_name_composite(minor_status,
+ input_name,
+ exported_composite_name);
+}
+
+OM_uint32 gssi_duplicate_name(OM_uint32 *minor_status,
+ const gss_name_t input_name,
+ gss_name_t *dest_name)
+{
+ LOG(gssi_duplicate_name);
+ return gss_duplicate_name(minor_status,
+ input_name,
+ dest_name);
+}
+
+OM_uint32 gssi_compare_name(OM_uint32 *minor_status,
+ gss_name_t name1,
+ gss_name_t name2,
+ int *name_equal)
+{
+ LOG(gssi_compare_name);
+ return gss_compare_name(minor_status,
+ name1,
+ name2,
+ name_equal);
+}
+
+OM_uint32 gssi_inquire_name(OM_uint32 *minor_status,
+ gss_name_t name,
+ int *name_is_NM,
+ gss_OID *NM_mech,
+ gss_buffer_set_t *attrs)
+{
+ LOG(gssi_inquire_name);
+ return gss_inquire_name(minor_status,
+ name,
+ name_is_NM,
+ NM_mech,
+ attrs);
+}
+
+OM_uint32 gssi_get_name_attribute(OM_uint32 *minor_status,
+ gss_name_t input_name,
+ gss_buffer_t attr,
+ int *authenticated,
+ int *complete,
+ gss_buffer_t value,
+ gss_buffer_t display_value,
+ int *more)
+{
+ LOG(gssi_get_name_attribute);
+ return gss_get_name_attribute(minor_status,
+ input_name,
+ attr,
+ authenticated,
+ complete,
+ value,
+ display_value,
+ more);
+}
+
+OM_uint32 gssi_set_name_attribute(OM_uint32 *minor_status,
+ gss_name_t input_name,
+ int complete,
+ gss_buffer_t attr,
+ gss_buffer_t value)
+{
+ LOG(gssi_set_name_attribute);
+ return gss_set_name_attribute(minor_status,
+ input_name,
+ complete,
+ attr,
+ value);
+}
+
+OM_uint32 gssi_delete_name_attribute(OM_uint32 *minor_status,
+ gss_name_t input_name,
+ gss_buffer_t attr)
+{
+ LOG(gssi_delete_name_attribute);
+ return gss_delete_name_attribute(minor_status,
+ input_name,
+ attr);
+}
+
+OM_uint32 gssi_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set)
+{
+ LOG(gssi_indicate_mechs);
+ return gss_indicate_mechs(minor_status, mech_set);
+}
+
+OM_uint32 gssi_inquire_names_for_mech(OM_uint32 *minor_status,
+ gss_OID mech_type,
+ gss_OID_set *mech_names)
+{
+ LOG(gssi_inquire_names_for_mech);
+ return gss_inquire_names_for_mech(minor_status,
+ mech_type,
+ mech_names);
+}
+
+OM_uint32 gssi_inquire_attrs_for_mech(OM_uint32 *minor_status,
+ gss_OID mech,
+ gss_OID_set *mech_attrs,
+ gss_OID_set *known_mech_attrs)
+{
+ LOG(gssi_inquire_attrs_for_mech);
+ return gss_inquire_attrs_for_mech(minor_status,
+ mech,
+ mech_attrs,
+ known_mech_attrs);
+}
+
+OM_uint32 gssi_inquire_saslname_for_mech(OM_uint32 *minor_status,
+ const gss_OID desired_mech,
+ gss_buffer_t sasl_mech_name,
+ gss_buffer_t mech_name,
+ gss_buffer_t mech_description)
+{
+ LOG(gssi_inquire_saslname_for_mech);
+ return gss_inquire_saslname_for_mech(minor_status,
+ desired_mech,
+ sasl_mech_name,
+ mech_name,
+ mech_description);
+}
+
+OM_uint32 gssi_inquire_mech_for_saslname(OM_uint32 *minor_status,
+ const gss_buffer_t sasl_mech_name,
+ gss_OID *mech_type)
+{
+ LOG(gssi_inquire_mech_for_saslname);
+ return gss_inquire_mech_for_saslname(minor_status,
+ sasl_mech_name,
+ mech_type);
+}
+
+OM_uint32 gssi_wrap(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_message_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer)
+{
+ LOG(gssi_wrap);
+ return gss_wrap(minor_status,
+ context_handle,
+ conf_req_flag,
+ qop_req,
+ input_message_buffer,
+ conf_state,
+ output_message_buffer);
+}
+
+OM_uint32 gssi_wrap_size_limit(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 *max_input_size)
+{
+ LOG(gssi_wrap_size_limit);
+ return gss_wrap_size_limit(minor_status,
+ context_handle,
+ conf_req_flag,
+ qop_req,
+ req_output_size,
+ max_input_size);
+}
+
+OM_uint32 gssi_wrap_iov(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ LOG(gssi_wrap_iov);
+ return gss_wrap_iov(minor_status,
+ context_handle,
+ conf_req_flag,
+ qop_req,
+ conf_state,
+ iov,
+ iov_count);
+}
+
+OM_uint32 gssi_wrap_iov_length(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ LOG(gssi_wrap_iov_length);
+ return gss_wrap_iov_length(minor_status,
+ context_handle,
+ conf_req_flag,
+ qop_req,
+ conf_state,
+ iov,
+ iov_count);
+}
+
+OM_uint32 gssi_wrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t input_payload_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer)
+{
+ LOG(gssi_wrap_aead);
+ return gss_wrap_aead(minor_status,
+ context_handle,
+ conf_req_flag,
+ qop_req,
+ input_assoc_buffer,
+ input_payload_buffer,
+ conf_state,
+ output_message_buffer);
+}
+
+OM_uint32 gssi_unwrap(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state)
+{
+ LOG(gssi_unwrap);
+ return gss_unwrap(minor_status,
+ context_handle,
+ input_message_buffer,
+ output_message_buffer,
+ conf_state,
+ qop_state);
+}
+
+OM_uint32 gssi_unwrap_iov(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ LOG(gssi_unwrap_iov);
+ return gss_unwrap_iov(minor_status,
+ context_handle,
+ conf_state,
+ qop_state,
+ iov,
+ iov_count);
+}
+
+OM_uint32 gssi_unwrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t output_payload_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state)
+{
+ LOG(gssi_unwrap_aead);
+ return gss_unwrap_aead(minor_status,
+ context_handle,
+ input_message_buffer,
+ input_assoc_buffer,
+ output_payload_buffer,
+ conf_state,
+ qop_state);
+}
+
+OM_uint32 gssi_get_mic(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token)
+{
+ LOG(gssi_get_mic);
+ return gss_get_mic(minor_status,
+ context_handle,
+ qop_req,
+ message_buffer,
+ message_token);
+}
+
+OM_uint32 gssi_verify_mic(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token,
+ gss_qop_t *qop_state)
+{
+ LOG(gssi_verify_mic);
+ return gss_verify_mic(minor_status,
+ context_handle,
+ message_buffer,
+ message_token,
+ qop_state);
+}
diff --git a/src/plugins/gssapi/interposer/reenter_gssi.h b/src/plugins/gssapi/interposer/reenter_gssi.h
new file mode 100644
index 0000000000..1870a2df73
--- /dev/null
+++ b/src/plugins/gssapi/interposer/reenter_gssi.h
@@ -0,0 +1,344 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2013 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Red Hat, Inc., nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _REENTER_GSSI_H_
+#define _REENTER_GSSI_H_
+
+OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status,
+ const gss_name_t desired_name,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *time_rec);
+
+OM_uint32 gssi_add_cred(OM_uint32 *minor_status,
+ const gss_cred_id_t input_cred_handle,
+ const gss_name_t desired_name,
+ const gss_OID desired_mech,
+ gss_cred_usage_t cred_usage,
+ OM_uint32 initiator_time_req,
+ OM_uint32 acceptor_time_req,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *initiator_time_rec,
+ OM_uint32 *acceptor_time_rec);
+
+OM_uint32 gssi_acquire_cred_with_password(OM_uint32 *minor_status,
+ const gss_name_t desired_name,
+ const gss_buffer_t password,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *time_rec);
+
+OM_uint32 gssi_inquire_cred(OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ gss_name_t *name,
+ OM_uint32 *lifetime,
+ gss_cred_usage_t *cred_usage,
+ gss_OID_set *mechanisms);
+
+OM_uint32 gssi_inquire_cred_by_mech(OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ gss_OID mech_type,
+ gss_name_t *name,
+ OM_uint32 *initiator_lifetime,
+ OM_uint32 *acceptor_lifetime,
+ gss_cred_usage_t *cred_usage);
+
+OM_uint32 gssi_inquire_cred_by_oid(OM_uint32 *minor_status,
+ const gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set);
+
+OM_uint32 gssi_set_cred_option(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value);
+
+OM_uint32 gssi_store_cred(OM_uint32 *minor_status,
+ const gss_cred_id_t input_cred_handle,
+ gss_cred_usage_t input_usage,
+ const gss_OID desired_mech,
+ OM_uint32 overwrite_cred,
+ OM_uint32 default_cred,
+ gss_OID_set *elements_stored,
+ gss_cred_usage_t *cred_usage_stored);
+
+OM_uint32 gssi_release_cred(OM_uint32 *minor_status,
+ gss_cred_id_t *cred_handle);
+
+OM_uint32 gssi_export_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_buffer_t interprocess_token);
+
+OM_uint32 gssi_import_sec_context(OM_uint32 *minor_status,
+ gss_buffer_t interprocess_token,
+ gss_ctx_id_t *context_handle);
+
+OM_uint32 gssi_process_context_token(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t token_buffer);
+
+OM_uint32 gssi_context_time(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ OM_uint32 *time_rec);
+
+OM_uint32 gssi_inquire_context(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_name_t *src_name,
+ gss_name_t *targ_name,
+ OM_uint32 *lifetime_rec,
+ gss_OID *mech_type,
+ OM_uint32 *ctx_flags,
+ int *locally_initiated,
+ int *open);
+
+OM_uint32 gssi_inquire_sec_context_by_oid(OM_uint32 *minor_status,
+ const gss_ctx_id_t context_handle,
+ const gss_OID desired_object,
+ gss_buffer_set_t *data_set);
+
+OM_uint32 gssi_set_sec_context_option(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value);
+
+OM_uint32 gssi_pseudo_random(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int prf_key,
+ const gss_buffer_t prf_in,
+ ssize_t desired_output_len,
+ gss_buffer_t prf_out);
+
+OM_uint32 gssi_delete_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_buffer_t output_token);
+
+OM_uint32 gssi_accept_sec_context(OM_uint32 *minor_status,
+ gss_ctx_id_t *context_handle,
+ gss_cred_id_t acceptor_cred_handle,
+ gss_buffer_t input_token_buffer,
+ gss_channel_bindings_t input_chan_bindings,
+ gss_name_t *src_name,
+ gss_OID *mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 *ret_flags,
+ OM_uint32 *time_rec,
+ gss_cred_id_t *delegated_cred_handle);
+
+OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status,
+ gss_cred_id_t claimant_cred_handle,
+ gss_ctx_id_t *context_handle,
+ gss_name_t target_name,
+ gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ gss_channel_bindings_t input_cb,
+ gss_buffer_t input_token,
+ gss_OID *actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 *ret_flags,
+ OM_uint32 *time_rec);
+
+OM_uint32 gssi_display_status(OM_uint32 *minor_status,
+ OM_uint32 status_value,
+ int status_type,
+ const gss_OID mech_type,
+ OM_uint32 *message_context,
+ gss_buffer_t status_string);
+
+OM_uint32 gssi_display_name(OM_uint32 *minor_status,
+ gss_name_t input_name,
+ gss_buffer_t output_name_buffer,
+ gss_OID *output_name_type);
+
+OM_uint32 gssi_display_name_ext(OM_uint32 *minor_status,
+ gss_name_t name,
+ gss_OID display_as_name_type,
+ gss_buffer_t display_name);
+
+OM_uint32 gssi_import_name(OM_uint32 *minor_status,
+ gss_buffer_t input_name_buffer,
+ gss_OID input_name_type,
+ gss_name_t *output_name);
+
+OM_uint32 gssi_import_name_by_mech(OM_uint32 *minor_status,
+ gss_OID mech_type,
+ gss_buffer_t input_name_buffer,
+ gss_OID input_name_type,
+ gss_name_t *output_name);
+
+OM_uint32 gssi_release_name(OM_uint32 *minor_status,
+ gss_name_t *input_name);
+
+OM_uint32 gssi_export_name(OM_uint32 *minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t exported_name);
+
+OM_uint32 gssi_export_name_composite(OM_uint32 *minor_status,
+ const gss_name_t input_name,
+ gss_buffer_t exported_composite_name);
+
+OM_uint32 gssi_duplicate_name(OM_uint32 *minor_status,
+ const gss_name_t input_name,
+ gss_name_t *dest_name);
+
+OM_uint32 gssi_compare_name(OM_uint32 *minor_status,
+ gss_name_t name1,
+ gss_name_t name2,
+ int *name_equal);
+
+OM_uint32 gssi_inquire_name(OM_uint32 *minor_status,
+ gss_name_t name,
+ int *name_is_NM,
+ gss_OID *NM_mech,
+ gss_buffer_set_t *attrs);
+
+OM_uint32 gssi_get_name_attribute(OM_uint32 *minor_status,
+ gss_name_t input_name,
+ gss_buffer_t attr,
+ int *authenticated,
+ int *complete,
+ gss_buffer_t value,
+ gss_buffer_t display_value,
+ int *more);
+
+OM_uint32 gssi_set_name_attribute(OM_uint32 *minor_status,
+ gss_name_t input_name,
+ int complete,
+ gss_buffer_t attr,
+ gss_buffer_t value);
+
+OM_uint32 gssi_delete_name_attribute(OM_uint32 *minor_status,
+ gss_name_t input_name,
+ gss_buffer_t attr);
+
+OM_uint32 gssi_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set);
+
+OM_uint32 gssi_inquire_names_for_mech(OM_uint32 *minor_status,
+ gss_OID mech_type,
+ gss_OID_set *mech_names);
+
+OM_uint32 gssi_inquire_attrs_for_mech(OM_uint32 *minor_status,
+ gss_OID mech,
+ gss_OID_set *mech_attrs,
+ gss_OID_set *known_mech_attrs);
+
+OM_uint32 gssi_inquire_saslname_for_mech(OM_uint32 *minor_status,
+ const gss_OID desired_mech,
+ gss_buffer_t sasl_mech_name,
+ gss_buffer_t mech_name,
+ gss_buffer_t mech_description);
+
+OM_uint32 gssi_inquire_mech_for_saslname(OM_uint32 *minor_status,
+ const gss_buffer_t sasl_mech_name,
+ gss_OID *mech_type);
+
+OM_uint32 gssi_wrap(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_message_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer);
+
+OM_uint32 gssi_wrap_size_limit(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ OM_uint32 req_output_size,
+ OM_uint32 *max_input_size);
+
+OM_uint32 gssi_wrap_iov(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count);
+
+OM_uint32 gssi_wrap_iov_length(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ int *conf_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count);
+
+OM_uint32 gssi_wrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int conf_req_flag,
+ gss_qop_t qop_req,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t input_payload_buffer,
+ int *conf_state,
+ gss_buffer_t output_message_buffer);
+
+OM_uint32 gssi_unwrap(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t output_message_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state);
+
+OM_uint32 gssi_unwrap_iov(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ int *conf_state,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count);
+
+OM_uint32 gssi_unwrap_aead(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t input_message_buffer,
+ gss_buffer_t input_assoc_buffer,
+ gss_buffer_t output_payload_buffer,
+ int *conf_state,
+ gss_qop_t *qop_state);
+
+OM_uint32 gssi_get_mic(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_qop_t qop_req,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token);
+
+OM_uint32 gssi_verify_mic(OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_buffer_t message_buffer,
+ gss_buffer_t message_token,
+ gss_qop_t *qop_state);
+
+#endif /* _REENTER_GSSI_H_ */
diff --git a/src/plugins/gssapi/interposer/reenter_main.c b/src/plugins/gssapi/interposer/reenter_main.c
new file mode 100644
index 0000000000..f7deed0a44
--- /dev/null
+++ b/src/plugins/gssapi/interposer/reenter_main.c
@@ -0,0 +1,126 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 2013 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Red Hat, Inc., nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "autoconf.h"
+#include <stdio.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+
+#include "reenter.h"
+
+#define no_const(ptr) ((void *)((uintptr_t)(ptr)))
+
+/* 2.16.840.1.113730.3.8.15.1 */
+const gss_OID_desc gssproxy_mech_interposer = {
+ .length = 11,
+ .elements = "\140\206\110\001\206\370\102\003\010\017\001"
+};
+
+#define KRB5_OID_LEN 9
+#define KRB5_OID "\052\206\110\206\367\022\001\002\002"
+
+#define KRB5_OLD_OID_LEN 5
+#define KRB5_OLD_OID "\053\005\001\005\002"
+
+/* Incorrect krb5 mech OID emitted by MS. */
+#define KRB5_WRONG_OID_LEN 9
+#define KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002"
+
+#define IAKERB_OID_LEN 6
+#define IAKERB_OID "\053\006\001\005\002\005"
+
+const gss_OID_desc gpoid_krb5 = {
+ .length = KRB5_OID_LEN,
+ .elements = KRB5_OID
+};
+const gss_OID_desc gpoid_krb5_old = {
+ .length = KRB5_OLD_OID_LEN,
+ .elements = KRB5_OLD_OID
+};
+const gss_OID_desc gpoid_krb5_wrong = {
+ .length = KRB5_WRONG_OID_LEN,
+ .elements = KRB5_WRONG_OID
+};
+const gss_OID_desc gpoid_iakerb = {
+ .length = IAKERB_OID_LEN,
+ .elements = IAKERB_OID
+};
+
+
+gss_OID_set gss_mech_interposer(gss_OID mech_type)
+{
+ gss_OID_set interposed_mechs;
+ OM_uint32 maj, min;
+
+ LOG(gss_mech_interposer);
+
+ interposed_mechs = NULL;
+ maj = 0;
+ if (gss_oid_equal(&gssproxy_mech_interposer, mech_type)) {
+ maj = gss_create_empty_oid_set(&min, &interposed_mechs);
+ if (maj != 0) {
+ return NULL;
+ }
+ maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5),
+ &interposed_mechs);
+ if (maj != 0) {
+ goto done;
+ }
+ maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_old),
+ &interposed_mechs);
+ if (maj != 0) {
+ goto done;
+ }
+ maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_wrong),
+ &interposed_mechs);
+ if (maj != 0) {
+ goto done;
+ }
+ maj = gss_add_oid_set_member(&min, no_const(&gpoid_iakerb),
+ &interposed_mechs);
+ if (maj != 0) {
+ goto done;
+ }
+ }
+
+done:
+ if (maj != 0) {
+ (void)gss_release_oid_set(&min, &interposed_mechs);
+ interposed_mechs = NULL;
+ }
+
+ return interposed_mechs;
+}
generated by cgit (git 2.34.1) at 2024-04-19 20:29:46 +0000