diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-10-06 18:25:04 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-10-06 18:25:04 +0000 |
| commit | 014f8057c5328b3e39b5d8660a1ea1a98409006f (patch) | |
| tree | da9796d82a6d65d055f4762c411fbf395bb52f37 /src/lib/gssapi/generic | |
| parent | 5f2826f6d598a4dd45a55e111a07c0086fe1e38a (diff) | |
| download | krb5-014f8057c5328b3e39b5d8660a1ea1a98409006f.tar.gz krb5-014f8057c5328b3e39b5d8660a1ea1a98409006f.tar.xz krb5-014f8057c5328b3e39b5d8660a1ea1a98409006f.zip | |
Merge users/lhoward/sasl-gs2 to trunk
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24436 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/generic')
| -rw-r--r-- | src/lib/gssapi/generic/gssapi.hin | 83 | ||||
| -rw-r--r-- | src/lib/gssapi/generic/gssapiP_generic.h | 9 | ||||
| -rw-r--r-- | src/lib/gssapi/generic/gssapi_generic.c | 260 | ||||
| -rw-r--r-- | src/lib/gssapi/generic/util_buffer.c | 3 |
4 files changed, 355 insertions, 0 deletions
diff --git a/src/lib/gssapi/generic/gssapi.hin b/src/lib/gssapi/generic/gssapi.hin index fb82e3c4f5..15d685d8c0 100644 --- a/src/lib/gssapi/generic/gssapi.hin +++ b/src/lib/gssapi/generic/gssapi.hin @@ -289,6 +289,8 @@ typedef int gss_cred_usage_t; (((OM_uint32) 17ul) << GSS_C_ROUTINE_ERROR_OFFSET) #define GSS_S_NAME_NOT_MN \ (((OM_uint32) 18ul) << GSS_C_ROUTINE_ERROR_OFFSET) +#define GSS_S_BAD_MECH_ATTR \ + (((OM_uint32) 19ul) << GSS_C_ROUTINE_ERROR_OFFSET) /* * Supplementary info bits: @@ -831,4 +833,85 @@ gss_set_neg_mechs( /* XXXX This is a necessary evil until the spec is fixed */ #define GSS_S_CRED_UNAVAIL GSS_S_FAILURE +/* + * RFC 5587 + */ +typedef const gss_buffer_desc *gss_const_buffer_t; +typedef const struct gss_channel_bindings_struct *gss_const_channel_bindings_t; +typedef const struct gss_ctx_id_struct gss_const_ctx_id_t; +typedef const struct gss_cred_id_struct gss_const_cred_id_t; +typedef const struct gss_name_struct gss_const_name_t; +typedef const gss_OID_desc *gss_const_OID; +typedef const gss_OID_set_desc *gss_const_OID_set; + +OM_uint32 KRB5_CALLCONV +gss_indicate_mechs_by_attrs( + OM_uint32 *, /* minor_status */ + gss_const_OID_set, /* desired_mech_attrs */ + gss_const_OID_set, /* except_mech_attrs */ + gss_const_OID_set, /* critical_mech_attrs */ + gss_OID_set *); /* mechs */ + +OM_uint32 KRB5_CALLCONV +gss_inquire_attrs_for_mech( + OM_uint32 *, /* minor_status */ + gss_const_OID, /* mech */ + gss_OID_set *, /* mech_attrs */ + gss_OID_set *); /* known_mech_attrs */ + +OM_uint32 KRB5_CALLCONV +gss_display_mech_attr( + OM_uint32 *, /* minor_status */ + gss_const_OID, /* mech_attr */ + gss_buffer_t, /* name */ + gss_buffer_t, /* short_desc */ + gss_buffer_t); /* long_desc */ + +GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_CONCRETE; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_PSEUDO; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_COMPOSITE; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_NEGO; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_MECH_GLUE; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_NOT_MECH; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_DEPRECATED; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_NOT_DFLT_MECH; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_ITOK_FRAMED; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT_INIT; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG_INIT; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_INIT_ANON; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_AUTH_TARG_ANON; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_DELEG_CRED; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_INTEG_PROT; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_CONF_PROT; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_MIC; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_WRAP; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_PROT_READY; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_REPLAY_DET; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_OOS_DET; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_CBINDINGS; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_PFS; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_COMPRESS; +GSS_DLLIMP extern gss_const_OID GSS_C_MA_CTX_TRANS; + +/* + * RFC 5801 + */ +OM_uint32 KRB5_CALLCONV +gss_inquire_saslname_for_mech( + OM_uint32 *, /* minor_status */ + const gss_OID, /* desired_mech */ + gss_buffer_t, /* sasl_mech_name */ + gss_buffer_t, /* mech_name */ + gss_buffer_t /* mech_description */ +); + +OM_uint32 KRB5_CALLCONV +gss_inquire_mech_for_saslname( + OM_uint32 *, /* minor_status */ + const gss_buffer_t, /* sasl_mech_name */ + gss_OID * /* mech_type */ +); + #endif /* _GSSAPI_H_ */ diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h index cb2340a4bc..f3af8a4d11 100644 --- a/src/lib/gssapi/generic/gssapiP_generic.h +++ b/src/lib/gssapi/generic/gssapiP_generic.h @@ -294,4 +294,13 @@ OM_uint32 generic_gss_copy_oid_set const gss_OID_set_desc *, /* const oidset*/ gss_OID_set * /*new_oidset*/); +extern gss_OID_set gss_ma_known_attrs; + +OM_uint32 generic_gss_display_mech_attr( + OM_uint32 *minor_status, + gss_const_OID mech_attr, + gss_buffer_t name, + gss_buffer_t short_desc, + gss_buffer_t long_desc); + #endif /* _GSSAPIP_GENERIC_H_ */ diff --git a/src/lib/gssapi/generic/gssapi_generic.c b/src/lib/gssapi/generic/gssapi_generic.c index 1d77d3f815..f8d2c426c2 100644 --- a/src/lib/gssapi/generic/gssapi_generic.c +++ b/src/lib/gssapi/generic/gssapi_generic.c @@ -122,6 +122,35 @@ static const gss_OID_desc const_oids[] = { /* GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5 */ {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"}, + + /* RFC 5587 attributes, see below */ + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x01"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x02"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x03"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x04"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x05"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x06"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x07"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x08"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x09"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0a"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0b"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0c"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0d"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0e"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0f"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x10"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x11"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x12"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x13"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x14"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x15"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x16"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x17"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x18"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x19"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1a"}, + {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1b"}, }; /* Here are the constants which point to the static structure above. @@ -152,3 +181,234 @@ GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME = oids+6; gss_OID gss_nt_exported_name = oids+6; GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY = oids+7; + +GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_CONCRETE = oids+8; +GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_PSEUDO = oids+9; +GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_COMPOSITE = oids+10; +GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_NEGO = oids+11; +GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_GLUE = oids+12; +GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_MECH = oids+13; +GSS_DLLIMP gss_const_OID GSS_C_MA_DEPRECATED = oids+14; +GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_DFLT_MECH = oids+15; +GSS_DLLIMP gss_const_OID GSS_C_MA_ITOK_FRAMED = oids+16; +GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT = oids+17; +GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG = oids+18; +GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_INIT = oids+19; +GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_INIT = oids+20; +GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_ANON = oids+21; +GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_ANON = oids+22; +GSS_DLLIMP gss_const_OID GSS_C_MA_DELEG_CRED = oids+23; +GSS_DLLIMP gss_const_OID GSS_C_MA_INTEG_PROT = oids+24; +GSS_DLLIMP gss_const_OID GSS_C_MA_CONF_PROT = oids+25; +GSS_DLLIMP gss_const_OID GSS_C_MA_MIC = oids+26; +GSS_DLLIMP gss_const_OID GSS_C_MA_WRAP = oids+27; +GSS_DLLIMP gss_const_OID GSS_C_MA_PROT_READY = oids+28; +GSS_DLLIMP gss_const_OID GSS_C_MA_REPLAY_DET = oids+29; +GSS_DLLIMP gss_const_OID GSS_C_MA_OOS_DET = oids+30; +GSS_DLLIMP gss_const_OID GSS_C_MA_CBINDINGS = oids+31; +GSS_DLLIMP gss_const_OID GSS_C_MA_PFS = oids+32; +GSS_DLLIMP gss_const_OID GSS_C_MA_COMPRESS = oids+33; +GSS_DLLIMP gss_const_OID GSS_C_MA_CTX_TRANS = oids+34; + +static gss_OID_set_desc gss_ma_known_attrs_desc = { 27, oids+8 }; +gss_OID_set gss_ma_known_attrs = &gss_ma_known_attrs_desc; + +#define STRING_BUFFER(x) { sizeof((x) - 1), (x) } + +static struct mech_attr_info_desc { + gss_OID mech_attr; + gss_buffer_desc name; + gss_buffer_desc short_desc; + gss_buffer_desc long_desc; +} mech_attr_info[] = { + { + oids+8, + STRING_BUFFER("GSS_C_MA_MECH_CONCRETE"), + STRING_BUFFER("Mechanism is neither a pseudo-mechanism nor a " + "composite mechanism."), + }, + { + oids+9, + STRING_BUFFER("GSS_C_MA_MECH_PSEUDO"), + STRING_BUFFER("Mechanism is a pseudo-mechanism"), + }, + { + oids+10, + STRING_BUFFER("GSS_C_MA_MECH_COMPOSITE"), + STRING_BUFFER("Mechanism is a composite of other mechanisms."), + }, + { + oids+11, + STRING_BUFFER("GSS_C_MA_MECH_NEGO"), + STRING_BUFFER("Mechanism negotiates other mechanisms."), + }, + { + oids+12, + STRING_BUFFER("GSS_C_MA_MECH_GLUE"), + STRING_BUFFER("OID is not a mechanism but the GSS-API itself."), + }, + { + oids+13, + STRING_BUFFER("GSS_C_MA_NOT_MECH"), + STRING_BUFFER("Known OID but not a mechanism OID."), + }, + { + oids+14, + STRING_BUFFER("GSS_C_MA_DEPRECATED"), + STRING_BUFFER("Mechanism is deprecated."), + }, + { + oids+15, + STRING_BUFFER("GSS_C_MA_NOT_DFLT_MECH"), + STRING_BUFFER("Mechanism must not be used as a default mechanism."), + }, + { + oids+16, + STRING_BUFFER("GSS_C_MA_ITOK_FRAMED"), + STRING_BUFFER("Mechanism's initial contexts are properly framed."), + }, + { + oids+17, + STRING_BUFFER("GSS_C_MA_AUTH_INIT"), + STRING_BUFFER("Mechanism supports authentication of initiator to " + "acceptor."), + }, + { + oids+18, + STRING_BUFFER("GSS_C_MA_AUTH_TARG"), + STRING_BUFFER("Mechanism supports authentication of acceptor to " + "initiator."), + }, + { + oids+19, + STRING_BUFFER("GSS_C_MA_AUTH_INIT_INIT"), + STRING_BUFFER("Mechanism supports authentication of initiator using " + "initial credentials."), + }, + { + oids+20, + STRING_BUFFER("GSS_C_MA_AUTH_TARG_INIT"), + STRING_BUFFER("Mechanism supports authentication of acceptor using " + "initial credentials."), + }, + { + oids+21, + STRING_BUFFER("GSS_C_MA_AUTH_INIT_ANON"), + STRING_BUFFER("Mechanism supports GSS_C_NT_ANONYMOUS as an initiator " + "name."), + }, + { + oids+22, + STRING_BUFFER("GSS_C_MA_AUTH_TARG_ANON"), + STRING_BUFFER("Mechanism supports GSS_C_NT_ANONYMOUS as an acceptor " + "name."), + }, + { + oids+23, + STRING_BUFFER("GSS_C_MA_DELEG_CRED"), + STRING_BUFFER("Mechanism supports credential delegation."), + }, + { + oids+24, + STRING_BUFFER("GSS_C_MA_INTEG_PROT"), + STRING_BUFFER("Mechanism supports per-message integrity protection."), + }, + { + oids+25, + STRING_BUFFER("GSS_C_MA_CONF_PROT"), + STRING_BUFFER("Mechanism supports per-message confidentiality" + "protection."), + }, + { + oids+26, + STRING_BUFFER("GSS_C_MA_MIC"), + STRING_BUFFER("Mechanism supports Message Integrity Code (MIC) " + "tokens."), + }, + { + oids+27, + STRING_BUFFER("GSS_C_MA_WRAP"), + STRING_BUFFER("Mechanism supports wrap tokens."), + }, + { + oids+28, + STRING_BUFFER("GSS_C_MA_PROT_READY"), + STRING_BUFFER("Mechanism supports per-message proteciton prior to " + "full context establishment."), + }, + { + oids+29, + STRING_BUFFER("GSS_C_MA_REPLAY_DET"), + STRING_BUFFER("Mechanism supports replay detection."), + }, + { + oids+30, + STRING_BUFFER("GSS_C_MA_OOS_DET"), + STRING_BUFFER("Mechanism supports out-of-sequence detection."), + }, + { + oids+31, + STRING_BUFFER("GSS_C_MA_CBINDINGS"), + STRING_BUFFER("Mechanism supports channel bindings."), + }, + { + oids+32, + STRING_BUFFER("GSS_C_MA_PFS"), + STRING_BUFFER("Mechanism supports Perfect Forward Security."), + }, + { + oids+33, + STRING_BUFFER("GSS_C_MA_COMPRESS"), + STRING_BUFFER("Mechanism supports compression of data inputs to " + "gss_wrap()."), + }, + { + oids+34, + STRING_BUFFER("GSS_C_MA_CTX_TRANS"), + STRING_BUFFER("Mechanism supports security context export/import."), + }, +}; + +OM_uint32 +generic_gss_display_mech_attr( + OM_uint32 *minor_status, + gss_const_OID mech_attr, + gss_buffer_t name, + gss_buffer_t short_desc, + gss_buffer_t long_desc) +{ + size_t i; + + if (name != GSS_C_NO_BUFFER) { + name->length = 0; + name->value = NULL; + } + if (short_desc != GSS_C_NO_BUFFER) { + short_desc->length = 0; + short_desc->value = NULL; + } + if (long_desc != GSS_C_NO_BUFFER) { + long_desc->length = 0; + long_desc->value = NULL; + } + for (i = 0; i < sizeof(mech_attr_info)/sizeof(mech_attr_info[0]); i++) { + struct mech_attr_info_desc *mai = &mech_attr_info[i]; + + if (g_OID_equal(mech_attr, mai->mech_attr)) { + if (name != GSS_C_NO_BUFFER && + !g_make_string_buffer((char *)mai->name.value, name)) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + if (short_desc != GSS_C_NO_BUFFER && + !g_make_string_buffer((char *)mai->short_desc.value, + short_desc)) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + return GSS_S_COMPLETE; + } + } + + return GSS_S_BAD_MECH_ATTR; +} diff --git a/src/lib/gssapi/generic/util_buffer.c b/src/lib/gssapi/generic/util_buffer.c index cd16862f6d..81d86fc760 100644 --- a/src/lib/gssapi/generic/util_buffer.c +++ b/src/lib/gssapi/generic/util_buffer.c @@ -34,6 +34,9 @@ int g_make_string_buffer(const char *str, gss_buffer_t buffer) { + if (buffer == GSS_C_NO_BUFFER) + return (1); + buffer->length = strlen(str); if ((buffer->value = strdup(str)) == NULL) { |