diff options
-rw-r--r-- | src/Makefile.in | 4 | ||||
-rw-r--r-- | src/configure.in | 1 | ||||
-rw-r--r-- | src/plugins/gssapi/interposer/Makefile.in | 37 | ||||
-rw-r--r-- | src/plugins/gssapi/interposer/deps | 7 | ||||
-rw-r--r-- | src/plugins/gssapi/interposer/reenter.exports | 49 | ||||
-rw-r--r-- | src/plugins/gssapi/interposer/reenter.h | 40 | ||||
-rw-r--r-- | src/plugins/gssapi/interposer/reenter_gssi.c | 741 | ||||
-rw-r--r-- | src/plugins/gssapi/interposer/reenter_gssi.h | 344 | ||||
-rw-r--r-- | src/plugins/gssapi/interposer/reenter_main.c | 126 |
9 files changed, 1348 insertions, 1 deletions
diff --git a/src/Makefile.in b/src/Makefile.in index eef705cccb..a805177a87 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -13,6 +13,7 @@ SUBDIRS=util include lib \ plugins/kdb/db2 \ @ldap_plugin_dir@ \ plugins/preauth/pkinit \ + plugins/gssapi/interposer \ kdc kadmin slave clients appl tests \ config-files gen-manpages man doc @po@ WINSUBDIRS=include util lib ccapi windows clients appl @@ -62,7 +63,8 @@ INSTALLMKDIRS = $(KRB5ROOT) $(KRB5MANROOT) $(KRB5OTHERMKDIRS) \ $(KRB5_AD_MODULE_DIR) \ $(KRB5_LIBKRB5_MODULE_DIR) \ @localstatedir@ @localstatedir@/krb5kdc \ - $(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) + $(KRB5_INCSUBDIRS) $(datadir) $(EXAMPLEDIR) \ + $(GSS_MODULE_DIR) install-strip: $(MAKE) install INSTALL_STRIP=-s diff --git a/src/configure.in b/src/configure.in index 7154f686bd..2b711bc124 100644 --- a/src/configure.in +++ b/src/configure.in @@ -1342,6 +1342,7 @@ dnl ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test plugins/authdata/greet plugins/authdata/greet_client plugins/authdata/greet_server + plugins/gssapi/interposer clients clients/klist clients/kinit clients/kvno clients/kdestroy clients/kpasswd clients/ksu clients/kswitch diff --git a/src/plugins/gssapi/interposer/Makefile.in b/src/plugins/gssapi/interposer/Makefile.in new file mode 100644 index 0000000000..e1e5059e16 --- /dev/null +++ b/src/plugins/gssapi/interposer/Makefile.in @@ -0,0 +1,37 @@ +mydir=plugins$(S)gssapi$(S)interposer +BUILDTOP=$(REL)..$(S)..$(S).. +KRB5_RUN_ENV = @KRB5_RUN_ENV@ +KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ; +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) +MODULE_INSTALL_DIR = $(GSS_MODULE_DIR) +DEFS=@DEFS@ + +LOCALINCLUDES = -I../../../include/gssapi -I. + +LIBBASE=reenter +LIBMAJOR=0 +LIBMINOR=0 +SO_EXT=.so +RELDIR=../plugins/gssapi/interposer +# Depends on +SHLIB_EXPDEPS = +SHLIB_EXPLIBS= -lgssapi_krb5 $(SUPPORT_LIB) $(LIBS) + +SHLIB_DIRS=-L$(TOPLIBD) +SHLIB_RDIRS=$(KRB5_LIBDIR) +STOBJLISTS=OBJS.ST +STLIBOBJS=reenter_main.o reenter_gssi.o + +SRCS=reenter_main.c reenter_gssi.c + +all-unix:: $(LIBBASE)$(SO_EXT) +install-unix:: install-libs +clean-unix:: clean-libs clean-libobjs + +clean:: + $(RM) lib$(LIBBASE)$(SO_EXT) + +@libnover_frag@ +@libobj_frag@ + diff --git a/src/plugins/gssapi/interposer/deps b/src/plugins/gssapi/interposer/deps new file mode 100644 index 0000000000..adff01b8e2 --- /dev/null +++ b/src/plugins/gssapi/interposer/deps @@ -0,0 +1,7 @@ +# +# Generated makefile dependencies follow. +# +reenter.so $(OUTPRE)reenter.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) \ + reenter_main.c reenter_gssi.c diff --git a/src/plugins/gssapi/interposer/reenter.exports b/src/plugins/gssapi/interposer/reenter.exports new file mode 100644 index 0000000000..2e4e0d7952 --- /dev/null +++ b/src/plugins/gssapi/interposer/reenter.exports @@ -0,0 +1,49 @@ +gssi_acquire_cred +gssi_add_cred +gssi_acquire_cred_with_password +gssi_inquire_cred +gssi_inquire_cred_by_mech +gssi_inquire_cred_by_oid +gssi_set_cred_option +gssi_store_cred +gssi_release_cred +gssi_export_sec_context +gssi_import_sec_context +gssi_process_context_token +gssi_context_time +gssi_inquire_context +gssi_inquire_sec_context_by_oid +gssi_set_sec_context_option +gssi_pseudo_random +gssi_delete_sec_context +gssi_accept_sec_context +gssi_init_sec_context +gssi_display_status +gssi_display_name +gssi_display_name_ext +gssi_import_name +gssi_release_name +gssi_export_name +gssi_export_name_composite +gssi_duplicate_name +gssi_compare_name +gssi_inquire_name +gssi_get_name_attribute +gssi_set_name_attribute +gssi_delete_name_attribute +gssi_indicate_mechs +gssi_inquire_names_for_mech +gssi_inquire_attrs_for_mech +gssi_inquire_saslname_for_mech +gssi_inquire_mech_for_saslname +gssi_wrap +gssi_wrap_size_limit +gssi_wrap_iov +gssi_wrap_iov_length +gssi_wrap_aead +gssi_unwrap +gssi_unwrap_iov +gssi_unwrap_aead +gssi_get_mic +gssi_verify_mic +gss_mech_interposer diff --git a/src/plugins/gssapi/interposer/reenter.h b/src/plugins/gssapi/interposer/reenter.h new file mode 100644 index 0000000000..b9470f4d85 --- /dev/null +++ b/src/plugins/gssapi/interposer/reenter.h @@ -0,0 +1,40 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Red Hat, Inc., nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _REENTER_H_ +#define _REENTER_H_ + +#define LOG(fn) \ + do { \ + fprintf(stderr, "reenter: " #fn "\n"); \ + } while (0); + +#endif /* _REENTER_H_ */ diff --git a/src/plugins/gssapi/interposer/reenter_gssi.c b/src/plugins/gssapi/interposer/reenter_gssi.c new file mode 100644 index 0000000000..802fb1a77a --- /dev/null +++ b/src/plugins/gssapi/interposer/reenter_gssi.c @@ -0,0 +1,741 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Red Hat, Inc., nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "autoconf.h" +#include <stdio.h> +#include <string.h> +#include <gssapi/gssapi.h> +#include <gssapi/gssapi_ext.h> + +#include "reenter.h" +#include "reenter_gssi.h" + +OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) +{ + LOG(gssi_acquire_cred); + return gss_acquire_cred(minor_status, + desired_name, + time_req, + desired_mechs, + cred_usage, + output_cred_handle, + actual_mechs, + time_rec); +} + +OM_uint32 gssi_add_cred(OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + const gss_name_t desired_name, + const gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec) +{ + LOG(gssi_add_cred); + return gss_add_cred(minor_status, + input_cred_handle, + desired_name, + desired_mech, + cred_usage, + initiator_time_req, + acceptor_time_req, + output_cred_handle, + actual_mechs, + initiator_time_rec, + acceptor_time_rec); +} + +OM_uint32 gssi_acquire_cred_with_password(OM_uint32 *minor_status, + const gss_name_t desired_name, + const gss_buffer_t password, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec) +{ + LOG(gssi_acquire_cred_with_password); + return gss_acquire_cred_with_password(minor_status, + desired_name, + password, + time_req, + desired_mechs, + cred_usage, + output_cred_handle, + actual_mechs, + time_rec); +} + +OM_uint32 gssi_inquire_cred(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_name_t *name, + OM_uint32 *lifetime, + gss_cred_usage_t *cred_usage, + gss_OID_set *mechanisms) +{ + LOG(gssi_inquire_cred); + return gss_inquire_cred(minor_status, + cred_handle, + name, + lifetime, + cred_usage, + mechanisms); +} + +OM_uint32 gssi_inquire_cred_by_mech(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_OID mech_type, + gss_name_t *name, + OM_uint32 *initiator_lifetime, + OM_uint32 *acceptor_lifetime, + gss_cred_usage_t *cred_usage) +{ + LOG(gssi_inquire_cred_by_mech); + return gss_inquire_cred_by_mech(minor_status, + cred_handle, + mech_type, + name, + initiator_lifetime, + acceptor_lifetime, + cred_usage); +} + +OM_uint32 gssi_inquire_cred_by_oid(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + LOG(gssi_inquire_cred_by_oid); + return gss_inquire_cred_by_oid(minor_status, + cred_handle, + desired_object, + data_set); +} + +OM_uint32 gssi_set_cred_option(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + LOG(gssi_set_cred_option); + return gss_set_cred_option(minor_status, + cred_handle, + desired_object, + value); +} + +OM_uint32 gssi_store_cred(OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + gss_cred_usage_t input_usage, + const gss_OID desired_mech, + OM_uint32 overwrite_cred, + OM_uint32 default_cred, + gss_OID_set *elements_stored, + gss_cred_usage_t *cred_usage_stored) +{ + LOG(gssi_store_cred); + return gss_store_cred(minor_status, + input_cred_handle, + input_usage, + desired_mech, + overwrite_cred, + default_cred, + elements_stored, + cred_usage_stored); +} + +OM_uint32 gssi_release_cred(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle) +{ + LOG(gssi_release_cred); + return gss_release_cred(minor_status, + cred_handle); +} + +OM_uint32 gssi_export_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t interprocess_token) +{ + LOG(gssi_export_sec_context); + return gss_export_sec_context(minor_status, + context_handle, + interprocess_token); +} + +OM_uint32 gssi_import_sec_context(OM_uint32 *minor_status, + gss_buffer_t interprocess_token, + gss_ctx_id_t *context_handle) +{ + LOG(gssi_import_sec_context); + return gss_import_sec_context(minor_status, + interprocess_token, + context_handle); +} + +OM_uint32 gssi_process_context_token(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t token_buffer) +{ + LOG(gssi_process_context_token); + return gss_process_context_token(minor_status, + context_handle, + token_buffer); +} + +OM_uint32 gssi_context_time(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + OM_uint32 *time_rec) +{ + LOG(gssi_context_time); + return gss_context_time(minor_status, + context_handle, + time_rec); +} + +OM_uint32 gssi_inquire_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_name_t *src_name, + gss_name_t *targ_name, + OM_uint32 *lifetime_rec, + gss_OID *mech_type, + OM_uint32 *ctx_flags, + int *locally_initiated, + int *open) +{ + LOG(gssi_inquire_context); + return gss_inquire_context(minor_status, + context_handle, + src_name, + targ_name, + lifetime_rec, + mech_type, + ctx_flags, + locally_initiated, + open); +} + +OM_uint32 gssi_inquire_sec_context_by_oid(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + LOG(gssi_inquire_sec_context_by_oid); + return gss_inquire_sec_context_by_oid(minor_status, + context_handle, + desired_object, + data_set); +} + +OM_uint32 gssi_set_sec_context_option(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + LOG(gssi_set_sec_context_option); + return gss_set_sec_context_option(minor_status, + context_handle, + desired_object, + value); +} + +OM_uint32 gssi_pseudo_random(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out) +{ + LOG(gssi_pseudo_random); + return gss_pseudo_random(minor_status, + context_handle, + prf_key, + prf_in, + desired_output_len, + prf_out); +} + +OM_uint32 gssi_delete_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t output_token) +{ + LOG(gssi_delete_sec_context); + return gss_delete_sec_context(minor_status, + context_handle, + output_token); +} + +OM_uint32 gssi_accept_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_cred_id_t acceptor_cred_handle, + gss_buffer_t input_token_buffer, + gss_channel_bindings_t input_chan_bindings, + gss_name_t *src_name, + gss_OID *mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec, + gss_cred_id_t *delegated_cred_handle) +{ + LOG(gssi_accept_sec_context); + return gss_accept_sec_context(minor_status, + context_handle, + acceptor_cred_handle, + input_token_buffer, + input_chan_bindings, + src_name, + mech_type, + output_token, + ret_flags, + time_rec, + delegated_cred_handle); +} + +OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, + gss_cred_id_t claimant_cred_handle, + gss_ctx_id_t *context_handle, + gss_name_t target_name, + gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + gss_channel_bindings_t input_cb, + gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec) +{ + LOG(gssi_init_sec_context); + return gss_init_sec_context(minor_status, + claimant_cred_handle, + context_handle, + target_name, + mech_type, + req_flags, + time_req, + input_cb, + input_token, + actual_mech_type, + output_token, + ret_flags, + time_rec); +} + +OM_uint32 gssi_display_status(OM_uint32 *minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 *message_context, + gss_buffer_t status_string) +{ + LOG(gssi_display_status); + return gss_display_status(minor_status, + status_value, + status_type, + mech_type, + message_context, + status_string); +} + +OM_uint32 gssi_display_name(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID *output_name_type) +{ + LOG(gssi_display_name); + return gss_display_name(minor_status, + input_name, + output_name_buffer, + output_name_type); +} + +OM_uint32 gssi_display_name_ext(OM_uint32 *minor_status, + gss_name_t name, + gss_OID display_as_name_type, + gss_buffer_t display_name) +{ + LOG(gssi_display_name_ext); + return gss_display_name_ext(minor_status, + name, + display_as_name_type, + display_name); +} + +OM_uint32 gssi_import_name(OM_uint32 *minor_status, + gss_buffer_t input_name_buffer, + gss_OID input_name_type, + gss_name_t *output_name) +{ + LOG(gssi_import_name); + return gss_import_name(minor_status, + input_name_buffer, + input_name_type, + output_name); +} + +OM_uint32 gssi_release_name(OM_uint32 *minor_status, + gss_name_t *input_name) +{ + LOG(gssi_release_name); + return gss_release_name(minor_status, + input_name); +} + +OM_uint32 gssi_export_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t exported_name) +{ + LOG(gssi_export_name); + return gss_export_name(minor_status, + input_name, + exported_name); +} + +OM_uint32 gssi_export_name_composite(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t exported_composite_name) +{ + LOG(gssi_export_name_composite); + return gss_export_name_composite(minor_status, + input_name, + exported_composite_name); +} + +OM_uint32 gssi_duplicate_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_name_t *dest_name) +{ + LOG(gssi_duplicate_name); + return gss_duplicate_name(minor_status, + input_name, + dest_name); +} + +OM_uint32 gssi_compare_name(OM_uint32 *minor_status, + gss_name_t name1, + gss_name_t name2, + int *name_equal) +{ + LOG(gssi_compare_name); + return gss_compare_name(minor_status, + name1, + name2, + name_equal); +} + +OM_uint32 gssi_inquire_name(OM_uint32 *minor_status, + gss_name_t name, + int *name_is_NM, + gss_OID *NM_mech, + gss_buffer_set_t *attrs) +{ + LOG(gssi_inquire_name); + return gss_inquire_name(minor_status, + name, + name_is_NM, + NM_mech, + attrs); +} + +OM_uint32 gssi_get_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr, + int *authenticated, + int *complete, + gss_buffer_t value, + gss_buffer_t display_value, + int *more) +{ + LOG(gssi_get_name_attribute); + return gss_get_name_attribute(minor_status, + input_name, + attr, + authenticated, + complete, + value, + display_value, + more); +} + +OM_uint32 gssi_set_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + int complete, + gss_buffer_t attr, + gss_buffer_t value) +{ + LOG(gssi_set_name_attribute); + return gss_set_name_attribute(minor_status, + input_name, + complete, + attr, + value); +} + +OM_uint32 gssi_delete_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr) +{ + LOG(gssi_delete_name_attribute); + return gss_delete_name_attribute(minor_status, + input_name, + attr); +} + +OM_uint32 gssi_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set) +{ + LOG(gssi_indicate_mechs); + return gss_indicate_mechs(minor_status, mech_set); +} + +OM_uint32 gssi_inquire_names_for_mech(OM_uint32 *minor_status, + gss_OID mech_type, + gss_OID_set *mech_names) +{ + LOG(gssi_inquire_names_for_mech); + return gss_inquire_names_for_mech(minor_status, + mech_type, + mech_names); +} + +OM_uint32 gssi_inquire_attrs_for_mech(OM_uint32 *minor_status, + gss_OID mech, + gss_OID_set *mech_attrs, + gss_OID_set *known_mech_attrs) +{ + LOG(gssi_inquire_attrs_for_mech); + return gss_inquire_attrs_for_mech(minor_status, + mech, + mech_attrs, + known_mech_attrs); +} + +OM_uint32 gssi_inquire_saslname_for_mech(OM_uint32 *minor_status, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description) +{ + LOG(gssi_inquire_saslname_for_mech); + return gss_inquire_saslname_for_mech(minor_status, + desired_mech, + sasl_mech_name, + mech_name, + mech_description); +} + +OM_uint32 gssi_inquire_mech_for_saslname(OM_uint32 *minor_status, + const gss_buffer_t sasl_mech_name, + gss_OID *mech_type) +{ + LOG(gssi_inquire_mech_for_saslname); + return gss_inquire_mech_for_saslname(minor_status, + sasl_mech_name, + mech_type); +} + +OM_uint32 gssi_wrap(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + LOG(gssi_wrap); + return gss_wrap(minor_status, + context_handle, + conf_req_flag, + qop_req, + input_message_buffer, + conf_state, + output_message_buffer); +} + +OM_uint32 gssi_wrap_size_limit(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size) +{ + LOG(gssi_wrap_size_limit); + return gss_wrap_size_limit(minor_status, + context_handle, + conf_req_flag, + qop_req, + req_output_size, + max_input_size); +} + +OM_uint32 gssi_wrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + LOG(gssi_wrap_iov); + return gss_wrap_iov(minor_status, + context_handle, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count); +} + +OM_uint32 gssi_wrap_iov_length(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + LOG(gssi_wrap_iov_length); + return gss_wrap_iov_length(minor_status, + context_handle, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count); +} + +OM_uint32 gssi_wrap_aead(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + LOG(gssi_wrap_aead); + return gss_wrap_aead(minor_status, + context_handle, + conf_req_flag, + qop_req, + input_assoc_buffer, + input_payload_buffer, + conf_state, + output_message_buffer); +} + +OM_uint32 gssi_unwrap(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + LOG(gssi_unwrap); + return gss_unwrap(minor_status, + context_handle, + input_message_buffer, + output_message_buffer, + conf_state, + qop_state); +} + +OM_uint32 gssi_unwrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + LOG(gssi_unwrap_iov); + return gss_unwrap_iov(minor_status, + context_handle, + conf_state, + qop_state, + iov, + iov_count); +} + +OM_uint32 gssi_unwrap_aead(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + LOG(gssi_unwrap_aead); + return gss_unwrap_aead(minor_status, + context_handle, + input_message_buffer, + input_assoc_buffer, + output_payload_buffer, + conf_state, + qop_state); +} + +OM_uint32 gssi_get_mic(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_qop_t qop_req, + gss_buffer_t message_buffer, + gss_buffer_t message_token) +{ + LOG(gssi_get_mic); + return gss_get_mic(minor_status, + context_handle, + qop_req, + message_buffer, + message_token); +} + +OM_uint32 gssi_verify_mic(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t message_buffer, + gss_buffer_t message_token, + gss_qop_t *qop_state) +{ + LOG(gssi_verify_mic); + return gss_verify_mic(minor_status, + context_handle, + message_buffer, + message_token, + qop_state); +} diff --git a/src/plugins/gssapi/interposer/reenter_gssi.h b/src/plugins/gssapi/interposer/reenter_gssi.h new file mode 100644 index 0000000000..1870a2df73 --- /dev/null +++ b/src/plugins/gssapi/interposer/reenter_gssi.h @@ -0,0 +1,344 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Red Hat, Inc., nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _REENTER_GSSI_H_ +#define _REENTER_GSSI_H_ + +OM_uint32 gssi_acquire_cred(OM_uint32 *minor_status, + const gss_name_t desired_name, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec); + +OM_uint32 gssi_add_cred(OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + const gss_name_t desired_name, + const gss_OID desired_mech, + gss_cred_usage_t cred_usage, + OM_uint32 initiator_time_req, + OM_uint32 acceptor_time_req, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *initiator_time_rec, + OM_uint32 *acceptor_time_rec); + +OM_uint32 gssi_acquire_cred_with_password(OM_uint32 *minor_status, + const gss_name_t desired_name, + const gss_buffer_t password, + OM_uint32 time_req, + const gss_OID_set desired_mechs, + gss_cred_usage_t cred_usage, + gss_cred_id_t *output_cred_handle, + gss_OID_set *actual_mechs, + OM_uint32 *time_rec); + +OM_uint32 gssi_inquire_cred(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_name_t *name, + OM_uint32 *lifetime, + gss_cred_usage_t *cred_usage, + gss_OID_set *mechanisms); + +OM_uint32 gssi_inquire_cred_by_mech(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + gss_OID mech_type, + gss_name_t *name, + OM_uint32 *initiator_lifetime, + OM_uint32 *acceptor_lifetime, + gss_cred_usage_t *cred_usage); + +OM_uint32 gssi_inquire_cred_by_oid(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); + +OM_uint32 gssi_set_cred_option(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle, + const gss_OID desired_object, + const gss_buffer_t value); + +OM_uint32 gssi_store_cred(OM_uint32 *minor_status, + const gss_cred_id_t input_cred_handle, + gss_cred_usage_t input_usage, + const gss_OID desired_mech, + OM_uint32 overwrite_cred, + OM_uint32 default_cred, + gss_OID_set *elements_stored, + gss_cred_usage_t *cred_usage_stored); + +OM_uint32 gssi_release_cred(OM_uint32 *minor_status, + gss_cred_id_t *cred_handle); + +OM_uint32 gssi_export_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t interprocess_token); + +OM_uint32 gssi_import_sec_context(OM_uint32 *minor_status, + gss_buffer_t interprocess_token, + gss_ctx_id_t *context_handle); + +OM_uint32 gssi_process_context_token(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t token_buffer); + +OM_uint32 gssi_context_time(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + OM_uint32 *time_rec); + +OM_uint32 gssi_inquire_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_name_t *src_name, + gss_name_t *targ_name, + OM_uint32 *lifetime_rec, + gss_OID *mech_type, + OM_uint32 *ctx_flags, + int *locally_initiated, + int *open); + +OM_uint32 gssi_inquire_sec_context_by_oid(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); + +OM_uint32 gssi_set_sec_context_option(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value); + +OM_uint32 gssi_pseudo_random(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int prf_key, + const gss_buffer_t prf_in, + ssize_t desired_output_len, + gss_buffer_t prf_out); + +OM_uint32 gssi_delete_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_buffer_t output_token); + +OM_uint32 gssi_accept_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_cred_id_t acceptor_cred_handle, + gss_buffer_t input_token_buffer, + gss_channel_bindings_t input_chan_bindings, + gss_name_t *src_name, + gss_OID *mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec, + gss_cred_id_t *delegated_cred_handle); + +OM_uint32 gssi_init_sec_context(OM_uint32 *minor_status, + gss_cred_id_t claimant_cred_handle, + gss_ctx_id_t *context_handle, + gss_name_t target_name, + gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + gss_channel_bindings_t input_cb, + gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec); + +OM_uint32 gssi_display_status(OM_uint32 *minor_status, + OM_uint32 status_value, + int status_type, + const gss_OID mech_type, + OM_uint32 *message_context, + gss_buffer_t status_string); + +OM_uint32 gssi_display_name(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID *output_name_type); + +OM_uint32 gssi_display_name_ext(OM_uint32 *minor_status, + gss_name_t name, + gss_OID display_as_name_type, + gss_buffer_t display_name); + +OM_uint32 gssi_import_name(OM_uint32 *minor_status, + gss_buffer_t input_name_buffer, + gss_OID input_name_type, + gss_name_t *output_name); + +OM_uint32 gssi_import_name_by_mech(OM_uint32 *minor_status, + gss_OID mech_type, + gss_buffer_t input_name_buffer, + gss_OID input_name_type, + gss_name_t *output_name); + +OM_uint32 gssi_release_name(OM_uint32 *minor_status, + gss_name_t *input_name); + +OM_uint32 gssi_export_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t exported_name); + +OM_uint32 gssi_export_name_composite(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t exported_composite_name); + +OM_uint32 gssi_duplicate_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_name_t *dest_name); + +OM_uint32 gssi_compare_name(OM_uint32 *minor_status, + gss_name_t name1, + gss_name_t name2, + int *name_equal); + +OM_uint32 gssi_inquire_name(OM_uint32 *minor_status, + gss_name_t name, + int *name_is_NM, + gss_OID *NM_mech, + gss_buffer_set_t *attrs); + +OM_uint32 gssi_get_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr, + int *authenticated, + int *complete, + gss_buffer_t value, + gss_buffer_t display_value, + int *more); + +OM_uint32 gssi_set_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + int complete, + gss_buffer_t attr, + gss_buffer_t value); + +OM_uint32 gssi_delete_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr); + +OM_uint32 gssi_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set); + +OM_uint32 gssi_inquire_names_for_mech(OM_uint32 *minor_status, + gss_OID mech_type, + gss_OID_set *mech_names); + +OM_uint32 gssi_inquire_attrs_for_mech(OM_uint32 *minor_status, + gss_OID mech, + gss_OID_set *mech_attrs, + gss_OID_set *known_mech_attrs); + +OM_uint32 gssi_inquire_saslname_for_mech(OM_uint32 *minor_status, + const gss_OID desired_mech, + gss_buffer_t sasl_mech_name, + gss_buffer_t mech_name, + gss_buffer_t mech_description); + +OM_uint32 gssi_inquire_mech_for_saslname(OM_uint32 *minor_status, + const gss_buffer_t sasl_mech_name, + gss_OID *mech_type); + +OM_uint32 gssi_wrap(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer); + +OM_uint32 gssi_wrap_size_limit(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size); + +OM_uint32 gssi_wrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count); + +OM_uint32 gssi_wrap_iov_length(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count); + +OM_uint32 gssi_wrap_aead(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer); + +OM_uint32 gssi_unwrap(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t output_message_buffer, + int *conf_state, + gss_qop_t *qop_state); + +OM_uint32 gssi_unwrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count); + +OM_uint32 gssi_unwrap_aead(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state); + +OM_uint32 gssi_get_mic(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_qop_t qop_req, + gss_buffer_t message_buffer, + gss_buffer_t message_token); + +OM_uint32 gssi_verify_mic(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t message_buffer, + gss_buffer_t message_token, + gss_qop_t *qop_state); + +#endif /* _REENTER_GSSI_H_ */ diff --git a/src/plugins/gssapi/interposer/reenter_main.c b/src/plugins/gssapi/interposer/reenter_main.c new file mode 100644 index 0000000000..f7deed0a44 --- /dev/null +++ b/src/plugins/gssapi/interposer/reenter_main.c @@ -0,0 +1,126 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + * Copyright (C) 2013 Red Hat, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Red Hat, Inc., nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "autoconf.h" +#include <stdio.h> +#include <stdint.h> +#include <stdbool.h> +#include <errno.h> +#include <stdlib.h> +#include <string.h> +#include <gssapi/gssapi.h> +#include <gssapi/gssapi_ext.h> + +#include "reenter.h" + +#define no_const(ptr) ((void *)((uintptr_t)(ptr))) + +/* 2.16.840.1.113730.3.8.15.1 */ +const gss_OID_desc gssproxy_mech_interposer = { + .length = 11, + .elements = "\140\206\110\001\206\370\102\003\010\017\001" +}; + +#define KRB5_OID_LEN 9 +#define KRB5_OID "\052\206\110\206\367\022\001\002\002" + +#define KRB5_OLD_OID_LEN 5 +#define KRB5_OLD_OID "\053\005\001\005\002" + +/* Incorrect krb5 mech OID emitted by MS. */ +#define KRB5_WRONG_OID_LEN 9 +#define KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002" + +#define IAKERB_OID_LEN 6 +#define IAKERB_OID "\053\006\001\005\002\005" + +const gss_OID_desc gpoid_krb5 = { + .length = KRB5_OID_LEN, + .elements = KRB5_OID +}; +const gss_OID_desc gpoid_krb5_old = { + .length = KRB5_OLD_OID_LEN, + .elements = KRB5_OLD_OID +}; +const gss_OID_desc gpoid_krb5_wrong = { + .length = KRB5_WRONG_OID_LEN, + .elements = KRB5_WRONG_OID +}; +const gss_OID_desc gpoid_iakerb = { + .length = IAKERB_OID_LEN, + .elements = IAKERB_OID +}; + + +gss_OID_set gss_mech_interposer(gss_OID mech_type) +{ + gss_OID_set interposed_mechs; + OM_uint32 maj, min; + + LOG(gss_mech_interposer); + + interposed_mechs = NULL; + maj = 0; + if (gss_oid_equal(&gssproxy_mech_interposer, mech_type)) { + maj = gss_create_empty_oid_set(&min, &interposed_mechs); + if (maj != 0) { + return NULL; + } + maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5), + &interposed_mechs); + if (maj != 0) { + goto done; + } + maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_old), + &interposed_mechs); + if (maj != 0) { + goto done; + } + maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_wrong), + &interposed_mechs); + if (maj != 0) { + goto done; + } + maj = gss_add_oid_set_member(&min, no_const(&gpoid_iakerb), + &interposed_mechs); + if (maj != 0) { + goto done; + } + } + +done: + if (maj != 0) { + (void)gss_release_oid_set(&min, &interposed_mechs); + interposed_mechs = NULL; + } + + return interposed_mechs; +} |