Add initialization code

For now return fixed list of mechanisms. Later on we can try to fetch this list from the proxy. Also split RPC client code from actual plugin
author: Simo Sorce <simo@redhat.com> 2012-05-17 00:43:55 -0400
committer: Simo Sorce <simo@redhat.com> 2012-10-25 15:48:12 -0400
commit: c9fb982ac154433f8ca48fcd1ea2527e09f8ad42 (patch)
tree: 9b82d6f25d7a072c70320926f7cad4d83d03cd6e
parent: f0102ece0a0dd6545d0547af55c6ee79f77c79dd (diff)
download: gss-proxy-c9fb982ac154433f8ca48fcd1ea2527e09f8ad42.tar.gz
gss-proxy-c9fb982ac154433f8ca48fcd1ea2527e09f8ad42.tar.xz
gss-proxy-c9fb982ac154433f8ca48fcd1ea2527e09f8ad42.zip
3 files changed, 146 insertions, 2 deletions
diff --git a/proxy/Makefile.am b/proxy/Makefile.am
index 11e780e..4274cef 100644
--- a/proxy/Makefile.am
+++ b/proxy/Makefile.am
@@ -85,7 +85,7 @@ if BUILD_SELINUX
 endif
 
 GP_RPCGEN_OBJ = rpcgen/gp_rpc_xdr.c rpcgen/gss_proxy_xdr.c
-GP_MECHGLUE_OBJ = \
+GP_RPCCLI_OBJ = \
     src/client/gpm_display_status.c \
     src/client/gpm_accept_sec_context.c \
     src/client/gpm_release_handle.c \
@@ -100,6 +100,8 @@ GP_MECHGLUE_OBJ = \
     src/client/gpm_unwrap.c \
     src/client/gpm_wrap_size_limit.c \
     src/client/gpm_common.c
+GP_MECHGLUE_OBJ = \
+    src/mechglue/gss_plugin.c
 
 dist_noinst_HEADERS = \
     rpcgen/gp_rpc.h \
@@ -149,6 +151,7 @@ gssproxy_SOURCES = \
 proxymech_la_SOURCES = \
     src/gp_conv.c \
     $(GP_RPCGEN_OBJ) \
+    $(GP_RPCCLI_OBJ) \
     $(GP_MECHGLUE_OBJ)
 proxymech_la_CFLAGS = \
     $(AM_FLAGS)
@@ -160,7 +163,7 @@ cli_srv_comm_SOURCES = \
     src/gp_conv.c \
     src/gp_debug.c \
     $(GP_RPCGEN_OBJ) \
-    $(GP_MECHGLUE_OBJ) \
+    $(GP_RPCCLI_OBJ) \
     tests/cli_srv_comm.c
 
 gssproxy_LDADD = \
diff --git a/proxy/src/mechglue/gss_plugin.c b/proxy/src/mechglue/gss_plugin.c
new file mode 100644
index 0000000..bc968c6
--- /dev/null
+++ b/proxy/src/mechglue/gss_plugin.c
@@ -0,0 +1,106 @@
+/*
+   GSS-PROXY
+
+   Copyright (C) 2012 Red Hat, Inc.
+   Copyright (C) 2012 Simo Sorce <simo.sorce@redhat.com>
+
+   Permission is hereby granted, free of charge, to any person obtaining a
+   copy of this software and associated documentation files (the "Software"),
+   to deal in the Software without restriction, including without limitation
+   the rights to use, copy, modify, merge, publish, distribute, sublicense,
+   and/or sell copies of the Software, and to permit persons to whom the
+   Software is furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+   THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+   DEALINGS IN THE SOFTWARE.
+*/
+
+#include "gss_plugin.h"
+#include <gssapi/gssapi_krb5.h>
+
+#define KRB5_OID_LEN 9
+#define KRB5_OID "\052\206\110\206\367\022\001\002\002"
+
+#define KRB5_OLD_OID_LEN 5
+#define KRB5_OLD_OID "\053\005\001\005\002"
+
+/* Incorrect krb5 mech OID emitted by MS. */
+#define KRB5_WRONG_OID_LEN 9
+#define KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002"
+
+#define IAKERB_OID_LEN 6
+#define IAKERB_OID "\053\006\001\005\002\005"
+
+const gss_OID_desc gpoid_krb5 = {
+    .length = KRB5_OID_LEN,
+    .elements = KRB5_OID
+};
+const gss_OID_desc gpoid_krb5_old = {
+    .length = KRB5_OLD_OID_LEN,
+    .elements = KRB5_OLD_OID
+};
+const gss_OID_desc gpoid_krb5_wrong = {
+    .length = KRB5_WRONG_OID_LEN,
+    .elements = KRB5_WRONG_OID
+};
+const gss_OID_desc gpoid_iakerb = {
+    .length = IAKERB_OID_LEN,
+    .elements = IAKERB_OID
+};
+
+/* 2.16.840.1.113730.3.8.15.1 */
+const gss_OID_desc gssproxy_mech_interposer = {
+    .length = 11,
+    .elements = "\140\206\110\001\206\370\102\003\010\017\001"
+};
+
+gss_OID_set gss_mech_interposer(gss_OID mech_type)
+{
+    gss_OID_set interposed_mechs;
+    OM_uint32 maj, min;
+
+    interposed_mechs = NULL;
+    maj = 0;
+    if (gss_oid_equal(&gssproxy_mech_interposer, mech_type)) {
+        maj = gss_create_empty_oid_set(&min, &interposed_mechs);
+        if (maj != 0) {
+            return NULL;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_old),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_wrong),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_iakerb),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+    }
+
+done:
+    if (maj != 0) {
+        (void)gss_release_oid_set(&min, &interposed_mechs);
+        interposed_mechs = NULL;
+    }
+
+    return interposed_mechs;
+}
diff --git a/proxy/src/mechglue/gss_plugin.h b/proxy/src/mechglue/gss_plugin.h
new file mode 100644
index 0000000..2b24e74
--- /dev/null
+++ b/proxy/src/mechglue/gss_plugin.h
@@ -0,0 +1,35 @@
+/*
+   GSS-PROXY
+
+   Copyright (C) 2012 Red Hat, Inc.
+   Copyright (C) 2012 Simo Sorce <simo.sorce@redhat.com>
+
+   Permission is hereby granted, free of charge, to any person obtaining a
+   copy of this software and associated documentation files (the "Software"),
+   to deal in the Software without restriction, including without limitation
+   the rights to use, copy, modify, merge, publish, distribute, sublicense,
+   and/or sell copies of the Software, and to permit persons to whom the
+   Software is furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+   THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+   DEALINGS IN THE SOFTWARE.
+*/
+
+#ifndef _GSS_PLUGIN_H_
+#define _GSS_PLUGIN_H_
+
+#include "src/client/gssapi_gpm.h"
+
+extern const gss_OID_desc gssproxy_mech_interposer;
+
+gss_OID_set gss_mech_interposer(gss_OID mech_type);
+
+#endif /* _GSS_PLUGIN_H_ */
author	Simo Sorce <simo@redhat.com>	2012-05-17 00:43:55 -0400
committer	Simo Sorce <simo@redhat.com>	2012-10-25 15:48:12 -0400
commit	c9fb982ac154433f8ca48fcd1ea2527e09f8ad42 (patch)
tree	9b82d6f25d7a072c70320926f7cad4d83d03cd6e
parent	f0102ece0a0dd6545d0547af55c6ee79f77c79dd (diff)
download	gss-proxy-c9fb982ac154433f8ca48fcd1ea2527e09f8ad42.tar.gz gss-proxy-c9fb982ac154433f8ca48fcd1ea2527e09f8ad42.tar.xz gss-proxy-c9fb982ac154433f8ca48fcd1ea2527e09f8ad42.zip