2 files changed, 141 insertions, 0 deletions

diff --git a/proxy/src/mechglue/gss_plugin.c b/proxy/src/mechglue/gss_plugin.c
new file mode 100644
index 0000000..bc968c6
--- /dev/null
+++ b/proxy/src/mechglue/gss_plugin.c
@@ -0,0 +1,106 @@
+/*
+   GSS-PROXY
+
+   Copyright (C) 2012 Red Hat, Inc.
+   Copyright (C) 2012 Simo Sorce <simo.sorce@redhat.com>
+
+   Permission is hereby granted, free of charge, to any person obtaining a
+   copy of this software and associated documentation files (the "Software"),
+   to deal in the Software without restriction, including without limitation
+   the rights to use, copy, modify, merge, publish, distribute, sublicense,
+   and/or sell copies of the Software, and to permit persons to whom the
+   Software is furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+   THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+   DEALINGS IN THE SOFTWARE.
+*/
+
+#include "gss_plugin.h"
+#include <gssapi/gssapi_krb5.h>
+
+#define KRB5_OID_LEN 9
+#define KRB5_OID "\052\206\110\206\367\022\001\002\002"
+
+#define KRB5_OLD_OID_LEN 5
+#define KRB5_OLD_OID "\053\005\001\005\002"
+
+/* Incorrect krb5 mech OID emitted by MS. */
+#define KRB5_WRONG_OID_LEN 9
+#define KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002"
+
+#define IAKERB_OID_LEN 6
+#define IAKERB_OID "\053\006\001\005\002\005"
+
+const gss_OID_desc gpoid_krb5 = {
+    .length = KRB5_OID_LEN,
+    .elements = KRB5_OID
+};
+const gss_OID_desc gpoid_krb5_old = {
+    .length = KRB5_OLD_OID_LEN,
+    .elements = KRB5_OLD_OID
+};
+const gss_OID_desc gpoid_krb5_wrong = {
+    .length = KRB5_WRONG_OID_LEN,
+    .elements = KRB5_WRONG_OID
+};
+const gss_OID_desc gpoid_iakerb = {
+    .length = IAKERB_OID_LEN,
+    .elements = IAKERB_OID
+};
+
+/* 2.16.840.1.113730.3.8.15.1 */
+const gss_OID_desc gssproxy_mech_interposer = {
+    .length = 11,
+    .elements = "\140\206\110\001\206\370\102\003\010\017\001"
+};
+
+gss_OID_set gss_mech_interposer(gss_OID mech_type)
+{
+    gss_OID_set interposed_mechs;
+    OM_uint32 maj, min;
+
+    interposed_mechs = NULL;
+    maj = 0;
+    if (gss_oid_equal(&gssproxy_mech_interposer, mech_type)) {
+        maj = gss_create_empty_oid_set(&min, &interposed_mechs);
+        if (maj != 0) {
+            return NULL;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_old),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_krb5_wrong),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+        maj = gss_add_oid_set_member(&min, no_const(&gpoid_iakerb),
+                                     &interposed_mechs);
+        if (maj != 0) {
+            goto done;
+        }
+    }
+
+done:
+    if (maj != 0) {
+        (void)gss_release_oid_set(&min, &interposed_mechs);
+        interposed_mechs = NULL;
+    }
+
+    return interposed_mechs;
+}
diff --git a/proxy/src/mechglue/gss_plugin.h b/proxy/src/mechglue/gss_plugin.h
new file mode 100644
index 0000000..2b24e74
--- /dev/null
+++ b/proxy/src/mechglue/gss_plugin.h
@@ -0,0 +1,35 @@
+/*
+   GSS-PROXY
+
+   Copyright (C) 2012 Red Hat, Inc.
+   Copyright (C) 2012 Simo Sorce <simo.sorce@redhat.com>
+
+   Permission is hereby granted, free of charge, to any person obtaining a
+   copy of this software and associated documentation files (the "Software"),
+   to deal in the Software without restriction, including without limitation
+   the rights to use, copy, modify, merge, publish, distribute, sublicense,
+   and/or sell copies of the Software, and to permit persons to whom the
+   Software is furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+   THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+   DEALINGS IN THE SOFTWARE.
+*/
+
+#ifndef _GSS_PLUGIN_H_
+#define _GSS_PLUGIN_H_
+
+#include "src/client/gssapi_gpm.h"
+
+extern const gss_OID_desc gssproxy_mech_interposer;
+
+gss_OID_set gss_mech_interposer(gss_OID mech_type);
+
+#endif /* _GSS_PLUGIN_H_ */