From ded9c21126533353e0917f7608af7230efa94801 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 31 May 2012 19:01:28 -0400 Subject: Implement name related mechglue wrappers --- proxy/Makefile.am | 1 + proxy/src/mechglue/gpp_import_and_canon_name.c | 393 +++++++++++++++++++++++++ proxy/src/mechglue/gss_plugin.h | 63 ++++ 3 files changed, 457 insertions(+) create mode 100644 proxy/src/mechglue/gpp_import_and_canon_name.c (limited to 'proxy') diff --git a/proxy/Makefile.am b/proxy/Makefile.am index 89e6f0b..bd6a5a3 100644 --- a/proxy/Makefile.am +++ b/proxy/Makefile.am @@ -107,6 +107,7 @@ GP_MECHGLUE_OBJ = \ src/mechglue/gpp_context.c \ src/mechglue/gpp_init_sec_context.c \ src/mechglue/gpp_display_status.c \ + src/mechglue/gpp_import_and_canon_name.c \ src/mechglue/gss_plugin.c dist_noinst_HEADERS = \ diff --git a/proxy/src/mechglue/gpp_import_and_canon_name.c b/proxy/src/mechglue/gpp_import_and_canon_name.c new file mode 100644 index 0000000..3745d74 --- /dev/null +++ b/proxy/src/mechglue/gpp_import_and_canon_name.c @@ -0,0 +1,393 @@ +/* + GSS-PROXY + + Copyright (C) 2012 Red Hat, Inc. + Copyright (C) 2012 Simo Sorce + + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the "Software"), + to deal in the Software without restriction, including without limitation + the rights to use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to whom the + Software is furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. +*/ + +#include "gss_plugin.h" + +OM_uint32 gssi_display_name(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID *output_name_type) +{ + struct gpp_name_handle *name; + OM_uint32 maj, min = 0; + + name = (struct gpp_name_handle *)input_name; + if (!name->local && !name->remote) { + return GSS_S_BAD_NAME; + } + + if (name->local) { + maj = gss_display_name(&min, + name->local, + output_name_buffer, + output_name_type); + } else { + maj = gpm_display_name(&min, + name->remote, + output_name_buffer, + output_name_type); + } + + *minor_status = gpp_map_error(min); + return maj; +} + +OM_uint32 gssi_display_name_ext(OM_uint32 *minor_status, + gss_name_t input_name, + gss_OID display_as_name_type, + gss_buffer_t display_name) +{ + struct gpp_name_handle *name; + OM_uint32 maj, min = 0; + + name = (struct gpp_name_handle *)input_name; + if (!name->local && !name->remote) { + return GSS_S_BAD_NAME; + } + + if (name->local) { + maj = gss_display_name_ext(&min, name->local, + display_as_name_type, + display_name); + } else { + /* FIXME: Implement remote function ? + * Or export/import via local mechanism ? */ + maj = GSS_S_UNAVAILABLE; + } + + *minor_status = gpp_map_error(min); + return maj; +} + +OM_uint32 gssi_import_name(OM_uint32 *minor_status, + gss_buffer_t input_name_buffer, + gss_OID input_name_type, + gss_name_t *output_name) +{ + return GSS_S_UNAVAILABLE; +} + +OM_uint32 gssi_import_name_by_mech(OM_uint32 *minor_status, + gss_OID mech_type, + gss_buffer_t input_name_buffer, + gss_OID input_name_type, + gss_name_t *output_name) +{ + struct gpp_name_handle *name; + OM_uint32 maj, min = 0; + + if (mech_type == GSS_C_NO_OID) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + name = calloc(1, sizeof(struct gpp_name_handle)); + if (!name) { + *minor_status = gpp_map_error(ENOMEM); + return GSS_S_FAILURE; + } + + maj = gpp_copy_oid(&min, mech_type, &name->mech_type); + if (maj != GSS_S_COMPLETE) { + goto done; + } + + /* by default import as local name, will convert to remote if necessary */ + maj = gss_import_name(&min, + input_name_buffer, + input_name_type, + &name->local); + if (maj != GSS_S_COMPLETE) { + goto done; + } + + maj = gss_canonicalize_name(&min, name->local, + gpp_special_mech(name->mech_type), NULL); + +done: + *minor_status = gpp_map_error(min); + if (maj != GSS_S_COMPLETE) { + (void)gss_release_oid(&min, &name->mech_type); + (void)gss_release_name(&min, &name->local); + free(name); + } else { + *output_name = (gss_name_t)name; + } + return maj; +} + +OM_uint32 gssi_export_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t exported_name) +{ + struct gpp_name_handle *name; + OM_uint32 maj, min = 0; + + name = (struct gpp_name_handle *)input_name; + if (!name->local && !name->remote) { + return GSS_S_BAD_NAME; + } + + if (name->local) { + maj = gss_export_name(&min, name->local, exported_name); + } else { + maj = gpm_export_name(&min, name->remote, exported_name); + } + + *minor_status = gpp_map_error(min); + return maj; +} + +OM_uint32 gssi_duplicate_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_name_t *dest_name) +{ + struct gpp_name_handle *in_name; + struct gpp_name_handle *out_name; + OM_uint32 maj, min = 0; + + in_name = (struct gpp_name_handle *)input_name; + if (!in_name->local && !in_name->remote) { + return GSS_S_BAD_NAME; + } + + out_name = calloc(1, sizeof(struct gpp_name_handle)); + if (!out_name) { + *minor_status = gpp_map_error(ENOMEM); + return GSS_S_FAILURE; + } + + if (in_name->mech_type) { + maj = gpp_copy_oid(&min, in_name->mech_type, &out_name->mech_type); + if (maj != GSS_S_COMPLETE) { + goto done; + } + } + + if (in_name->local) { + maj = gss_duplicate_name(&min, + in_name->local, + &out_name->local); + } else { + maj = gpm_duplicate_name(&min, + in_name->remote, + &out_name->remote); + } + +done: + *minor_status = gpp_map_error(min); + if (maj != GSS_S_COMPLETE) { + (void)gss_release_oid(&min, &out_name->mech_type); + free(out_name); + } else { + *dest_name = (gss_name_t)out_name; + } + return maj; +} + +OM_uint32 gssi_inquire_name(OM_uint32 *minor_status, + gss_name_t input_name, + int *name_is_NM, + gss_OID *NM_mech, + gss_buffer_set_t *attrs) +{ + struct gpp_name_handle *name; + OM_uint32 maj, min = 0; + + name = (struct gpp_name_handle *)input_name; + if (!name->local && !name->remote) { + return GSS_S_BAD_NAME; + } + + if (name->local) { + maj = gss_inquire_name(&min, + name->local, + name_is_NM, + NM_mech, + attrs); + } else { + maj = gpm_inquire_name(&min, + name->remote, + name_is_NM, + NM_mech, + attrs); + } + + *minor_status = gpp_map_error(min); + return maj; +} + +OM_uint32 gssi_release_name(OM_uint32 *minor_status, + gss_name_t *input_name) +{ + struct gpp_name_handle *name; + OM_uint32 maj, min = 0; + + name = (struct gpp_name_handle *)*input_name; + if (!name->local && !name->remote) { + return GSS_S_BAD_NAME; + } + + if (name->local) { + maj = gss_release_name(&min, &name->local); + } else { + maj = gpm_release_name(&min, &name->remote); + } + + free(name); + *input_name = GSS_C_NO_NAME; + + *minor_status = gpp_map_error(min); + return maj; +} + +OM_uint32 gssi_compare_name(OM_uint32 *minor_status, + gss_name_t name1, + gss_name_t name2, + int *name_equal) +{ + struct gpp_name_handle *gpname1; + struct gpp_name_handle *gpname2; + OM_uint32 maj, min = 0; + + gpname1 = (struct gpp_name_handle *)name1; + gpname2 = (struct gpp_name_handle *)name2; + + if (gpname1->local || gpname2->local) { + if (!gpname1->local) { + if (!gpname1->remote){ + return GSS_S_CALL_INACCESSIBLE_READ; + } + maj = gpp_name_to_local(&min, gpname1->remote, + gpname1->mech_type, &gpname1->local); + if (maj != GSS_S_COMPLETE) { + goto done; + } + } + if (!gpname2->local) { + if (!gpname2->remote){ + return GSS_S_CALL_INACCESSIBLE_READ; + } + maj = gpp_name_to_local(&min, gpname2->remote, + gpname2->mech_type, &gpname2->local); + if (maj != GSS_S_COMPLETE) { + goto done; + } + } + + maj = gss_compare_name(&min, + gpname1->local, gpname2->local, name_equal); + goto done; + } + + if (!gpname1->remote && !gpname2->remote) { + return GSS_S_CALL_INACCESSIBLE_READ; + } + + maj = gpm_compare_name(&min, gpname1->remote, gpname2->remote, name_equal); + +done: + *minor_status = gpp_map_error(min); + return maj; + +} + +OM_uint32 gssi_get_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr, + int *authenticated, + int *complete, + gss_buffer_t value, + gss_buffer_t display_value, + int *more) +{ + struct gpp_name_handle *name; + OM_uint32 maj, min = 0; + + name = (struct gpp_name_handle *)input_name; + if (!name->local && !name->remote) { + return GSS_S_BAD_NAME; + } + + if (name->local) { + maj = gss_get_name_attribute(&min, name->local, attr, + authenticated, complete, + value, display_value, more); + } else { + /* FIXME: Implement retrieving remote attributes! */ + maj = GSS_S_UNAVAILABLE; + } + + *minor_status = gpp_map_error(min); + return maj; +} + +OM_uint32 gssi_set_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + int complete, + gss_buffer_t attr, + gss_buffer_t value) +{ + struct gpp_name_handle *name; + OM_uint32 maj, min = 0; + + name = (struct gpp_name_handle *)input_name; + if (!name->local && !name->remote) { + return GSS_S_BAD_NAME; + } + + if (name->local) { + maj = gss_set_name_attribute(&min, name->local, + complete, attr, value); + } else { + /* FIXME: Implement retrieving remote attributes! */ + maj = GSS_S_UNAVAILABLE; + } + + *minor_status = gpp_map_error(min); + return maj; +} + +OM_uint32 gssi_delete_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr) +{ + struct gpp_name_handle *name; + OM_uint32 maj, min = 0; + + name = (struct gpp_name_handle *)input_name; + if (!name->local && !name->remote) { + return GSS_S_BAD_NAME; + } + + if (name->local) { + maj = gss_delete_name_attribute(&min, name->local, attr); + } else { + /* FIXME: Implement retrieving remote attributes! */ + maj = GSS_S_UNAVAILABLE; + } + + *minor_status = gpp_map_error(min); + return maj; +} diff --git a/proxy/src/mechglue/gss_plugin.h b/proxy/src/mechglue/gss_plugin.h index ccfe045..b440dd0 100644 --- a/proxy/src/mechglue/gss_plugin.h +++ b/proxy/src/mechglue/gss_plugin.h @@ -39,6 +39,7 @@ struct gpp_context_handle { }; struct gpp_name_handle { + gss_OID mech_type; gssx_name *remote; gss_name_t local; }; @@ -227,4 +228,66 @@ OM_uint32 gssi_display_status(OM_uint32 *minor_status, OM_uint32 *message_context, gss_buffer_t status_string); +OM_uint32 gssi_display_name(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t output_name_buffer, + gss_OID *output_name_type); + +OM_uint32 gssi_display_name_ext(OM_uint32 *minor_status, + gss_name_t name, + gss_OID display_as_name_type, + gss_buffer_t display_name); + +OM_uint32 gssi_import_name(OM_uint32 *minor_status, + gss_buffer_t input_name_buffer, + gss_OID input_name_type, + gss_name_t *output_name); + +OM_uint32 gssi_import_name_by_mech(OM_uint32 *minor_status, + gss_OID mech_type, + gss_buffer_t input_name_buffer, + gss_OID input_name_type, + gss_name_t *output_name); + +OM_uint32 gssi_release_name(OM_uint32 *minor_status, + gss_name_t *input_name); + +OM_uint32 gssi_export_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_buffer_t exported_name); + +OM_uint32 gssi_duplicate_name(OM_uint32 *minor_status, + const gss_name_t input_name, + gss_name_t *dest_name); + +OM_uint32 gssi_compare_name(OM_uint32 *minor_status, + gss_name_t name1, + gss_name_t name2, + int *name_equal); + +OM_uint32 gssi_inquire_name(OM_uint32 *minor_status, + gss_name_t name, + int *name_is_NM, + gss_OID *NM_mech, + gss_buffer_set_t *attrs); + +OM_uint32 gssi_get_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr, + int *authenticated, + int *complete, + gss_buffer_t value, + gss_buffer_t display_value, + int *more); + +OM_uint32 gssi_set_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + int complete, + gss_buffer_t attr, + gss_buffer_t value); + +OM_uint32 gssi_delete_name_attribute(OM_uint32 *minor_status, + gss_name_t input_name, + gss_buffer_t attr); + #endif /* _GSS_PLUGIN_H_ */ -- cgit