summaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorTheodore Tso <tytso@mit.edu>1996-01-23 05:13:24 +0000
committerTheodore Tso <tytso@mit.edu>1996-01-23 05:13:24 +0000
commitb062151a3f6c960c508914c1063c6aa6f9285ed3 (patch)
treebe8589d3d5a75c3f52dfdd8b72a8be8cd1ff402d /src/lib
parent7d4c6ddd0f04aa17a819961efc0d14df1ae9d2a0 (diff)
New files for Sun's multi-mechanism GSSAPI
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7361 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/gssapi/krb5/get_mechanism.c339
-rw-r--r--src/lib/gssapi/krb5/pname_to_uid.c88
2 files changed, 427 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/get_mechanism.c b/src/lib/gssapi/krb5/get_mechanism.c
new file mode 100644
index 000000000..92ee00093
--- /dev/null
+++ b/src/lib/gssapi/krb5/get_mechanism.c
@@ -0,0 +1,339 @@
+/*
+ * Copyright (c) 1995, by Sun Microsystems, Inc.
+ * All rights reserved.
+ */
+
+/* XXX: I know where to find this header, but it really is using a
+ * private interface. I dont want to export the gss_mechanism
+ * structure, so I hide it in a non-published header. Thats ok,
+ * we know where to find it.
+ */
+#include "../mechglue/mglueP.h"
+
+/*
+ * These are the extern declarations, one group per mechanism. They are
+ * contained in the files named <mech>_gssd_extern_srvr.conf.
+ */
+
+/* ident "@(#)krb5_gssd_extern_srvr.conf 1.10 95/08/01 SMI" */
+
+/** declarations of internal name mechanism functions **/
+
+/* This should somehow be generated by the internal mechanism
+ * routine library... But for now I've hand-copied over from
+ * gssapiP_krb5.h
+ */
+
+/* XXX: Should replace these with #include "gssapiP_krb5.h" , once
+ * the function prototypes are fixed (e.g., need a void*, not a
+ * krb5_context.
+ */
+
+OM_uint32 krb5_gss_acquire_cred
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_name_t, /* desired_name */
+ OM_uint32, /* time_req */
+ gss_OID_set, /* desired_mechs */
+ int, /* cred_usage */
+ gss_cred_id_t*, /* output_cred_handle */
+ gss_OID_set*, /* actual_mechs */
+ OM_uint32* /* time_rec */
+ );
+
+OM_uint32 krb5_gss_release_cred
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_cred_id_t* /* cred_handle */
+ );
+
+OM_uint32 krb5_gss_init_sec_context
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_cred_id_t, /* claimant_cred_handle */
+ gss_ctx_id_t*, /* context_handle */
+ gss_name_t, /* target_name */
+ gss_OID, /* mech_type */
+ int, /* req_flags */
+ OM_uint32, /* time_req */
+ gss_channel_bindings_t,
+ /* input_chan_bindings */
+ gss_buffer_t, /* input_token */
+ gss_OID*, /* actual_mech_type */
+ gss_buffer_t, /* output_token */
+ int*, /* ret_flags */
+ OM_uint32* /* time_rec */
+ );
+
+OM_uint32 krb5_gss_accept_sec_context
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_ctx_id_t*, /* context_handle */
+ gss_cred_id_t, /* verifier_cred_handle */
+ gss_buffer_t, /* input_token_buffer */
+ gss_channel_bindings_t,
+ /* input_chan_bindings */
+ gss_name_t*, /* src_name */
+ gss_OID*, /* mech_type */
+ gss_buffer_t, /* output_token */
+ int*, /* ret_flags */
+ OM_uint32*, /* time_rec */
+ gss_cred_id_t* /* delegated_cred_handle */
+ );
+
+OM_uint32 krb5_gss_process_context_token
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ gss_buffer_t /* token_buffer */
+ );
+
+OM_uint32 krb5_gss_delete_sec_context
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_ctx_id_t*, /* context_handle */
+ gss_buffer_t /* output_token */
+ );
+
+OM_uint32 krb5_gss_context_time
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ OM_uint32* /* time_rec */
+ );
+
+OM_uint32 krb5_gss_sign
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int, /* qop_req */
+ gss_buffer_t, /* message_buffer */
+ gss_buffer_t /* message_token */
+ );
+
+OM_uint32 krb5_gss_verify
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ gss_buffer_t, /* message_buffer */
+ gss_buffer_t, /* token_buffer */
+ int* /* qop_state */
+ );
+
+OM_uint32 krb5_gss_seal
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ int, /* conf_req_flag */
+ int, /* qop_req */
+ gss_buffer_t, /* input_message_buffer */
+ int*, /* conf_state */
+ gss_buffer_t /* output_message_buffer */
+ );
+
+OM_uint32 krb5_gss_unseal
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ gss_buffer_t, /* input_message_buffer */
+ gss_buffer_t, /* output_message_buffer */
+ int*, /* conf_state */
+ int* /* qop_state */
+ );
+
+OM_uint32 krb5_gss_display_status
+ (void *,
+ OM_uint32*, /* minor_status */
+ OM_uint32, /* status_value */
+ int, /* status_type */
+ gss_OID, /* mech_type */
+ int*, /* message_context */
+ gss_buffer_t /* status_string */
+ );
+
+OM_uint32 krb5_gss_indicate_mechs
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_OID_set* /* mech_set */
+ );
+
+OM_uint32 krb5_gss_compare_name
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_name_t, /* name1 */
+ gss_name_t, /* name2 */
+ int* /* name_equal */
+ );
+
+OM_uint32 krb5_gss_display_name
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_name_t, /* input_name */
+ gss_buffer_t, /* output_name_buffer */
+ gss_OID* /* output_name_type */
+ );
+
+OM_uint32 krb5_gss_import_name
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_buffer_t, /* input_name_buffer */
+ gss_OID, /* input_name_type */
+ gss_name_t* /* output_name */
+ );
+
+OM_uint32 krb5_gss_release_name
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_name_t* /* input_name */
+ );
+
+OM_uint32 krb5_gss_inquire_cred
+ (void *,
+ OM_uint32 *, /* minor_status */
+ gss_cred_id_t, /* cred_handle */
+ gss_name_t *, /* name */
+ OM_uint32 *, /* lifetime */
+ int *, /* cred_usage */
+ gss_OID_set * /* mechanisms */
+ );
+
+OM_uint32 krb5_gss_inquire_context
+ (void *,
+ OM_uint32*, /* minor_status */
+ gss_ctx_id_t, /* context_handle */
+ gss_name_t*, /* initiator_name */
+ gss_name_t*, /* acceptor_name */
+ OM_uint32*, /* lifetime_rec */
+ gss_OID*, /* mech_type */
+ int*, /* ret_flags */
+ int* /* locally_initiated */
+ );
+
+OM_uint32 krb5_gss_add_cred
+ (void *,
+ OM_uint32 *, /* minor_status */
+ gss_cred_id_t, /* input_cred_handle */
+ gss_name_t, /* desired_name */
+ gss_OID, /* desired_mech */
+ gss_cred_usage_t, /* cred_usage */
+ OM_uint32, /* initiator_time_req */
+ OM_uint32, /* acceptor_time_req */
+ gss_cred_id_t *, /* output_cred_handle */
+ gss_OID_set *, /* actual_mechs */
+ OM_uint32 *, /* initiator_time_rec */
+ OM_uint32 * /* acceptor_time_rec */
+ );
+
+
+OM_uint32 krb5_gss_export_sec_context
+ (void *,
+ OM_uint32 *, /* minor_status */
+ gss_ctx_id_t *, /* context_handle */
+ gss_buffer_t /* interprocess_token */
+ );
+
+OM_uint32 krb5_gss_import_sec_context
+ (void *,
+ OM_uint32 *, /* minor_status */
+ gss_buffer_t, /* interprocess_token */
+ gss_ctx_id_t * /* context_handle */
+ );
+
+OM_uint32 krb5_gss_inquire_cred_by_mech
+ (void *,
+ OM_uint32 *, /* minor_status */
+ gss_cred_id_t, /* cred_handle */
+ gss_OID, /* mech_type */
+ gss_name_t *, /* name */
+ OM_uint32 *, /* initiator_lifetime */
+ OM_uint32 *, /* acceptor_lifetime */
+ gss_cred_usage_t * /* cred_usage */
+ );
+
+OM_uint32 krb5_gss_inquire_names_for_mech
+ (void *,
+ OM_uint32 *, /* minor_status */
+ gss_OID, /* mechanism */
+ gss_OID_set * /* name_types */
+ );
+
+extern OM_uint32 krb5_gss_get_context
+ (void**
+ );
+
+extern int krb5_pname_to_uid
+ (char *, /* minor_status */
+ gss_OID, /* name_type */
+ gss_OID, /* mech_type */
+ uid_t * /* input_name */
+ );
+
+/*
+ * This is the declaration of the mechs_array table for Kerberos V5.
+ * If the gss_mechanism structure changes, so should this array! I
+ * told you it was a private interface!
+ */
+
+/* ident "@(#)krb5_gssd_init_srvr.conf 1.16 95/08/07 SMI" */
+
+static struct gss_config krb5_mechanism =
+ {{5,"\053\005\001\005\002"},
+ 0, /* context, to be filled */
+ krb5_gss_acquire_cred,
+ krb5_gss_release_cred,
+ krb5_gss_init_sec_context,
+ krb5_gss_accept_sec_context,
+ krb5_gss_process_context_token,
+ krb5_gss_delete_sec_context,
+ krb5_gss_context_time,
+ krb5_gss_sign,
+ krb5_gss_verify,
+ krb5_gss_seal,
+ krb5_gss_unseal,
+ krb5_gss_display_status,
+ krb5_gss_indicate_mechs,
+ krb5_gss_compare_name,
+ krb5_gss_display_name,
+ krb5_gss_import_name,
+ krb5_gss_release_name,
+ krb5_gss_inquire_cred,
+ krb5_gss_add_cred,
+ krb5_gss_export_sec_context,
+ krb5_gss_import_sec_context,
+ krb5_gss_inquire_cred_by_mech,
+ krb5_gss_inquire_names_for_mech,
+ krb5_pname_to_uid,
+ };
+
+#include "k5-int.h"
+
+/*
+ * Do we want to allocate a new kg_context everytime we call this?
+ * I don't know -- for now, just allocate one of them.
+ */
+static krb5_context kg_context;
+
+OM_uint32
+krb5_gss_get_context(context)
+void ** context;
+{
+ if (context == NULL)
+ return GSS_S_FAILURE;
+
+ if (kg_context)
+ *context = kg_context;
+ else {
+ if (krb5_init_context(&kg_context))
+ return GSS_S_FAILURE;
+ else
+ *context = kg_context;
+ }
+ return GSS_S_COMPLETE;
+}
+
+gss_mechanism
+krb5_gss_initialize()
+{
+ krb5_gss_get_context(&(krb5_mechanism.context));
+ return (&krb5_mechanism);
+}
diff --git a/src/lib/gssapi/krb5/pname_to_uid.c b/src/lib/gssapi/krb5/pname_to_uid.c
new file mode 100644
index 000000000..619b4657c
--- /dev/null
+++ b/src/lib/gssapi/krb5/pname_to_uid.c
@@ -0,0 +1,88 @@
+#ident "@(#)krb5_pname_to_uid.c 1.2 95/05/11 SMI"
+/*
+ * krb5 mechanism specific routine for pname_to_uid
+ *
+ * Copyright 1995 Sun Microsystems, Inc.
+ */
+
+#include <gssapi/gssapi.h>
+#include <pwd.h>
+#include <sys/types.h>
+
+extern char *strpbrk(const char *s1, const char *s2);
+extern struct passwd *getpwnam(const char *name);
+
+int
+krb5_pname_to_uid(pname, name_type, mech_type, uid)
+
+char * pname;
+gss_OID name_type;
+gss_OID mech_type;
+uid_t * uid;
+{
+
+ struct passwd *pw;
+ char *pname_copy, *prefix, *suffix, *default_realm = NULL,
+ *temp;
+ unsigned char krb5principalname[] =
+ {"\052\206\110\206\367\022\001\002\002\001"};
+
+/*
+ * check that the name_type is the Kerberos Principal Name form
+ * [1.2.840.113554.1.2.2.1] or NULL.
+ */
+
+ if(name_type->length !=0)
+ if((name_type->length != 10)
+ ||
+ (memcmp(name_type->elements, krb5principalname, 10) != 0))
+ return(0);
+/* take care of the special case of "root.<hostname>@realm */
+
+ if(strncmp(pname, "root.", 5) == 0) {
+ *uid = 0;
+ return(1);
+ }
+
+/* get the name and realm parts of the Kerberos Principal Name */
+
+ pname_copy = (char *) malloc(strlen(pname)+1);
+ strcpy(pname_copy, pname);
+ prefix = pname_copy;
+ suffix = pname_copy;
+
+ /* find last occurance of "@" */
+
+ temp = (char *) !NULL;
+ while(temp != NULL)
+ suffix = (((temp = strpbrk(suffix, "@")) == NULL) ?
+ suffix : temp+1);
+
+ if(suffix != pname_copy)
+ *(suffix-1) = '\0';
+
+/* Make sure the name is in the local realm */
+
+ if(suffix != pname_copy) {
+ krb5_get_default_realm(&default_realm);
+ if(default_realm == NULL ||
+ strcmp(default_realm, suffix) != 0) {
+ free(pname_copy);
+ return(0);
+ }
+ }
+
+/*
+ * call getpwnam() and return uid result if successful.
+ * Otherwise, return failure.
+ */
+
+ if(pw = getpwnam(prefix)) {
+ *uid = pw->pw_uid;
+ free(pname_copy);
+ return(1);
+ } else {
+ free(pname_copy);
+ return(0);
+ }
+}
generated by cgit (git 2.34.1) at 2026-03-23 18:34:56 +0000