Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "gsskrb5_locl.h"
35 : #include <gssapi_mech.h>
36 :
37 : /*
38 : * The implementation must reserve static storage for a
39 : * gss_OID_desc object containing the value
40 : * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
41 : * "\x01\x02\x01\x01"},
42 : * corresponding to an object-identifier value of
43 : * {iso(1) member-body(2) United States(840) mit(113554)
44 : * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
45 : * GSS_C_NT_USER_NAME should be initialized to point
46 : * to that gss_OID_desc.
47 : */
48 :
49 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc =
50 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
51 :
52 : /*
53 : * The implementation must reserve static storage for a
54 : * gss_OID_desc object containing the value
55 : * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
56 : * "\x01\x02\x01\x02"},
57 : * corresponding to an object-identifier value of
58 : * {iso(1) member-body(2) United States(840) mit(113554)
59 : * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
60 : * The constant GSS_C_NT_MACHINE_UID_NAME should be
61 : * initialized to point to that gss_OID_desc.
62 : */
63 :
64 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc =
65 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
66 :
67 : /*
68 : * The implementation must reserve static storage for a
69 : * gss_OID_desc object containing the value
70 : * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
71 : * "\x01\x02\x01\x03"},
72 : * corresponding to an object-identifier value of
73 : * {iso(1) member-body(2) United States(840) mit(113554)
74 : * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
75 : * The constant GSS_C_NT_STRING_UID_NAME should be
76 : * initialized to point to that gss_OID_desc.
77 : */
78 :
79 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc =
80 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
81 :
82 : /*
83 : * The implementation must reserve static storage for a
84 : * gss_OID_desc object containing the value
85 : * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
86 : * corresponding to an object-identifier value of
87 : * {iso(1) org(3) dod(6) internet(1) security(5)
88 : * nametypes(6) gss-host-based-services(2)). The constant
89 : * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
90 : * to that gss_OID_desc. This is a deprecated OID value, and
91 : * implementations wishing to support hostbased-service names
92 : * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
93 : * defined below, to identify such names;
94 : * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
95 : * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
96 : * parameter, but should not be emitted by GSS-API
97 : * implementations
98 : */
99 :
100 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc =
101 : {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
102 :
103 : /*
104 : * The implementation must reserve static storage for a
105 : * gss_OID_desc object containing the value
106 : * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
107 : * "\x01\x02\x01\x04"}, corresponding to an
108 : * object-identifier value of {iso(1) member-body(2)
109 : * Unites States(840) mit(113554) infosys(1) gssapi(2)
110 : * generic(1) service_name(4)}. The constant
111 : * GSS_C_NT_HOSTBASED_SERVICE should be initialized
112 : * to point to that gss_OID_desc.
113 : */
114 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc =
115 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
116 :
117 : /*
118 : * The implementation must reserve static storage for a
119 : * gss_OID_desc object containing the value
120 : * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
121 : * corresponding to an object identifier value of
122 : * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
123 : * 6(nametypes), 3(gss-anonymous-name)}. The constant
124 : * and GSS_C_NT_ANONYMOUS should be initialized to point
125 : * to that gss_OID_desc.
126 : */
127 :
128 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc =
129 : {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
130 :
131 : /*
132 : * The implementation must reserve static storage for a
133 : * gss_OID_desc object containing the value
134 : * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
135 : * corresponding to an object-identifier value of
136 : * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
137 : * 6(nametypes), 4(gss-api-exported-name)}. The constant
138 : * GSS_C_NT_EXPORT_NAME should be initialized to point
139 : * to that gss_OID_desc.
140 : */
141 :
142 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc =
143 : {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
144 :
145 : /*
146 : * This name form shall be represented by the Object Identifier {iso(1)
147 : * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
148 : * krb5(2) krb5_name(1)}. The recommended symbolic name for this type
149 : * is "GSS_KRB5_NT_PRINCIPAL_NAME".
150 : */
151 :
152 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
153 : {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
154 :
155 : /*
156 : * draft-ietf-cat-iakerb-09, IAKERB:
157 : * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
158 : * with the mechanism proposed by SPNEGO [7] for negotiating protocol
159 : * variations, is: {iso(1) org(3) dod(6) internet(1) security(5)
160 : * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed
161 : * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in
162 : * accordance with the mechanism proposed by SPNEGO for negotiating
163 : * protocol variations, is: {iso(1) org(3) dod(6) internet(1)
164 : * security(5) mechanisms(5) iakerb(10)
165 : * iakerbMinimumMessagesProtocol(2)}.
166 : */
167 :
168 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc =
169 : {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
170 :
171 : gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
172 : {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
173 :
174 : /*
175 : * Context for krb5 calls.
176 : */
177 :
178 : static gss_mo_desc krb5_mo[] = {
179 : {
180 : GSS_C_MA_SASL_MECH_NAME,
181 : GSS_MO_MA,
182 : "SASL mech name",
183 : rk_UNCONST("GS2-KRB5"),
184 : _gss_mo_get_ctx_as_string,
185 : NULL
186 : },
187 : {
188 : GSS_C_MA_MECH_NAME,
189 : GSS_MO_MA,
190 : "Mechanism name",
191 : rk_UNCONST("KRB5"),
192 : _gss_mo_get_ctx_as_string,
193 : NULL
194 : },
195 : {
196 : GSS_C_MA_MECH_DESCRIPTION,
197 : GSS_MO_MA,
198 : "Mechanism description",
199 : rk_UNCONST("Heimdal Kerberos 5 mech"),
200 : _gss_mo_get_ctx_as_string,
201 : NULL
202 : },
203 : {
204 : GSS_C_MA_MECH_CONCRETE,
205 : GSS_MO_MA
206 : },
207 : {
208 : GSS_C_MA_ITOK_FRAMED,
209 : GSS_MO_MA
210 : },
211 : {
212 : GSS_C_MA_AUTH_INIT,
213 : GSS_MO_MA
214 : },
215 : {
216 : GSS_C_MA_AUTH_TARG,
217 : GSS_MO_MA
218 : },
219 : {
220 : GSS_C_MA_AUTH_INIT_ANON,
221 : GSS_MO_MA
222 : },
223 : {
224 : GSS_C_MA_DELEG_CRED,
225 : GSS_MO_MA
226 : },
227 : {
228 : GSS_C_MA_INTEG_PROT,
229 : GSS_MO_MA
230 : },
231 : {
232 : GSS_C_MA_CONF_PROT,
233 : GSS_MO_MA
234 : },
235 : {
236 : GSS_C_MA_MIC,
237 : GSS_MO_MA
238 : },
239 : {
240 : GSS_C_MA_WRAP,
241 : GSS_MO_MA
242 : },
243 : {
244 : GSS_C_MA_PROT_READY,
245 : GSS_MO_MA
246 : },
247 : {
248 : GSS_C_MA_REPLAY_DET,
249 : GSS_MO_MA
250 : },
251 : {
252 : GSS_C_MA_OOS_DET,
253 : GSS_MO_MA
254 : },
255 : {
256 : GSS_C_MA_CBINDINGS,
257 : GSS_MO_MA
258 : },
259 : {
260 : GSS_C_MA_PFS,
261 : GSS_MO_MA
262 : },
263 : {
264 : GSS_C_MA_CTX_TRANS,
265 : GSS_MO_MA
266 : }
267 : };
268 :
269 : /*
270 : *
271 : */
272 :
273 : static gssapi_mech_interface_desc krb5_mech = {
274 : GMI_VERSION,
275 : "kerberos 5",
276 : {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
277 : 0,
278 : _gsskrb5_acquire_cred,
279 : _gsskrb5_release_cred,
280 : _gsskrb5_init_sec_context,
281 : _gsskrb5_accept_sec_context,
282 : _gsskrb5_process_context_token,
283 : _gsskrb5_delete_sec_context,
284 : _gsskrb5_context_time,
285 : _gsskrb5_get_mic,
286 : _gsskrb5_verify_mic,
287 : _gsskrb5_wrap,
288 : _gsskrb5_unwrap,
289 : _gsskrb5_display_status,
290 : _gsskrb5_indicate_mechs,
291 : _gsskrb5_compare_name,
292 : _gsskrb5_display_name,
293 : _gsskrb5_import_name,
294 : _gsskrb5_export_name,
295 : _gsskrb5_release_name,
296 : _gsskrb5_inquire_cred,
297 : _gsskrb5_inquire_context,
298 : _gsskrb5_wrap_size_limit,
299 : _gsskrb5_add_cred,
300 : _gsskrb5_inquire_cred_by_mech,
301 : _gsskrb5_export_sec_context,
302 : _gsskrb5_import_sec_context,
303 : _gsskrb5_inquire_names_for_mech,
304 : _gsskrb5_inquire_mechs_for_name,
305 : _gsskrb5_canonicalize_name,
306 : _gsskrb5_duplicate_name,
307 : _gsskrb5_inquire_sec_context_by_oid,
308 : _gsskrb5_inquire_cred_by_oid,
309 : _gsskrb5_set_sec_context_option,
310 : _gsskrb5_set_cred_option,
311 : _gsskrb5_pseudo_random,
312 : _gk_wrap_iov,
313 : _gk_unwrap_iov,
314 : _gk_wrap_iov_length,
315 : _gsskrb5_store_cred,
316 : _gsskrb5_export_cred,
317 : _gsskrb5_import_cred,
318 : _gsskrb5_acquire_cred_ext,
319 : NULL,
320 : NULL,
321 : NULL,
322 : NULL,
323 : NULL,
324 : NULL,
325 : krb5_mo,
326 : sizeof(krb5_mo) / sizeof(krb5_mo[0]),
327 : _gsskrb5_pname_to_uid,
328 : _gsskrb5_authorize_localname,
329 : NULL,
330 : NULL,
331 : NULL,
332 : NULL,
333 : NULL,
334 : NULL,
335 : NULL
336 : };
337 :
338 : gssapi_mech_interface
339 19358 : __gss_krb5_initialize(void)
340 : {
341 19358 : return &krb5_mech;
342 : }
|