Line data Source code
1 : /*
2 : * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "gsskrb5_locl.h"
35 :
36 : static OM_uint32
37 20213 : parse_krb5_name (OM_uint32 *minor_status,
38 : krb5_context context,
39 : const char *name,
40 : gss_name_t *output_name)
41 : {
42 : krb5_principal princ;
43 : krb5_error_code kerr;
44 :
45 20963 : kerr = krb5_parse_name (context, name, &princ);
46 :
47 20963 : if (kerr == 0) {
48 20963 : *output_name = (gss_name_t)princ;
49 20213 : return GSS_S_COMPLETE;
50 : }
51 0 : *minor_status = kerr;
52 :
53 0 : if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
54 0 : return GSS_S_BAD_NAME;
55 :
56 0 : return GSS_S_FAILURE;
57 : }
58 :
59 : static OM_uint32
60 20963 : import_krb5_name (OM_uint32 *minor_status,
61 : krb5_context context,
62 : const gss_buffer_t input_name_buffer,
63 : gss_name_t *output_name)
64 : {
65 : OM_uint32 ret;
66 : char *tmp;
67 :
68 20963 : tmp = malloc (input_name_buffer->length + 1);
69 20963 : if (tmp == NULL) {
70 0 : *minor_status = ENOMEM;
71 0 : return GSS_S_FAILURE;
72 : }
73 41176 : memcpy (tmp,
74 20963 : input_name_buffer->value,
75 : input_name_buffer->length);
76 20963 : tmp[input_name_buffer->length] = '\0';
77 :
78 20963 : ret = parse_krb5_name(minor_status, context, tmp, output_name);
79 20963 : free(tmp);
80 :
81 20963 : return ret;
82 : }
83 :
84 : OM_uint32
85 20986 : _gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
86 : int use_dns, krb5_const_principal sourcename, gss_name_t targetname,
87 : krb5_principal *out)
88 : {
89 20986 : krb5_principal p = (krb5_principal)targetname;
90 : krb5_error_code ret;
91 20986 : char *hostname = NULL, *service;
92 :
93 20986 : *minor_status = 0;
94 :
95 : /* If its not a hostname */
96 20986 : if (krb5_principal_get_type(context, p) != MAGIC_HOSTBASED_NAME_TYPE) {
97 20986 : ret = krb5_copy_principal(context, p, out);
98 0 : } else if (!use_dns) {
99 0 : ret = krb5_copy_principal(context, p, out);
100 0 : if (ret)
101 0 : goto out;
102 0 : krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST);
103 0 : if (sourcename)
104 0 : ret = krb5_principal_set_realm(context, *out, sourcename->realm);
105 : } else {
106 0 : if (p->name.name_string.len == 0)
107 0 : return GSS_S_BAD_NAME;
108 0 : else if (p->name.name_string.len > 1)
109 0 : hostname = p->name.name_string.val[1];
110 :
111 0 : service = p->name.name_string.val[0];
112 :
113 0 : ret = krb5_sname_to_principal(context,
114 : hostname,
115 : service,
116 : KRB5_NT_SRV_HST,
117 : out);
118 : }
119 :
120 20986 : out:
121 20986 : if (ret) {
122 0 : *minor_status = ret;
123 0 : return GSS_S_FAILURE;
124 : }
125 :
126 20236 : return 0;
127 : }
128 :
129 :
130 : static OM_uint32
131 0 : import_hostbased_name (OM_uint32 *minor_status,
132 : krb5_context context,
133 : const gss_buffer_t input_name_buffer,
134 : gss_name_t *output_name)
135 : {
136 0 : krb5_principal princ = NULL;
137 : krb5_error_code kerr;
138 0 : char *tmp, *p, *host = NULL;
139 :
140 0 : tmp = malloc (input_name_buffer->length + 1);
141 0 : if (tmp == NULL) {
142 0 : *minor_status = ENOMEM;
143 0 : return GSS_S_FAILURE;
144 : }
145 0 : memcpy (tmp,
146 0 : input_name_buffer->value,
147 : input_name_buffer->length);
148 0 : tmp[input_name_buffer->length] = '\0';
149 :
150 0 : p = strchr (tmp, '@');
151 0 : if (p != NULL) {
152 0 : *p = '\0';
153 0 : host = p + 1;
154 : }
155 :
156 0 : kerr = krb5_make_principal(context, &princ, NULL, tmp, host, NULL);
157 0 : free (tmp);
158 0 : *minor_status = kerr;
159 0 : if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
160 0 : return GSS_S_BAD_NAME;
161 0 : else if (kerr)
162 0 : return GSS_S_FAILURE;
163 :
164 0 : krb5_principal_set_type(context, princ, MAGIC_HOSTBASED_NAME_TYPE);
165 0 : *output_name = (gss_name_t)princ;
166 :
167 0 : return 0;
168 : }
169 :
170 : static OM_uint32
171 0 : import_export_name (OM_uint32 *minor_status,
172 : krb5_context context,
173 : const gss_buffer_t input_name_buffer,
174 : gss_name_t *output_name)
175 : {
176 : unsigned char *p;
177 : uint32_t length;
178 : OM_uint32 ret;
179 : char *name;
180 :
181 0 : if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
182 0 : return GSS_S_BAD_NAME;
183 :
184 : /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
185 :
186 0 : p = input_name_buffer->value;
187 :
188 0 : if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
189 0 : p[3] != GSS_KRB5_MECHANISM->length + 2 ||
190 0 : p[4] != 0x06 ||
191 0 : p[5] != GSS_KRB5_MECHANISM->length ||
192 0 : memcmp(&p[6], GSS_KRB5_MECHANISM->elements,
193 0 : GSS_KRB5_MECHANISM->length) != 0)
194 0 : return GSS_S_BAD_NAME;
195 :
196 0 : p += 6 + GSS_KRB5_MECHANISM->length;
197 :
198 0 : length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
199 0 : p += 4;
200 :
201 0 : if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
202 0 : return GSS_S_BAD_NAME;
203 :
204 0 : name = malloc(length + 1);
205 0 : if (name == NULL) {
206 0 : *minor_status = ENOMEM;
207 0 : return GSS_S_FAILURE;
208 : }
209 0 : memcpy(name, p, length);
210 0 : name[length] = '\0';
211 :
212 0 : ret = parse_krb5_name(minor_status, context, name, output_name);
213 0 : free(name);
214 :
215 0 : return ret;
216 : }
217 :
218 20963 : OM_uint32 GSSAPI_CALLCONV _gsskrb5_import_name
219 : (OM_uint32 * minor_status,
220 : const gss_buffer_t input_name_buffer,
221 : const gss_OID input_name_type,
222 : gss_name_t * output_name
223 : )
224 : {
225 : krb5_context context;
226 :
227 20963 : *minor_status = 0;
228 20963 : *output_name = GSS_C_NO_NAME;
229 :
230 20963 : GSSAPI_KRB5_INIT (&context);
231 :
232 41926 : if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) ||
233 20963 : gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X))
234 0 : return import_hostbased_name (minor_status,
235 : context,
236 : input_name_buffer,
237 : output_name);
238 20963 : else if (input_name_type == GSS_C_NO_OID
239 20963 : || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
240 13 : || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
241 : /* default printable syntax */
242 20963 : return import_krb5_name (minor_status,
243 : context,
244 : input_name_buffer,
245 : output_name);
246 0 : else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
247 0 : return import_export_name(minor_status,
248 : context,
249 : input_name_buffer,
250 : output_name);
251 : } else {
252 0 : *minor_status = 0;
253 0 : return GSS_S_BAD_NAMETYPE;
254 : }
255 : }
|
