1
/*
2
 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 *
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * 3. Neither the name of the Institute nor the names of its contributors
18
 *    may be used to endorse or promote products derived from this software
19
 *    without specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
 * SUCH DAMAGE.
32
 */
33

34
#include "gsskrb5_locl.h"
35
#include <gssapi_mech.h>
36

37
/*
38
 * The implementation must reserve static storage for a
39
 * gss_OID_desc object containing the value
40
 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
41
 *              "\x01\x02\x01\x01"},
42
 * corresponding to an object-identifier value of
43
 * {iso(1) member-body(2) United States(840) mit(113554)
44
 *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
45
 * GSS_C_NT_USER_NAME should be initialized to point
46
 * to that gss_OID_desc.
47
 */
48

49
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc =
50
    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
51

52
/*
53
 * The implementation must reserve static storage for a
54
 * gss_OID_desc object containing the value
55
 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
56
 *              "\x01\x02\x01\x02"},
57
 * corresponding to an object-identifier value of
58
 * {iso(1) member-body(2) United States(840) mit(113554)
59
 *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
60
 * The constant GSS_C_NT_MACHINE_UID_NAME should be
61
 * initialized to point to that gss_OID_desc.
62
 */
63

64
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc =
65
    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
66

67
/*
68
 * The implementation must reserve static storage for a
69
 * gss_OID_desc object containing the value
70
 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
71
 *              "\x01\x02\x01\x03"},
72
 * corresponding to an object-identifier value of
73
 * {iso(1) member-body(2) United States(840) mit(113554)
74
 *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
75
 * The constant GSS_C_NT_STRING_UID_NAME should be
76
 * initialized to point to that gss_OID_desc.
77
 */
78

79
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc =
80
    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
81

82
/*
83
 * The implementation must reserve static storage for a
84
 * gss_OID_desc object containing the value
85
 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
86
 * corresponding to an object-identifier value of
87
 * {iso(1) org(3) dod(6) internet(1) security(5)
88
 * nametypes(6) gss-host-based-services(2)).  The constant
89
 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
90
 * to that gss_OID_desc.  This is a deprecated OID value, and
91
 * implementations wishing to support hostbased-service names
92
 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
93
 * defined below, to identify such names;
94
 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
95
 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
96
 * parameter, but should not be emitted by GSS-API
97
 * implementations
98
 */
99

100
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc =
101
    {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
102

103
/*
104
 * The implementation must reserve static storage for a
105
 * gss_OID_desc object containing the value
106
 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
107
 *              "\x01\x02\x01\x04"}, corresponding to an
108
 * object-identifier value of {iso(1) member-body(2)
109
 * Unites States(840) mit(113554) infosys(1) gssapi(2)
110
 * generic(1) service_name(4)}.  The constant
111
 * GSS_C_NT_HOSTBASED_SERVICE should be initialized
112
 * to point to that gss_OID_desc.
113
 */
114
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc =
115
    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
116

117
/*
118
 * The implementation must reserve static storage for a
119
 * gss_OID_desc object containing the value
120
 * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
121
 * corresponding to an object identifier value of
122
 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
123
 * 6(nametypes), 3(gss-anonymous-name)}.  The constant
124
 * and GSS_C_NT_ANONYMOUS should be initialized to point
125
 * to that gss_OID_desc.
126
 */
127

128
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc =
129
    {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
130

131
/*
132
 * The implementation must reserve static storage for a
133
 * gss_OID_desc object containing the value
134
 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
135
 * corresponding to an object-identifier value of
136
 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
137
 * 6(nametypes), 4(gss-api-exported-name)}.  The constant
138
 * GSS_C_NT_EXPORT_NAME should be initialized to point
139
 * to that gss_OID_desc.
140
 */
141

142
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc =
143
    {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
144

145
/*
146
 *   This name form shall be represented by the Object Identifier {iso(1)
147
 *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
148
 *   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
149
 *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
150
 */
151

152
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
153
    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
154

155
/*
156
 * draft-ietf-cat-iakerb-09, IAKERB:
157
 *   The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
158
 *   with the mechanism proposed by SPNEGO [7] for negotiating protocol
159
 *   variations, is:  {iso(1) org(3) dod(6) internet(1) security(5)
160
 *   mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}.  The proposed
161
 *   mechanism ID for IAKERB minimum messages GSS-API Kerberos, in
162
 *   accordance with the mechanism proposed by SPNEGO for negotiating
163
 *   protocol variations, is: {iso(1) org(3) dod(6) internet(1)
164
 *   security(5) mechanisms(5) iakerb(10)
165
 *   iakerbMinimumMessagesProtocol(2)}.
166
 */
167

168
gss_OID_desc GSSAPI_LIB_VARIABLE  __gss_iakerb_proxy_mechanism_oid_desc =
169
    {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
170

171
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
172
    {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
173

174
/*
175
 * Context for krb5 calls.
176
 */
177

178
#if 0
179
static gss_mo_desc krb5_mo[] = {
180
    {
181
	GSS_C_MA_SASL_MECH_NAME,
182
	GSS_MO_MA,
183
	"SASL mech name",
184
	rk_UNCONST("GS2-KRB5"),
185
	_gss_mo_get_ctx_as_string,
186
	NULL
187
    },
188
    {
189
	GSS_C_MA_MECH_NAME,
190
	GSS_MO_MA,
191
	"Mechanism name",
192
	rk_UNCONST("KRB5"),
193
	_gss_mo_get_ctx_as_string,
194
	NULL
195
    },
196
    {
197
	GSS_C_MA_MECH_DESCRIPTION,
198
	GSS_MO_MA,
199
	"Mechanism description",
200
	rk_UNCONST("Heimdal Kerberos 5 mech"),
201
	_gss_mo_get_ctx_as_string,
202
	NULL
203
    },
204
    {
205
	GSS_C_MA_MECH_CONCRETE,
206
	GSS_MO_MA
207
    },
208
    {
209
	GSS_C_MA_ITOK_FRAMED,
210
	GSS_MO_MA
211
    },
212
    {
213
	GSS_C_MA_AUTH_INIT,
214
	GSS_MO_MA
215
    },
216
    {
217
	GSS_C_MA_AUTH_TARG,
218
	GSS_MO_MA
219
    },
220
    {
221
	GSS_C_MA_AUTH_INIT_ANON,
222
	GSS_MO_MA
223
    },
224
    {
225
	GSS_C_MA_DELEG_CRED,
226
	GSS_MO_MA
227
    },
228
    {
229
	GSS_C_MA_INTEG_PROT,
230
	GSS_MO_MA
231
    },
232
    {
233
	GSS_C_MA_CONF_PROT,
234
	GSS_MO_MA
235
    },
236
    {
237
	GSS_C_MA_MIC,
238
	GSS_MO_MA
239
    },
240
    {
241
	GSS_C_MA_WRAP,
242
	GSS_MO_MA
243
    },
244
    {
245
	GSS_C_MA_PROT_READY,
246
	GSS_MO_MA
247
    },
248
    {
249
	GSS_C_MA_REPLAY_DET,
250
	GSS_MO_MA
251
    },
252
    {
253
	GSS_C_MA_OOS_DET,
254
	GSS_MO_MA
255
    },
256
    {
257
	GSS_C_MA_CBINDINGS,
258
	GSS_MO_MA
259
    },
260
    {
261
	GSS_C_MA_PFS,
262
	GSS_MO_MA
263
    },
264
    {
265
	GSS_C_MA_CTX_TRANS,
266
	GSS_MO_MA
267
    }
268
};
269
#endif
270

271
/*
272
 *
273
 */
274

275
static gssapi_mech_interface_desc krb5_mech = {
276
    GMI_VERSION,
277
    "kerberos 5",
278
    {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
279
    0,
280
    _gsskrb5_acquire_cred,
281
    _gsskrb5_release_cred,
282
    _gsskrb5_init_sec_context,
283
    _gsskrb5_accept_sec_context,
284
    _gsskrb5_process_context_token,
285
    _gsskrb5_delete_sec_context,
286
    _gsskrb5_context_time,
287
    _gsskrb5_get_mic,
288
    _gsskrb5_verify_mic,
289
    _gsskrb5_wrap,
290
    _gsskrb5_unwrap,
291
    _gsskrb5_display_status,
292
    _gsskrb5_indicate_mechs,
293
    _gsskrb5_compare_name,
294
    _gsskrb5_display_name,
295
    _gsskrb5_import_name,
296
    _gsskrb5_export_name,
297
    _gsskrb5_release_name,
298
    _gsskrb5_inquire_cred,
299
    _gsskrb5_inquire_context,
300
    _gsskrb5_wrap_size_limit,
301
    _gsskrb5_add_cred,
302
    _gsskrb5_inquire_cred_by_mech,
303
    _gsskrb5_export_sec_context,
304
    _gsskrb5_import_sec_context,
305
    _gsskrb5_inquire_names_for_mech,
306
    _gsskrb5_inquire_mechs_for_name,
307
    _gsskrb5_canonicalize_name,
308
    _gsskrb5_duplicate_name,
309
    _gsskrb5_inquire_sec_context_by_oid,
310
    _gsskrb5_inquire_cred_by_oid,
311
    _gsskrb5_set_sec_context_option,
312
    _gsskrb5_set_cred_option,
313
    _gsskrb5_pseudo_random,
314
#if 0
315
    _gk_wrap_iov,
316
    _gk_unwrap_iov,
317
    _gk_wrap_iov_length,
318
#else
319
    NULL,
320
    NULL,
321
    NULL,
322
#endif
323
    _gsskrb5_store_cred,
324
    _gsskrb5_export_cred,
325
    _gsskrb5_import_cred,
326
    _gsskrb5_acquire_cred_ext,
327
    NULL,
328
    NULL,
329
    NULL,
330
    NULL,
331
    NULL,
332
    NULL,
333
#if 0
334
    krb5_mo,
335
    sizeof(krb5_mo) / sizeof(krb5_mo[0]),
336
#else
337
    NULL,
338
    0,
339
#endif
340
    _gsskrb5_pname_to_uid,
341
    _gsskrb5_authorize_localname,
342
    NULL,
343
    NULL,
344
    NULL,
345
    NULL,
346
    NULL,
347
    NULL,
348
    NULL
349
};
350

351
gssapi_mech_interface
352
__gss_krb5_initialize(void)
353
{
354
    return &krb5_mech;
355
}
356

357