1
/*
2
 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 *
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * 3. Neither the name of the Institute nor the names of its contributors
18
 *    may be used to endorse or promote products derived from this software
19
 *    without specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
 * SUCH DAMAGE.
32
 */
33

34
#include "gsskrb5_locl.h"
35

36
static OM_uint32
37
parse_krb5_name (OM_uint32 *minor_status,
38
		 krb5_context context,
39
		 const char *name,
40
		 gss_name_t *output_name)
41
{
42
    krb5_principal princ;
43
    krb5_error_code kerr;
44

45
    kerr = krb5_parse_name (context, name, &princ);
46

47
    if (kerr == 0) {
48
	*output_name = (gss_name_t)princ;
49
	return GSS_S_COMPLETE;
50
    }
51
    *minor_status = kerr;
52

53
    if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
54
	return GSS_S_BAD_NAME;
55

56
    return GSS_S_FAILURE;
57
}
58

59
static OM_uint32
60
import_krb5_name (OM_uint32 *minor_status,
61
		  krb5_context context,
62
		  const gss_buffer_t input_name_buffer,
63
		  gss_name_t *output_name)
64
{
65
    OM_uint32 ret;
66
    char *tmp;
67

68
    tmp = malloc (input_name_buffer->length + 1);
69
    if (tmp == NULL) {
70
	*minor_status = ENOMEM;
71
	return GSS_S_FAILURE;
72
    }
73
    memcpy (tmp,
74
	    input_name_buffer->value,
75
	    input_name_buffer->length);
76
    tmp[input_name_buffer->length] = '\0';
77

78
    ret = parse_krb5_name(minor_status, context, tmp, output_name);
79
    free(tmp);
80

81
    return ret;
82
}
83

84
OM_uint32
85
_gsskrb5_canon_name(OM_uint32 *minor_status, krb5_context context,
86
		    int use_dns, krb5_const_principal sourcename, gss_name_t targetname,
87
		    krb5_principal *out)
88
{
89
    krb5_principal p = (krb5_principal)targetname;
90
    krb5_error_code ret;
91
    char *hostname = NULL, *service;
92

93
    *minor_status = 0;
94

95
    /* If its not a hostname */
96
    if (krb5_principal_get_type(context, p) != MAGIC_HOSTBASED_NAME_TYPE) {
97
	ret = krb5_copy_principal(context, p, out);
98
    } else if (!use_dns) {
99
	ret = krb5_copy_principal(context, p, out);
100
	if (ret)
101
	    goto out;
102
	krb5_principal_set_type(context, *out, KRB5_NT_SRV_HST);
103
	if (sourcename)
104
	    ret = krb5_principal_set_realm(context, *out, sourcename->realm);
105
    } else {
106
	if (p->name.name_string.len == 0)
107
	    return GSS_S_BAD_NAME;
108
	else if (p->name.name_string.len > 1)
109
	    hostname = p->name.name_string.val[1];
110

111
	service = p->name.name_string.val[0];
112

113
	ret = krb5_sname_to_principal(context,
114
				      hostname,
115
				      service,
116
				      KRB5_NT_SRV_HST,
117
				      out);
118
    }
119

120
 out:
121
    if (ret) {
122
	*minor_status = ret;
123
	return GSS_S_FAILURE;
124
    }
125

126
    return 0;
127
}
128

129

130
static OM_uint32
131
import_hostbased_name (OM_uint32 *minor_status,
132
		       krb5_context context,
133
		       const gss_buffer_t input_name_buffer,
134
		       gss_name_t *output_name)
135
{
136
    krb5_principal princ = NULL;
137
    krb5_error_code kerr;
138
    char *tmp, *p, *host = NULL;
139

140
    tmp = malloc (input_name_buffer->length + 1);
141
    if (tmp == NULL) {
142
	*minor_status = ENOMEM;
143
	return GSS_S_FAILURE;
144
    }
145
    memcpy (tmp,
146
	    input_name_buffer->value,
147
	    input_name_buffer->length);
148
    tmp[input_name_buffer->length] = '\0';
149

150
    p = strchr (tmp, '@');
151
    if (p != NULL) {
152
	*p = '\0';
153
	host = p + 1;
154
    }
155

156
    kerr = krb5_make_principal(context, &princ, NULL, tmp, host, NULL);
157
    free (tmp);
158
    *minor_status = kerr;
159
    if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
160
	return GSS_S_BAD_NAME;
161
    else if (kerr)
162
	return GSS_S_FAILURE;
163

164
    krb5_principal_set_type(context, princ, MAGIC_HOSTBASED_NAME_TYPE);
165
    *output_name = (gss_name_t)princ;
166

167
    return 0;
168
}
169

170
static OM_uint32
171
import_export_name (OM_uint32 *minor_status,
172
		    krb5_context context,
173
		    const gss_buffer_t input_name_buffer,
174
		    gss_name_t *output_name)
175
{
176
    unsigned char *p;
177
    uint32_t length;
178
    OM_uint32 ret;
179
    char *name;
180

181
    if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
182
	return GSS_S_BAD_NAME;
183

184
    /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
185

186
    p = input_name_buffer->value;
187

188
    if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
189
	p[3] != GSS_KRB5_MECHANISM->length + 2 ||
190
	p[4] != 0x06 ||
191
	p[5] != GSS_KRB5_MECHANISM->length ||
192
	memcmp(&p[6], GSS_KRB5_MECHANISM->elements,
193
	       GSS_KRB5_MECHANISM->length) != 0)
194
	return GSS_S_BAD_NAME;
195

196
    p += 6 + GSS_KRB5_MECHANISM->length;
197

198
    length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
199
    p += 4;
200

201
    if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
202
	return GSS_S_BAD_NAME;
203

204
    name = malloc(length + 1);
205
    if (name == NULL) {
206
	*minor_status = ENOMEM;
207
	return GSS_S_FAILURE;
208
    }
209
    memcpy(name, p, length);
210
    name[length] = '\0';
211

212
    ret = parse_krb5_name(minor_status, context, name, output_name);
213
    free(name);
214

215
    return ret;
216
}
217

218
OM_uint32 GSSAPI_CALLCONV _gsskrb5_import_name
219
           (OM_uint32 * minor_status,
220
            const gss_buffer_t input_name_buffer,
221
            const gss_OID input_name_type,
222
            gss_name_t * output_name
223
           )
224
{
225
    krb5_context context;
226

227
    *minor_status = 0;
228
    *output_name = GSS_C_NO_NAME;
229

230
    GSSAPI_KRB5_INIT (&context);
231

232
    if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) ||
233
	gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X))
234
	return import_hostbased_name (minor_status,
235
				      context,
236
				      input_name_buffer,
237
				      output_name);
238
    else if (input_name_type == GSS_C_NO_OID
239
	     || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
240
	     || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
241
 	/* default printable syntax */
242
	return import_krb5_name (minor_status,
243
				 context,
244
				 input_name_buffer,
245
				 output_name);
246
    else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
247
	return import_export_name(minor_status,
248
				  context,
249
				  input_name_buffer,
250
				  output_name);
251
    } else {
252
	*minor_status = 0;
253
	return GSS_S_BAD_NAMETYPE;
254
    }
255
}
256

257