Path: blob/main/crypto/krb5/src/lib/gssapi/generic/gssapi_generic.c
39563 views
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */1/*2* Copyright 1993 by OpenVision Technologies, Inc.3*4* Permission to use, copy, modify, distribute, and sell this software5* and its documentation for any purpose is hereby granted without fee,6* provided that the above copyright notice appears in all copies and7* that both that copyright notice and this permission notice appear in8* supporting documentation, and that the name of OpenVision not be used9* in advertising or publicity pertaining to distribution of the software10* without specific, written prior permission. OpenVision makes no11* representations about the suitability of this software for any12* purpose. It is provided "as is" without express or implied warranty.13*14* OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,15* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO16* EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR17* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF18* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR19* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR20* PERFORMANCE OF THIS SOFTWARE.21*/2223/*24* $Id$25*/2627#include "gssapiP_generic.h"2829/*30* See krb5/gssapi_krb5.c for a description of the algorithm for31* encoding an object identifier.32*/3334/* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. */3536#define oids ((gss_OID_desc *)const_oids)37static const gss_OID_desc const_oids[] = {38/*39* The implementation must reserve static storage for a40* gss_OID_desc object containing the value */41{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"},42/* corresponding to an object-identifier value of43* {iso(1) member-body(2) United States(840) mit(113554)44* infosys(1) gssapi(2) generic(1) user_name(1)}. The constant45* GSS_C_NT_USER_NAME should be initialized to point46* to that gss_OID_desc.47*/4849/*50* The implementation must reserve static storage for a51* gss_OID_desc object containing the value */52{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"},53/* corresponding to an object-identifier value of54* {iso(1) member-body(2) United States(840) mit(113554)55* infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.56* The constant GSS_C_NT_MACHINE_UID_NAME should be57* initialized to point to that gss_OID_desc.58*/5960/*61* The implementation must reserve static storage for a62* gss_OID_desc object containing the value */63{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"},64/* corresponding to an object-identifier value of65* {iso(1) member-body(2) United States(840) mit(113554)66* infosys(1) gssapi(2) generic(1) string_uid_name(3)}.67* The constant GSS_C_NT_STRING_UID_NAME should be68* initialized to point to that gss_OID_desc.69*/7071/*72* The implementation must reserve static storage for a73* gss_OID_desc object containing the value */74{6, (void *)"\x2b\x06\x01\x05\x06\x02"},75/* corresponding to an object-identifier value of76* {iso(1) org(3) dod(6) internet(1) security(5)77* nametypes(6) gss-host-based-services(2)). The constant78* GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point79* to that gss_OID_desc. This is a deprecated OID value, and80* implementations wishing to support hostbased-service names81* should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,82* defined below, to identify such names;83* GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym84* for GSS_C_NT_HOSTBASED_SERVICE when presented as an input85* parameter, but should not be emitted by GSS-API86* implementations87*/8889/*90* The implementation must reserve static storage for a91* gss_OID_desc object containing the value */92{10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"},93/* corresponding to an object-identifier value of94* {iso(1) member-body(2) Unites States(840) mit(113554)95* infosys(1) gssapi(2) generic(1) service_name(4)}.96* The constant GSS_C_NT_HOSTBASED_SERVICE should be97* initialized to point to that gss_OID_desc.98*/99100/*101* The implementation must reserve static storage for a102* gss_OID_desc object containing the value */103{6, (void *)"\x2b\x06\01\x05\x06\x03"},104/* corresponding to an object identifier value of105* {1(iso), 3(org), 6(dod), 1(internet), 5(security),106* 6(nametypes), 3(gss-anonymous-name)}. The constant107* and GSS_C_NT_ANONYMOUS should be initialized to point108* to that gss_OID_desc.109*/110111/*112* The implementation must reserve static storage for a113* gss_OID_desc object containing the value */114{6, (void *)"\x2b\x06\x01\x05\x06\x04"},115/* corresponding to an object-identifier value of116* {1(iso), 3(org), 6(dod), 1(internet), 5(security),117* 6(nametypes), 4(gss-api-exported-name)}. The constant118* GSS_C_NT_EXPORT_NAME should be initialized to point119* to that gss_OID_desc.120*/121{6, (void *)"\x2b\x06\x01\x05\x06\x06"},122/* corresponding to an object-identifier value of123* {1(iso), 3(org), 6(dod), 1(internet), 5(security),124* 6(nametypes), 6(gss-composite-export)}. The constant125* GSS_C_NT_COMPOSITE_EXPORT should be initialized to point126* to that gss_OID_desc.127*/128/* GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5 */129{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"},130/* GSS_C_INQ_NEGOEX_KEY 1.2.840.113554.1.2.2.5.16 */131{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x10"},132/* GSS_C_INQ_NEGOEX_VERIFY_KEY 1.2.840.113554.1.2.2.5.17 */133{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x11"},134135/* RFC 5587 attributes, see below */136{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x01"},137{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x02"},138{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x03"},139{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x04"},140{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x05"},141{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x06"},142{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x07"},143{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x08"},144{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x09"},145{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0a"},146{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0b"},147{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0c"},148{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0d"},149{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0e"},150{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0f"},151{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x10"},152{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x11"},153{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x12"},154{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x13"},155{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x14"},156{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x15"},157{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x16"},158{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x17"},159{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x18"},160{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x19"},161{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1a"},162{7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1b"},163/* GSS_C_MA_NEGOEX_AND_SPNEGO 1.2.840.113554.1.2.2.5.18 */164{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x12"},165166/*167* GSS_SEC_CONTEXT_SASL_SSF_OID 1.2.840.113554.1.2.2.5.15168* iso(1) member-body(2) United States(840) mit(113554)169* infosys(1) gssapi(2) krb5(2) krb5-gssapi-ext(5) sasl-ssf(15)170*/171{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0f"},172173/*174* GSS_C_INQ_ODBC_SESSION_KEY 1.2.840.113554.1.2.2.5.19175* iso(1) member-body(2) United States(840) mit(113554)176* infosys(1) ssapi(2) krb5(2) krb5-gssapi-ext(5)177* inq-odbc-session-key(19)178*/179{11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05\13"},180};181182/* Here are the constants which point to the static structure above.183*184* Constants of the form GSS_C_NT_* are specified by rfc 2744.185*186* Constants of the form gss_nt_* are the original MIT krb5 names187* found in gssapi_generic.h. They are provided for compatibility. */188189GSS_DLLIMP gss_OID GSS_C_NT_USER_NAME = oids+0;190GSS_DLLIMP gss_OID gss_nt_user_name = oids+0;191192GSS_DLLIMP gss_OID GSS_C_NT_MACHINE_UID_NAME = oids+1;193GSS_DLLIMP gss_OID gss_nt_machine_uid_name = oids+1;194195GSS_DLLIMP gss_OID GSS_C_NT_STRING_UID_NAME = oids+2;196GSS_DLLIMP gss_OID gss_nt_string_uid_name = oids+2;197198GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3;199gss_OID gss_nt_service_name_v2 = oids+3;200201GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE = oids+4;202GSS_DLLIMP gss_OID gss_nt_service_name = oids+4;203204GSS_DLLIMP gss_OID GSS_C_NT_ANONYMOUS = oids+5;205206GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME = oids+6;207gss_OID gss_nt_exported_name = oids+6;208209GSS_DLLIMP gss_OID GSS_C_NT_COMPOSITE_EXPORT = oids+7;210GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY = oids+8;211GSS_DLLIMP gss_OID GSS_C_INQ_NEGOEX_KEY = oids+9;212GSS_DLLIMP gss_OID GSS_C_INQ_NEGOEX_VERIFY_KEY = oids+10;213214GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_CONCRETE = oids+11;215GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_PSEUDO = oids+12;216GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_COMPOSITE = oids+13;217GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_NEGO = oids+14;218GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_GLUE = oids+15;219GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_MECH = oids+16;220GSS_DLLIMP gss_const_OID GSS_C_MA_DEPRECATED = oids+17;221GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_DFLT_MECH = oids+18;222GSS_DLLIMP gss_const_OID GSS_C_MA_ITOK_FRAMED = oids+19;223GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT = oids+20;224GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG = oids+21;225GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_INIT = oids+22;226GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_INIT = oids+23;227GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_ANON = oids+24;228GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_ANON = oids+25;229GSS_DLLIMP gss_const_OID GSS_C_MA_DELEG_CRED = oids+26;230GSS_DLLIMP gss_const_OID GSS_C_MA_INTEG_PROT = oids+27;231GSS_DLLIMP gss_const_OID GSS_C_MA_CONF_PROT = oids+28;232GSS_DLLIMP gss_const_OID GSS_C_MA_MIC = oids+29;233GSS_DLLIMP gss_const_OID GSS_C_MA_WRAP = oids+30;234GSS_DLLIMP gss_const_OID GSS_C_MA_PROT_READY = oids+31;235GSS_DLLIMP gss_const_OID GSS_C_MA_REPLAY_DET = oids+32;236GSS_DLLIMP gss_const_OID GSS_C_MA_OOS_DET = oids+33;237GSS_DLLIMP gss_const_OID GSS_C_MA_CBINDINGS = oids+34;238GSS_DLLIMP gss_const_OID GSS_C_MA_PFS = oids+35;239GSS_DLLIMP gss_const_OID GSS_C_MA_COMPRESS = oids+36;240GSS_DLLIMP gss_const_OID GSS_C_MA_CTX_TRANS = oids+37;241GSS_DLLIMP gss_const_OID GSS_C_MA_NEGOEX_AND_SPNEGO = oids+38;242243GSS_DLLIMP gss_OID GSS_C_SEC_CONTEXT_SASL_SSF = oids+39;244245GSS_DLLIMP gss_OID GSS_C_INQ_ODBC_SESSION_KEY = oids+40;246247static gss_OID_set_desc gss_ma_known_attrs_desc = { 28, oids+11 };248249gss_OID_set gss_ma_known_attrs = &gss_ma_known_attrs_desc;250251static struct mech_attr_info_desc {252gss_OID mech_attr;253const char *name;254const char *short_desc;255const char *long_desc;256} mech_attr_info[] = {257{258oids+11,259"GSS_C_MA_MECH_CONCRETE",260"concrete-mech",261"Mechanism is neither a pseudo-mechanism nor a composite mechanism.",262},263{264oids+12,265"GSS_C_MA_MECH_PSEUDO",266"pseudo-mech",267"Mechanism is a pseudo-mechanism.",268},269{270oids+13,271"GSS_C_MA_MECH_COMPOSITE",272"composite-mech",273"Mechanism is a composite of other mechanisms.",274},275{276oids+14,277"GSS_C_MA_MECH_NEGO",278"mech-negotiation-mech",279"Mechanism negotiates other mechanisms.",280},281{282oids+15,283"GSS_C_MA_MECH_GLUE",284"mech-glue",285"OID is not a mechanism but the GSS-API itself.",286},287{288oids+16,289"GSS_C_MA_NOT_MECH",290"not-mech",291"Known OID but not a mechanism OID.",292},293{294oids+17,295"GSS_C_MA_DEPRECATED",296"mech-deprecated",297"Mechanism is deprecated.",298},299{300oids+18,301"GSS_C_MA_NOT_DFLT_MECH",302"mech-not-default",303"Mechanism must not be used as a default mechanism.",304},305{306oids+19,307"GSS_C_MA_ITOK_FRAMED",308"initial-is-framed",309"Mechanism's initial contexts are properly framed.",310},311{312oids+20,313"GSS_C_MA_AUTH_INIT",314"auth-init-princ",315"Mechanism supports authentication of initiator to acceptor.",316},317{318oids+21,319"GSS_C_MA_AUTH_TARG",320"auth-targ-princ",321"Mechanism supports authentication of acceptor to initiator.",322},323{324oids+22,325"GSS_C_MA_AUTH_INIT_INIT",326"auth-init-princ-initial",327"Mechanism supports authentication of initiator using "328"initial credentials.",329},330{331oids+23,332"GSS_C_MA_AUTH_TARG_INIT",333"auth-target-princ-initial",334"Mechanism supports authentication of acceptor using "335"initial credentials.",336},337{338oids+24,339"GSS_C_MA_AUTH_INIT_ANON",340"auth-init-princ-anon",341"Mechanism supports GSS_C_NT_ANONYMOUS as an initiator name.",342},343{344oids+25,345"GSS_C_MA_AUTH_TARG_ANON",346"auth-targ-princ-anon",347"Mechanism supports GSS_C_NT_ANONYMOUS as an acceptor name.",348},349{350oids+26,351"GSS_C_MA_DELEG_CRED",352"deleg-cred",353"Mechanism supports credential delegation.",354},355{356oids+27,357"GSS_C_MA_INTEG_PROT",358"integ-prot",359"Mechanism supports per-message integrity protection.",360},361{362oids+28,363"GSS_C_MA_CONF_PROT",364"conf-prot",365"Mechanism supports per-message confidentiality protection.",366},367{368oids+29,369"GSS_C_MA_MIC",370"mic",371"Mechanism supports Message Integrity Code (MIC) tokens.",372},373{374oids+30,375"GSS_C_MA_WRAP",376"wrap",377"Mechanism supports wrap tokens.",378},379{380oids+31,381"GSS_C_MA_PROT_READY",382"prot-ready",383"Mechanism supports per-message proteciton prior to "384"full context establishment.",385},386{387oids+32,388"GSS_C_MA_REPLAY_DET",389"replay-detection",390"Mechanism supports replay detection.",391},392{393oids+33,394"GSS_C_MA_OOS_DET",395"oos-detection",396"Mechanism supports out-of-sequence detection.",397},398{399oids+34,400"GSS_C_MA_CBINDINGS",401"channel-bindings",402"Mechanism supports channel bindings.",403},404{405oids+35,406"GSS_C_MA_PFS",407"pfs",408"Mechanism supports Perfect Forward Security.",409},410{411oids+36,412"GSS_C_MA_COMPRESS",413"compress",414"Mechanism supports compression of data inputs to gss_wrap().",415},416{417oids+37,418"GSS_C_MA_CTX_TRANS",419"context-transfer",420"Mechanism supports security context export/import.",421},422{423oids+38,424"GSS_C_MA_NEGOEX_AND_SPNEGO",425"negoex-only",426"NegoEx mechanism should also be negotiable through SPNEGO.",427},428};429430OM_uint32431generic_gss_display_mech_attr(432OM_uint32 *minor_status,433gss_const_OID mech_attr,434gss_buffer_t name,435gss_buffer_t short_desc,436gss_buffer_t long_desc)437{438size_t i;439440if (minor_status != NULL)441*minor_status = 0;442if (name != GSS_C_NO_BUFFER) {443name->length = 0;444name->value = NULL;445}446if (short_desc != GSS_C_NO_BUFFER) {447short_desc->length = 0;448short_desc->value = NULL;449}450if (long_desc != GSS_C_NO_BUFFER) {451long_desc->length = 0;452long_desc->value = NULL;453}454if (minor_status == NULL)455return GSS_S_CALL_INACCESSIBLE_WRITE;456for (i = 0; i < sizeof(mech_attr_info)/sizeof(mech_attr_info[0]); i++) {457struct mech_attr_info_desc *mai = &mech_attr_info[i];458459if (g_OID_equal(mech_attr, mai->mech_attr)) {460if (name != GSS_C_NO_BUFFER &&461!g_make_string_buffer(mai->name, name)) {462*minor_status = ENOMEM;463return GSS_S_FAILURE;464}465if (short_desc != GSS_C_NO_BUFFER &&466!g_make_string_buffer(mai->short_desc, short_desc)) {467*minor_status = ENOMEM;468return GSS_S_FAILURE;469}470if (long_desc != GSS_C_NO_BUFFER &&471!g_make_string_buffer(mai->long_desc, long_desc)) {472*minor_status = ENOMEM;473return GSS_S_FAILURE;474}475return GSS_S_COMPLETE;476}477}478479return GSS_S_BAD_MECH_ATTR;480}481482static gss_buffer_desc const_attrs[] = {483{ sizeof("local-login-user") - 1,484"local-login-user" },485};486487GSS_DLLIMP gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER = &const_attrs[0];488489490