2 * Copyright 1993 by OpenVision Technologies, Inc.
4 * Permission to use, copy, modify, distribute, and sell this software
5 * and its documentation for any purpose is hereby granted without fee,
6 * provided that the above copyright notice appears in all copies and
7 * that both that copyright notice and this permission notice appear in
8 * supporting documentation, and that the name of OpenVision not be used
9 * in advertising or publicity pertaining to distribution of the software
10 * without specific, written prior permission. OpenVision makes no
11 * representations about the suitability of this software for any
12 * purpose. It is provided "as is" without express or implied warranty.
14 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
15 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
16 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
17 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
18 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
19 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
20 * PERFORMANCE OF THIS SOFTWARE.
23 #include "gssapiP_krb5.h"
25 /** exported constants defined in gssapi_krb5.h **/
27 /* these are bogus, but will compile */
30 * The OID of the krb5 mechanism, assigned by IETF, is:
32 * The OID of the krb5_name type is:
33 * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
34 * krb5(2) krb5_name(1) = 1.2.840.113554.2.1.2.1
35 * The OID of the krb5_principal type is:
36 * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2)
37 * krb5(2) krb5_principal(2) = 1.2.840.113554.2.1.2.2
41 * Encoding rules: The first two values are encoded in one byte as 40
42 * * value1 + value2. Subsequent values are encoded base 128, most
43 * significant digit first, with the high bit set on all octets except
44 * the last in each value's encoding.
47 static const gss_OID_desc oids[] = {
48 /* this OID is from Ted. It's not official yet, but it's close. */
49 {5, "\053\005\001\005\002"},
50 {10, "\052\206\110\206\367\022\001\002\002\001"},
51 {10, "\052\206\110\206\367\022\001\002\002\002"},
54 const_gss_OID gss_mech_krb5 = oids+0;
55 const_gss_OID gss_nt_krb5_name = oids+1;
56 const_gss_OID gss_nt_krb5_principal = oids+2;
58 static const gss_OID_set_desc oidsets[] = {
62 const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0;
64 krb5_context kg_context;
68 /** default credential support */
70 /* default credentials */
72 static gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL;
74 /* XXX what happens when the default credentials expire or are invalidated? */
77 kg_get_defcred(minor_status, cred)
78 OM_uint32 *minor_status;
81 if (defcred == GSS_C_NO_CREDENTIAL) {
84 if (!kg_context && kg_get_context())
87 if ((major = krb5_gss_acquire_cred(kg_context, minor_status,
88 GSS_C_NO_NAME, GSS_C_INDEFINITE,
89 GSS_C_NULL_OID_SET, GSS_C_INITIATE,
90 &defcred, NULL, NULL)) &&
92 defcred = GSS_C_NO_CREDENTIAL;
99 return(GSS_S_COMPLETE);
103 kg_release_defcred(minor_status)
104 OM_uint32 *minor_status;
106 if (defcred == GSS_C_NO_CREDENTIAL) {
108 return(GSS_S_COMPLETE);
111 if (!kg_context && kg_get_context())
112 return GSS_S_FAILURE;
114 return(krb5_gss_release_cred(kg_context, minor_status, &defcred));
121 return GSS_S_COMPLETE;
122 if (krb5_init_context(&kg_context))
123 return GSS_S_FAILURE;
124 return GSS_S_COMPLETE;