From: Theodore Tso Date: Tue, 23 Jan 1996 05:13:24 +0000 (+0000) Subject: New files for Sun's multi-mechanism GSSAPI X-Git-Tag: krb5-1.0-beta6~587 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=b062151a3f6c960c508914c1063c6aa6f9285ed3;p=krb5.git New files for Sun's multi-mechanism GSSAPI git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7361 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/gssapi/krb5/get_mechanism.c b/src/lib/gssapi/krb5/get_mechanism.c new file mode 100644 index 000000000..92ee00093 --- /dev/null +++ b/src/lib/gssapi/krb5/get_mechanism.c @@ -0,0 +1,339 @@ +/* + * Copyright (c) 1995, by Sun Microsystems, Inc. + * All rights reserved. + */ + +/* XXX: I know where to find this header, but it really is using a + * private interface. I dont want to export the gss_mechanism + * structure, so I hide it in a non-published header. Thats ok, + * we know where to find it. + */ +#include "../mechglue/mglueP.h" + +/* + * These are the extern declarations, one group per mechanism. They are + * contained in the files named _gssd_extern_srvr.conf. + */ + +/* ident "@(#)krb5_gssd_extern_srvr.conf 1.10 95/08/01 SMI" */ + +/** declarations of internal name mechanism functions **/ + +/* This should somehow be generated by the internal mechanism + * routine library... But for now I've hand-copied over from + * gssapiP_krb5.h + */ + +/* XXX: Should replace these with #include "gssapiP_krb5.h" , once + * the function prototypes are fixed (e.g., need a void*, not a + * krb5_context. + */ + +OM_uint32 krb5_gss_acquire_cred + (void *, + OM_uint32*, /* minor_status */ + gss_name_t, /* desired_name */ + OM_uint32, /* time_req */ + gss_OID_set, /* desired_mechs */ + int, /* cred_usage */ + gss_cred_id_t*, /* output_cred_handle */ + gss_OID_set*, /* actual_mechs */ + OM_uint32* /* time_rec */ + ); + +OM_uint32 krb5_gss_release_cred + (void *, + OM_uint32*, /* minor_status */ + gss_cred_id_t* /* cred_handle */ + ); + +OM_uint32 krb5_gss_init_sec_context + (void *, + OM_uint32*, /* minor_status */ + gss_cred_id_t, /* claimant_cred_handle */ + gss_ctx_id_t*, /* context_handle */ + gss_name_t, /* target_name */ + gss_OID, /* mech_type */ + int, /* req_flags */ + OM_uint32, /* time_req */ + gss_channel_bindings_t, + /* input_chan_bindings */ + gss_buffer_t, /* input_token */ + gss_OID*, /* actual_mech_type */ + gss_buffer_t, /* output_token */ + int*, /* ret_flags */ + OM_uint32* /* time_rec */ + ); + +OM_uint32 krb5_gss_accept_sec_context + (void *, + OM_uint32*, /* minor_status */ + gss_ctx_id_t*, /* context_handle */ + gss_cred_id_t, /* verifier_cred_handle */ + gss_buffer_t, /* input_token_buffer */ + gss_channel_bindings_t, + /* input_chan_bindings */ + gss_name_t*, /* src_name */ + gss_OID*, /* mech_type */ + gss_buffer_t, /* output_token */ + int*, /* ret_flags */ + OM_uint32*, /* time_rec */ + gss_cred_id_t* /* delegated_cred_handle */ + ); + +OM_uint32 krb5_gss_process_context_token + (void *, + OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t /* token_buffer */ + ); + +OM_uint32 krb5_gss_delete_sec_context + (void *, + OM_uint32*, /* minor_status */ + gss_ctx_id_t*, /* context_handle */ + gss_buffer_t /* output_token */ + ); + +OM_uint32 krb5_gss_context_time + (void *, + OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + OM_uint32* /* time_rec */ + ); + +OM_uint32 krb5_gss_sign + (void *, + OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ + ); + +OM_uint32 krb5_gss_verify + (void *, + OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* token_buffer */ + int* /* qop_state */ + ); + +OM_uint32 krb5_gss_seal + (void *, + OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + int, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int*, /* conf_state */ + gss_buffer_t /* output_message_buffer */ + ); + +OM_uint32 krb5_gss_unseal + (void *, + OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int*, /* conf_state */ + int* /* qop_state */ + ); + +OM_uint32 krb5_gss_display_status + (void *, + OM_uint32*, /* minor_status */ + OM_uint32, /* status_value */ + int, /* status_type */ + gss_OID, /* mech_type */ + int*, /* message_context */ + gss_buffer_t /* status_string */ + ); + +OM_uint32 krb5_gss_indicate_mechs + (void *, + OM_uint32*, /* minor_status */ + gss_OID_set* /* mech_set */ + ); + +OM_uint32 krb5_gss_compare_name + (void *, + OM_uint32*, /* minor_status */ + gss_name_t, /* name1 */ + gss_name_t, /* name2 */ + int* /* name_equal */ + ); + +OM_uint32 krb5_gss_display_name + (void *, + OM_uint32*, /* minor_status */ + gss_name_t, /* input_name */ + gss_buffer_t, /* output_name_buffer */ + gss_OID* /* output_name_type */ + ); + +OM_uint32 krb5_gss_import_name + (void *, + OM_uint32*, /* minor_status */ + gss_buffer_t, /* input_name_buffer */ + gss_OID, /* input_name_type */ + gss_name_t* /* output_name */ + ); + +OM_uint32 krb5_gss_release_name + (void *, + OM_uint32*, /* minor_status */ + gss_name_t* /* input_name */ + ); + +OM_uint32 krb5_gss_inquire_cred + (void *, + OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_name_t *, /* name */ + OM_uint32 *, /* lifetime */ + int *, /* cred_usage */ + gss_OID_set * /* mechanisms */ + ); + +OM_uint32 krb5_gss_inquire_context + (void *, + OM_uint32*, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_name_t*, /* initiator_name */ + gss_name_t*, /* acceptor_name */ + OM_uint32*, /* lifetime_rec */ + gss_OID*, /* mech_type */ + int*, /* ret_flags */ + int* /* locally_initiated */ + ); + +OM_uint32 krb5_gss_add_cred + (void *, + OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* input_cred_handle */ + gss_name_t, /* desired_name */ + gss_OID, /* desired_mech */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *, /* initiator_time_rec */ + OM_uint32 * /* acceptor_time_rec */ + ); + + +OM_uint32 krb5_gss_export_sec_context + (void *, + OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t /* interprocess_token */ + ); + +OM_uint32 krb5_gss_import_sec_context + (void *, + OM_uint32 *, /* minor_status */ + gss_buffer_t, /* interprocess_token */ + gss_ctx_id_t * /* context_handle */ + ); + +OM_uint32 krb5_gss_inquire_cred_by_mech + (void *, + OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_OID, /* mech_type */ + gss_name_t *, /* name */ + OM_uint32 *, /* initiator_lifetime */ + OM_uint32 *, /* acceptor_lifetime */ + gss_cred_usage_t * /* cred_usage */ + ); + +OM_uint32 krb5_gss_inquire_names_for_mech + (void *, + OM_uint32 *, /* minor_status */ + gss_OID, /* mechanism */ + gss_OID_set * /* name_types */ + ); + +extern OM_uint32 krb5_gss_get_context + (void** + ); + +extern int krb5_pname_to_uid + (char *, /* minor_status */ + gss_OID, /* name_type */ + gss_OID, /* mech_type */ + uid_t * /* input_name */ + ); + +/* + * This is the declaration of the mechs_array table for Kerberos V5. + * If the gss_mechanism structure changes, so should this array! I + * told you it was a private interface! + */ + +/* ident "@(#)krb5_gssd_init_srvr.conf 1.16 95/08/07 SMI" */ + +static struct gss_config krb5_mechanism = + {{5,"\053\005\001\005\002"}, + 0, /* context, to be filled */ + krb5_gss_acquire_cred, + krb5_gss_release_cred, + krb5_gss_init_sec_context, + krb5_gss_accept_sec_context, + krb5_gss_process_context_token, + krb5_gss_delete_sec_context, + krb5_gss_context_time, + krb5_gss_sign, + krb5_gss_verify, + krb5_gss_seal, + krb5_gss_unseal, + krb5_gss_display_status, + krb5_gss_indicate_mechs, + krb5_gss_compare_name, + krb5_gss_display_name, + krb5_gss_import_name, + krb5_gss_release_name, + krb5_gss_inquire_cred, + krb5_gss_add_cred, + krb5_gss_export_sec_context, + krb5_gss_import_sec_context, + krb5_gss_inquire_cred_by_mech, + krb5_gss_inquire_names_for_mech, + krb5_pname_to_uid, + }; + +#include "k5-int.h" + +/* + * Do we want to allocate a new kg_context everytime we call this? + * I don't know -- for now, just allocate one of them. + */ +static krb5_context kg_context; + +OM_uint32 +krb5_gss_get_context(context) +void ** context; +{ + if (context == NULL) + return GSS_S_FAILURE; + + if (kg_context) + *context = kg_context; + else { + if (krb5_init_context(&kg_context)) + return GSS_S_FAILURE; + else + *context = kg_context; + } + return GSS_S_COMPLETE; +} + +gss_mechanism +krb5_gss_initialize() +{ + krb5_gss_get_context(&(krb5_mechanism.context)); + return (&krb5_mechanism); +} diff --git a/src/lib/gssapi/krb5/pname_to_uid.c b/src/lib/gssapi/krb5/pname_to_uid.c new file mode 100644 index 000000000..619b4657c --- /dev/null +++ b/src/lib/gssapi/krb5/pname_to_uid.c @@ -0,0 +1,88 @@ +#ident "@(#)krb5_pname_to_uid.c 1.2 95/05/11 SMI" +/* + * krb5 mechanism specific routine for pname_to_uid + * + * Copyright 1995 Sun Microsystems, Inc. + */ + +#include +#include +#include + +extern char *strpbrk(const char *s1, const char *s2); +extern struct passwd *getpwnam(const char *name); + +int +krb5_pname_to_uid(pname, name_type, mech_type, uid) + +char * pname; +gss_OID name_type; +gss_OID mech_type; +uid_t * uid; +{ + + struct passwd *pw; + char *pname_copy, *prefix, *suffix, *default_realm = NULL, + *temp; + unsigned char krb5principalname[] = + {"\052\206\110\206\367\022\001\002\002\001"}; + +/* + * check that the name_type is the Kerberos Principal Name form + * [1.2.840.113554.1.2.2.1] or NULL. + */ + + if(name_type->length !=0) + if((name_type->length != 10) + || + (memcmp(name_type->elements, krb5principalname, 10) != 0)) + return(0); +/* take care of the special case of "root.@realm */ + + if(strncmp(pname, "root.", 5) == 0) { + *uid = 0; + return(1); + } + +/* get the name and realm parts of the Kerberos Principal Name */ + + pname_copy = (char *) malloc(strlen(pname)+1); + strcpy(pname_copy, pname); + prefix = pname_copy; + suffix = pname_copy; + + /* find last occurance of "@" */ + + temp = (char *) !NULL; + while(temp != NULL) + suffix = (((temp = strpbrk(suffix, "@")) == NULL) ? + suffix : temp+1); + + if(suffix != pname_copy) + *(suffix-1) = '\0'; + +/* Make sure the name is in the local realm */ + + if(suffix != pname_copy) { + krb5_get_default_realm(&default_realm); + if(default_realm == NULL || + strcmp(default_realm, suffix) != 0) { + free(pname_copy); + return(0); + } + } + +/* + * call getpwnam() and return uid result if successful. + * Otherwise, return failure. + */ + + if(pw = getpwnam(prefix)) { + *uid = pw->pw_uid; + free(pname_copy); + return(1); + } else { + free(pname_copy); + return(0); + } +}