From 06451a4fb043d7d6fb3962a825453f45fdff4b7e Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Tue, 23 Jan 1996 08:34:12 +0000 Subject: [PATCH] Added Sun's changes (from Roland), as fixed by Ted, to finally have a fully working mechglue layer. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7362 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/mechglue/Makefile.in | 90 +++-- src/lib/gssapi/mechglue/configure.in | 10 +- src/lib/gssapi/mechglue/g_acquire_cred.c | 28 +- src/lib/gssapi/mechglue/g_exp_sec_context.c | 55 +++ src/lib/gssapi/mechglue/g_imp_sec_context.c | 56 +++ src/lib/gssapi/mechglue/g_inquire_context.c | 166 +++++++++ src/lib/gssapi/mechglue/g_inquire_names.c | 51 +++ src/lib/gssapi/mechglue/g_oid_ops.c | 107 ++++++ src/lib/gssapi/mechglue/g_rel_cred.c | 4 +- src/lib/gssapi/mechglue/g_rel_oid_set.c | 5 + src/lib/gssapi/mechglue/g_verify.c | 2 +- src/lib/gssapi/mechglue/gen_oids.c | 55 +++ src/lib/gssapi/mechglue/mglueP.h | 60 +++- src/lib/gssapi/mechglue/oid_ops.c | 360 ++++++++++++++++++++ 14 files changed, 995 insertions(+), 54 deletions(-) create mode 100644 src/lib/gssapi/mechglue/g_exp_sec_context.c create mode 100644 src/lib/gssapi/mechglue/g_imp_sec_context.c create mode 100644 src/lib/gssapi/mechglue/g_inquire_context.c create mode 100644 src/lib/gssapi/mechglue/g_inquire_names.c create mode 100644 src/lib/gssapi/mechglue/g_oid_ops.c create mode 100644 src/lib/gssapi/mechglue/gen_oids.c create mode 100644 src/lib/gssapi/mechglue/oid_ops.c diff --git a/src/lib/gssapi/mechglue/Makefile.in b/src/lib/gssapi/mechglue/Makefile.in index 90cbd7b58..122202a8f 100644 --- a/src/lib/gssapi/mechglue/Makefile.in +++ b/src/lib/gssapi/mechglue/Makefile.in @@ -6,41 +6,53 @@ CFLAGS = $(CCOPTS) $(DEFS) -I. -I$(srcdir) ##DOS!include $(BUILDTOP)\config\windows.in LIBDONE=DONE -LIB_SUBDIRSS=. - -SRCS = g_acquire_cred.c \ - g_rel_cred.c \ - g_init_sec_context.c \ - g_accept_sec_context.c \ - g_process_context.c \ - g_delete_sec_context.c \ - g_context_time.c \ - g_sign.c \ - g_verify.c \ - g_seal.c \ - g_unseal.c \ - g_dsp_status.c \ - g_indicate_mechs.c \ - g_compare_name.c \ - g_dsp_name.c \ - g_imp_name.c \ - g_rel_name.c \ - g_rel_buffer.c \ - g_rel_oid_set.c \ - g_inquire_cred.c \ - g_initialize.c \ - get_mtype.c \ - get_mechanism.c \ - internal_name.c \ - gssd_pname_to_uid.c \ - add_mechanism.c - +LIB_SUBDIRS=. +DEPLIBS= +SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@ +SHLIB_LIBDIRS= @SHLIB_LIBDIRS@ + +SRCS = $(srcdir)/g_acquire_cred.c \ + $(srcdir)/g_rel_cred.c \ + $(srcdir)/g_init_sec_context.c \ + $(srcdir)/g_accept_sec_context.c \ + $(srcdir)/g_process_context.c \ + $(srcdir)/g_delete_sec_context.c \ + $(srcdir)/g_imp_sec_context.c \ + $(srcdir)/g_exp_sec_context.c \ + $(srcdir)/g_context_time.c \ + $(srcdir)/g_sign.c \ + $(srcdir)/g_verify.c \ + $(srcdir)/g_seal.c \ + $(srcdir)/g_unseal.c \ + $(srcdir)/g_dsp_status.c \ + $(srcdir)/g_indicate_mechs.c \ + $(srcdir)/g_compare_name.c \ + $(srcdir)/g_dsp_name.c \ + $(srcdir)/g_imp_name.c \ + $(srcdir)/g_rel_name.c \ + $(srcdir)/g_rel_buffer.c \ + $(srcdir)/g_rel_oid_set.c \ + $(srcdir)/g_oid_ops.c \ + $(srcdir)/g_inquire_cred.c \ + $(srcdir)/g_inquire_context.c \ + $(srcdir)/g_inquire_names.c \ + $(srcdir)/g_initialize.c \ + $(srcdir)/get_mtype.c \ + $(srcdir)/get_mechanism.c \ + $(srcdir)/internal_name.c \ + $(srcdir)/gssd_pname_to_uid.c \ + $(srcdir)/add_mechanism.c \ + $(srcdir)/gen_oids.c \ + $(srcdir)/oid_ops.c + OBJS = g_acquire_cred.$(OBJEXT) \ g_rel_cred.$(OBJEXT) \ g_init_sec_context.$(OBJEXT) \ g_accept_sec_context.$(OBJEXT) \ g_process_context.$(OBJEXT) \ g_delete_sec_context.$(OBJEXT) \ + g_imp_sec_context.$(OBJEXT) \ + g_exp_sec_context.$(OBJEXT) \ g_context_time.$(OBJEXT) \ g_sign.$(OBJEXT) \ g_verify.$(OBJEXT) \ @@ -54,13 +66,18 @@ OBJS = g_acquire_cred.$(OBJEXT) \ g_rel_name.$(OBJEXT) \ g_rel_buffer.$(OBJEXT) \ g_rel_oid_set.$(OBJEXT) \ + g_oid_ops.$(OBJEXT) \ g_inquire_cred.$(OBJEXT) \ + g_inquire_context.$(OBJEXT) \ + g_inquire_names.$(OBJEXT) \ g_initialize.$(OBJEXT) \ get_mtype.$(OBJEXT) \ get_mechanism.$(OBJEXT) \ internal_name.$(OBJEXT) \ gssd_pname_to_uid.$(OBJEXT) \ - add_mechanism.$(OBJEXT) + add_mechanism.$(OBJEXT) \ + gen_oids.$(OBJEXT) \ + oid_ops.$(OBJEXT) EHDRDIR= $(BUILDTOP)$(S)include$(S)gssapi EXPORTED_HEADERS = mechglue.h @@ -84,10 +101,19 @@ shared: unixmac: -libgssapi.$(LIBEXT): $(OBJS) - $(ARCHIVE) $@ $(OBJS) +libgssapi.$(STEXT): $(OBJS) + $(RM) $@ + $(ARADD) $@ $(OBJS) $(RANLIB) $@ +install:: libgssapi.a + $(INSTALL_DATA) libgssapi.a $(DESTDIR)$(KRB5_LIBDIR)/libgssapi.a + $(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/libgssapi.a + +#libgssapi.$(LIBEXT): $(OBJS) +# $(ARCHIVE) $@ $(OBJS) +# $(RANLIB) $@ + clean:: clean-$(WHAT) clean-unix:: diff --git a/src/lib/gssapi/mechglue/configure.in b/src/lib/gssapi/mechglue/configure.in index 755d6e2a5..e691fe424 100644 --- a/src/lib/gssapi/mechglue/configure.in +++ b/src/lib/gssapi/mechglue/configure.in @@ -1,13 +1,15 @@ AC_INIT(configure.in) CONFIG_RULES AC_PROG_ARCHIVE +AC_PROG_ARCHIVE_ADD AC_PROG_RANLIB AC_PROG_INSTALL V5_SHARED_LIB_OBJS SubdirLibraryRule([${OBJS}]) CopySrcHeader(mechglue.h,[$(EHDRDIR)]) -dnl AppendRule([install:: libgssapi.[$](LIBEXT) -dnl [$](INSTALL_DATA) libgssapi.[$](LIBEXT) [$](DESTDIR)[$](KRB5_LIBDIR)[$](S)libgssapi.[$](LIBEXT)]) -dnl LinkFileDir([$](TOPLIBD)/libgssapi.[$](LIBEXT),libgssapi.[$](LIBEXT),./gssapi/mechglue) -dnl AppendRule([all:: [$](TOPLIBD)/libgssapi.[$](LIBEXT)]) +AppendRule([install:: libgssapi.[$](LIBEXT) + [$](INSTALL_DATA) libgssapi.[$](LIBEXT) [$](DESTDIR)[$](KRB5_LIBDIR)[$](S)libgssapi.[$](LIBEXT)]) +LinkFileDir([$](TOPLIBD)/libgssapi.[$](LIBEXT),libgssapi.[$](LIBEXT),./gssapi/mechglue) +AppendRule([all:: [$](TOPLIBD)/libgssapi.[$](LIBEXT)]) +V5_MAKE_SHARED_LIB(libgssapi,0.1,.., ./mechglue) V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c index 111819be6..e904c9dda 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred.c @@ -214,15 +214,15 @@ OM_uint32 * time_rec; desired_mechs->elements[i].elements, desired_mechs->elements[i].length); creds->cred_array[j] = creds_returned[i].cred; - - (*actual_mechs)->elements[j].length = - desired_mechs->elements[i].length; - (*actual_mechs)->elements[j].elements = (void *) - malloc(desired_mechs->elements[i].length); - memcpy((*actual_mechs)->elements[j].elements, - desired_mechs->elements[i].elements, - desired_mechs->elements[i].length); - + if (actual_mechs) { + (*actual_mechs)->elements[j].length = + desired_mechs->elements[i].length; + (*actual_mechs)->elements[j].elements = (void *) + malloc(desired_mechs->elements[i].length); + memcpy((*actual_mechs)->elements[j].elements, + desired_mechs->elements[i].elements, + desired_mechs->elements[i].length); + } j++; } } @@ -253,12 +253,14 @@ OM_uint32 * time_rec; for(i=0; i < creds->count; i++) { free(creds->mechs_array[i].elements); - free((*actual_mechs)->elements[i].elements); + if (actual_mechs) free((*actual_mechs)->elements[i].elements); } - free((*actual_mechs)->elements); - free(*actual_mechs); - *actual_mechs = GSS_C_NULL_OID_SET; + if (actual_mechs) { + free((*actual_mechs)->elements); + free(*actual_mechs); + *actual_mechs = GSS_C_NULL_OID_SET; + } free(creds->cred_array); free(creds->mechs_array); free(creds); diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c new file mode 100644 index 000000000..1bb7a67a6 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c @@ -0,0 +1,55 @@ + +#ident "@(#)g_exp_sec_context.c 1.2 96/01/18 SMI" + +/* + * glue routine gss_export_sec_context + * + * Copyright (c) 1995, by Sun Microsystems, Inc. + * All rights reserved. + */ + +#include "mglueP.h" + +OM_uint32 +gss_export_sec_context(minor_status, + context_handle, + interprocess_token) + +OM_uint32 * minor_status; +gss_ctx_id_t * context_handle; +gss_buffer_t interprocess_token; + +{ + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + gss_initialize(); + + if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) *context_handle; + mech = get_mechanism (ctx->mech_type); + + if (mech) { + + if (mech->gss_export_sec_context) + status = mech->gss_export_sec_context( + mech->context, + minor_status, + &ctx->internal_ctx_id, + interprocess_token); + else + status = GSS_S_BAD_BINDINGS; + + return(status); + } + + return(GSS_S_NO_CONTEXT); +} diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c new file mode 100644 index 000000000..dde516add --- /dev/null +++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c @@ -0,0 +1,56 @@ + +#ident "@(#)g_imp_sec_context.c 1.2 96/01/18 SMI" + +/* + * glue routine gss_export_sec_context + * + * Copyright (c) 1995, by Sun Microsystems, Inc. + * All rights reserved. + */ + +#include "mglueP.h" + +OM_uint32 +gss_import_sec_context(minor_status, + interprocess_token, + context_handle) + +OM_uint32 * minor_status; +gss_buffer_t interprocess_token; +gss_ctx_id_t * context_handle; + +{ + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + gss_initialize(); + + if (context_handle == NULL || *context_handle==GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) *context_handle; + mech = get_mechanism (ctx->mech_type); + + if (mech) { + + if (mech->gss_import_sec_context) + status = mech->gss_import_sec_context( + mech->context, + minor_status, + interprocess_token, + &ctx->internal_ctx_id); + + else + status = GSS_S_BAD_BINDINGS; + + return(status); + } + + return(GSS_S_NO_CONTEXT); +} diff --git a/src/lib/gssapi/mechglue/g_inquire_context.c b/src/lib/gssapi/mechglue/g_inquire_context.c new file mode 100644 index 000000000..2d3dfccb0 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_inquire_context.c @@ -0,0 +1,166 @@ + +#ident "@(#)g_inquire_context.c 1.2 96/01/18 SMI" + +/* + * glue routine for gss_inquire_context + * + * Copyright (c) 1995, by Sun Microsystems, Inc. + * All rights reserved. + */ + +#include "mglueP.h" + +static OM_uint32 +convert_name_to_union_name( + gss_mechanism mech, + OM_uint32 *minor_status, + gss_name_t * internal_name); + + +/* Last argument new for V2 */ +OM_uint32 gss_inquire_context( + minor_status, + context_handle, + src_name, + targ_name, + lifetime_rec, + mech_type, + ctx_flags, + locally_initiated, + open) + +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +gss_name_t * src_name; +gss_name_t * targ_name; +OM_uint32 * lifetime_rec; +gss_OID * mech_type; +OM_uint32 * ctx_flags; +int * locally_initiated; +int * open; + + +{ + gss_union_ctx_id_t ctx; + gss_mechanism mech; + OM_uint32 status, temp_minor, temp_major; + + gss_initialize(); + + /* if the context_handle is Null, return NO_CONTEXT error */ + + if(context_handle == GSS_C_NO_CONTEXT) + return(GSS_S_NO_CONTEXT); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = get_mechanism (ctx->mech_type); + + if (!mech || !mech->gss_inquire_context || !mech->gss_display_name) { + return(GSS_S_NO_CONTEXT); + + } + + status = mech->gss_inquire_context( + mech->context, + minor_status, + ctx->internal_ctx_id, + src_name, + targ_name, + lifetime_rec, + mech_type, + ctx_flags, + locally_initiated, + open); + + if (status != GSS_S_COMPLETE) { + return status; + } + + /* need to convert names */ + + if (src_name) { + status = convert_name_to_union_name(mech, minor_status, src_name); + + if (status != GSS_S_COMPLETE) { + (void) mech->gss_release_name(mech->context, + &temp_minor, src_name); + (void) mech->gss_release_name(mech->context, + &temp_minor, targ_name); + if (mech_type) { + gss_release_oid(&temp_minor, mech_type); + } + return (GSS_S_FAILURE); + } + + } + + if (targ_name) { + status = convert_name_to_union_name(mech, minor_status, targ_name); + + if (status != GSS_S_COMPLETE) { + (void) mech->gss_release_name(mech->context, + &temp_minor, targ_name); + if (mech_type) { + gss_release_oid(&temp_minor, mech_type); + } + return (GSS_S_FAILURE); + } + } + + return(GSS_S_COMPLETE); +} + +static OM_uint32 +convert_name_to_union_name( + mech, + minor_status, + internal_name) +gss_mechanism mech; +OM_uint32 *minor_status; +gss_name_t * internal_name; + +{ + OM_uint32 status; + gss_OID name_type; + gss_union_name_t union_name; + + union_name = (gss_union_name_t) malloc (sizeof(gss_union_name_desc)); + if (!union_name) + return (GSS_S_FAILURE); + + union_name->external_name = + (gss_buffer_t) malloc(sizeof(gss_buffer_desc)); + + if (!union_name->external_name) { + free(union_name); + return (GSS_S_FAILURE); + } + + status = mech->gss_display_name( + mech->context, + minor_status, + *internal_name, + union_name->external_name, + &union_name->name_type); + + if (status != GSS_S_COMPLETE) { + free(union_name->external_name); + free(union_name); + return (GSS_S_FAILURE); + } + + status = mech->gss_release_name( + mech->context, + minor_status, + internal_name); + + *internal_name = union_name; + + return (GSS_S_COMPLETE); + +} diff --git a/src/lib/gssapi/mechglue/g_inquire_names.c b/src/lib/gssapi/mechglue/g_inquire_names.c new file mode 100644 index 000000000..05548cbe9 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_inquire_names.c @@ -0,0 +1,51 @@ + +#ident "@(#)g_inquire_names.c 1.1 95/12/19 SMI" + +/* + * glue routine for gss_inquire_context + * + * Copyright (c) 1995, by Sun Microsystems, Inc. + * All rights reserved. + */ + +#include "mglueP.h" + +/* Last argument new for V2 */ +OM_uint32 gss_inquire_names_for_mech( + minor_status, + mechanism, + name_types) + +OM_uint32 * minor_status; +gss_OID mechanism; +gss_OID_set * name_types; + +{ + OM_uint32 status; + gss_mechanism mech; + + gss_initialize(); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + mech = get_mechanism (mechanism); + + if (mech) { + + if (mech->gss_inquire_names_for_mech) + status = mech->gss_inquire_names_for_mech( + mech->context, + minor_status, + mechanism, + name_types); + else + status = GSS_S_BAD_BINDINGS; + + return(status); + } + + return(GSS_S_NO_CONTEXT); +} diff --git a/src/lib/gssapi/mechglue/g_oid_ops.c b/src/lib/gssapi/mechglue/g_oid_ops.c new file mode 100644 index 000000000..91033c403 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_oid_ops.c @@ -0,0 +1,107 @@ +/* + * lib/gssapi/mechglue/g_oid_ops.c + * + * Copyright 1995 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * oid_ops.c - GSS-API V2 interfaces to manipulate OIDs + */ + +#include "mglueP.h" +/* should include to get protos #include "../generic/gssapiP_generic.h" */ + +extern gss_mechanism *mechs_array; + +OM_uint32 +gss_release_oid(minor_status, oid) + OM_uint32 *minor_status; + gss_OID *oid; +{ + int i; + OM_uint32 major_status; + + /* first call the gss_internal_release_oid for each mechanism + * until one returns success. gss_internal_release_oid will only return + * success when the OID was recognized as an internal mechanism OID. + * if no mechanisms recognize the OID, then call the generic version. + */ + + for(i=0; mechs_array[i]->mech_type.length !=0; i++) { + if (mechs_array[i]->gss_internal_release_oid) { + major_status = mechs_array[i]->gss_internal_release_oid( + mechs_array[i]->context, + minor_status, + oid); + if (major_status == GSS_S_COMPLETE) { + return (GSS_S_COMPLETE); + } + } + } + + return generic_gss_release_oid(minor_status, oid); +} + +OM_uint32 +gss_create_empty_oid_set(minor_status, oid_set) + OM_uint32 *minor_status; + gss_OID_set *oid_set; +{ + return generic_gss_create_empty_oid_set(minor_status, oid_set); +} + +OM_uint32 +gss_add_oid_set_member(minor_status, member_oid, oid_set) + OM_uint32 *minor_status; + gss_OID member_oid; + gss_OID_set *oid_set; +{ + return generic_gss_add_oid_set_member(minor_status, member_oid, oid_set); +} + +OM_uint32 +gss_test_oid_set_member(minor_status, member, set, present) + OM_uint32 *minor_status; + gss_OID member; + gss_OID_set set; + int *present; +{ + return generic_gss_test_oid_set_member(minor_status, member, set, present); +} + +OM_uint32 +gss_oid_to_str(minor_status, oid, oid_str) + OM_uint32 *minor_status; + gss_OID oid; + gss_buffer_t oid_str; +{ + return generic_gss_oid_to_str(minor_status, oid, oid_str); +} + +OM_uint32 +gss_str_to_oid(minor_status, oid_str, oid) + OM_uint32 *minor_status; + gss_buffer_t oid_str; + gss_OID *oid; +{ + return generic_gss_str_to_oid(minor_status, oid_str, oid); +} + diff --git a/src/lib/gssapi/mechglue/g_rel_cred.c b/src/lib/gssapi/mechglue/g_rel_cred.c index f5df0dffa..fc30c2801 100644 --- a/src/lib/gssapi/mechglue/g_rel_cred.c +++ b/src/lib/gssapi/mechglue/g_rel_cred.c @@ -49,8 +49,9 @@ gss_cred_id_t * cred_handle; mech = get_mechanism (&union_cred->mechs_array[j]); + if (union_cred->mechs_array[j].elements) + free(union_cred->mechs_array[j].elements); if (mech) { - if (mech->gss_release_cred) { temp_status = mech->gss_release_cred (mech->context, @@ -66,6 +67,7 @@ gss_cred_id_t * cred_handle; status = GSS_S_NO_CRED; } + gss_release_buffer(minor_status, &union_cred->auxinfo.name); free(union_cred->cred_array); free(union_cred->mechs_array); free(union_cred); diff --git a/src/lib/gssapi/mechglue/g_rel_oid_set.c b/src/lib/gssapi/mechglue/g_rel_oid_set.c index da1d0ed6d..ebb84530e 100644 --- a/src/lib/gssapi/mechglue/g_rel_oid_set.c +++ b/src/lib/gssapi/mechglue/g_rel_oid_set.c @@ -15,6 +15,9 @@ gss_release_oid_set (minor_status, OM_uint32 * minor_status; gss_OID_set * set; { + size_t index; + OM_uint32 status; + if (minor_status) *minor_status = 0; @@ -24,6 +27,8 @@ gss_OID_set * set; if (*set == GSS_C_NULL_OID_SET) return(GSS_S_COMPLETE); + for (index=0; index<(*set)->count; index++) + free((*set)->elements[index].elements); free((*set)->elements); free(*set); diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c index 1a5c149a7..0d3b890d4 100644 --- a/src/lib/gssapi/mechglue/g_verify.c +++ b/src/lib/gssapi/mechglue/g_verify.c @@ -58,7 +58,7 @@ int * qop_state; } OM_uint32 -gss_verify_misc (minor_status, +gss_verify_mic (minor_status, context_handle, message_buffer, token_buffer, diff --git a/src/lib/gssapi/mechglue/gen_oids.c b/src/lib/gssapi/mechglue/gen_oids.c new file mode 100644 index 000000000..cd3c1a835 --- /dev/null +++ b/src/lib/gssapi/mechglue/gen_oids.c @@ -0,0 +1,55 @@ +/* + * Copyright 1993 by OpenVision Technologies, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of OpenVision not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. OpenVision makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#include "mglueP.h" + +/* + * See krb5/gssapi_krb5.c for a description of the algorithm for + * encoding an object identifier. + */ + +/* + * The OID of user_name is: + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * generic(1) user_name(1) = 1.2.840.113554.1.2.1.1 + * machine_uid_name: + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * generic(1) machine_uid_name(2) = 1.2.840.113554.1.2.1.2 + * string_uid_name: + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * generic(1) string_uid_name(3) = 1.2.840.113554.1.2.1.3 + * service_name: + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * generic(1) service_name(4) = 1.2.840.113554.1.2.1.4 + */ + +static const gss_OID_desc oids[] = { + {10, "\052\206\110\206\367\022\001\002\001\001"}, + {10, "\052\206\110\206\367\022\001\002\001\002"}, + {10, "\052\206\110\206\367\022\001\002\001\003"}, + {10, "\052\206\110\206\367\022\001\002\001\004"}, +}; + +const gss_OID_desc * const gss_nt_user_name = oids+0; +const gss_OID_desc * const gss_nt_machine_uid_name = oids+1; +const gss_OID_desc * const gss_nt_string_uid_name = oids+2; +const gss_OID_desc * const gss_nt_service_name = oids+3; diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index a322f65c1..d0abead43 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -1,4 +1,4 @@ -#ident "%Z%%M% %I% %E% SMI" +#ident "@(#)mglueP.h 1.2 96/01/18 SMI" /* * This header contains the private mechglue definitions. * @@ -9,7 +9,7 @@ #ifndef _GSS_MECHGLUEP_H #define _GSS_MECHGLUEP_H -#include +#include "mechglue.h" #include /* @@ -252,19 +252,36 @@ typedef struct gss_config { OM_uint32 *, /* acceptor_lifetime */ gss_cred_usage_t * /* cred_usage */ ); - OM_uint32 (*gss_inquire_names_for_mech) (void *, /* context */ OM_uint32 *, /* minor_status */ gss_OID, /* mechanism */ gss_OID_set * /* name_types */ ); + OM_uint32 (*gss_inquire_context) + (void *, /* context */ + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_name_t *, /* src_name */ + gss_name_t *, /* targ_name */ + OM_uint32 *, /* lifetime_rec */ + gss_OID *, /* mech_type */ + OM_uint32 *, /* ctx_flags */ + int *, /* locally_initiated */ + int * /* open */ + ); + OM_uint32 (*gss_internal_release_oid) + (void *, /* context */ + OM_uint32 *, /* minor_status */ + gss_OID * /* OID */ + ); int (*pname_to_uid) (char *, /* pname */ gss_OID, /* name type */ gss_OID, /* mech type */ uid_t * /* uid */ ); + } *gss_mechanism; /********************************************************/ @@ -279,4 +296,41 @@ OM_uint32 display_internal_name (OM_uint32 *, gss_OID, gss_name_t, gss_buffer_t, gss_OID *); OM_uint32 release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); +OM_uint32 generic_gss_release_oid +PROTOTYPE( (OM_uint32 *, /* minor_status */ + gss_OID * /* oid */ + )); + +OM_uint32 generic_gss_create_empty_oid_set +PROTOTYPE( (OM_uint32 *, /* minor_status */ + gss_OID_set * /* oid_set */ + )); + +OM_uint32 generic_gss_add_oid_set_member +PROTOTYPE( (OM_uint32 *, /* minor_status */ + gss_OID, /* member_oid */ + gss_OID_set * /* oid_set */ + )); + +OM_uint32 generic_gss_test_oid_set_member +PROTOTYPE( (OM_uint32 *, /* minor_status */ + gss_OID, /* member */ + gss_OID_set, /* set */ + int * /* present */ + )); + +OM_uint32 generic_gss_oid_to_str +PROTOTYPE( (OM_uint32 *, /* minor_status */ + gss_OID, /* oid */ + gss_buffer_t /* oid_str */ + )); + +OM_uint32 generic_gss_str_to_oid +PROTOTYPE( (OM_uint32 *, /* minor_status */ + gss_buffer_t, /* oid_str */ + gss_OID * /* oid */ + )); + + + #endif /* _GSS_MECHGLUEP_H */ diff --git a/src/lib/gssapi/mechglue/oid_ops.c b/src/lib/gssapi/mechglue/oid_ops.c new file mode 100644 index 000000000..2db42af67 --- /dev/null +++ b/src/lib/gssapi/mechglue/oid_ops.c @@ -0,0 +1,360 @@ +/* + * lib/gssapi/generic/oid_ops.c + * + * Copyright 1995 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * oid_ops.c - GSS-API V2 interfaces to manipulate OIDs + */ + +#include "mglueP.h" +#include +#include +#include +#include +#ifndef _MACINTOSH +#include +#else +#include +#endif +#include +#include + +OM_uint32 +generic_gss_release_oid(minor_status, oid) + OM_uint32 *minor_status; + gss_OID *oid; +{ + *minor_status = 0; + + if (*oid == GSS_C_NO_OID) + return(GSS_S_COMPLETE); + + /* + * The V2 API says the following! + * + * gss_release_oid[()] will recognize any of the GSSAPI's own OID values, + * and will silently ignore attempts to free these OIDs; for other OIDs + * it will call the C free() routine for both the OID data and the + * descriptor. This allows applications to freely mix their own heap- + * allocated OID values with OIDs returned by GSS-API. + */ + if ((*oid != gss_nt_user_name) && + (*oid != gss_nt_machine_uid_name) && + (*oid != gss_nt_string_uid_name) && + (*oid != gss_nt_service_name)) { + free((*oid)->elements); + free(*oid); + } + *oid = GSS_C_NO_OID; + return(GSS_S_COMPLETE); +} + +OM_uint32 +generic_gss_create_empty_oid_set(minor_status, oid_set) + OM_uint32 *minor_status; + gss_OID_set *oid_set; +{ + if ((*oid_set = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)))) { + memset(*oid_set, 0, sizeof(gss_OID_set_desc)); + *minor_status = 0; + return(GSS_S_COMPLETE); + } + else { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } +} + +OM_uint32 +generic_gss_add_oid_set_member(minor_status, member_oid, oid_set) + OM_uint32 *minor_status; + gss_OID member_oid; + gss_OID_set *oid_set; +{ + gss_OID elist; + gss_OID lastel; + + elist = (*oid_set)->elements; + /* Get an enlarged copy of the array */ + if (((*oid_set)->elements = (gss_OID) malloc(((*oid_set)->count+1) * + sizeof(gss_OID_desc)))) { + /* Copy in the old junk */ + if (elist) + memcpy((*oid_set)->elements, + elist, + ((*oid_set)->count * sizeof(gss_OID_desc))); + + /* Duplicate the input element */ + lastel = &(*oid_set)->elements[(*oid_set)->count]; + if ((lastel->elements = + (void *) malloc((size_t) member_oid->length))) { + /* Success - copy elements */ + memcpy(lastel->elements, member_oid->elements, + (size_t) member_oid->length); + /* Set length */ + lastel->length = member_oid->length; + + /* Update count */ + (*oid_set)->count++; + if (elist) + free(elist); + *minor_status = 0; + return(GSS_S_COMPLETE); + } + else + free((*oid_set)->elements); + } + /* Failure - restore old contents of list */ + (*oid_set)->elements = elist; + *minor_status = ENOMEM; + return(GSS_S_FAILURE); +} + +OM_uint32 +generic_gss_test_oid_set_member(minor_status, member, set, present) + OM_uint32 *minor_status; + gss_OID member; + gss_OID_set set; + int *present; +{ + size_t i; + int result; + + result = 0; + for (i=0; icount; i++) { + if ((set->elements[i].length == member->length) && + !memcmp(set->elements[i].elements, + member->elements, + (size_t) member->length)) { + result = 1; + break; + } + } + *present = result; + *minor_status = 0; + return(GSS_S_COMPLETE); +} + +/* + * OID<->string routines. These are uuuuugly. + */ +OM_uint32 +generic_gss_oid_to_str(minor_status, oid, oid_str) + OM_uint32 *minor_status; + gss_OID oid; + gss_buffer_t oid_str; +{ + char numstr[128]; + unsigned long number; + int numshift; + size_t string_length; + size_t i; + unsigned char *cp; + char *bp; + + /* Decoded according to krb5/gssapi_krb5.c */ + + /* First determine the size of the string */ + string_length = 0; + number = 0; + numshift = 0; + cp = (unsigned char *) oid->elements; + number = (unsigned long) cp[0]; + sprintf(numstr, "%ld ", number/40); + string_length += strlen(numstr); + sprintf(numstr, "%ld ", number%40); + string_length += strlen(numstr); + for (i=1; ilength; i++) { + if ( (size_t) (numshift+7) < (sizeof(unsigned long)*8)) { + number = (number << 7) | (cp[i] & 0x7f); + numshift += 7; + } + else { + *minor_status = EINVAL; + return(GSS_S_FAILURE); + } + if ((cp[i] & 0x80) == 0) { + sprintf(numstr, "%ld ", number); + string_length += strlen(numstr); + number = 0; + numshift = 0; + } + } + /* + * If we get here, we've calculated the length of "n n n ... n ". Add 4 + * here for "{ " and "}\0". + */ + string_length += 4; + if ((bp = (char *) malloc(string_length))) { + strcpy(bp, "{ "); + number = (unsigned long) cp[0]; + sprintf(numstr, "%ld ", number/40); + strcat(bp, numstr); + sprintf(numstr, "%ld ", number%40); + strcat(bp, numstr); + number = 0; + cp = (unsigned char *) oid->elements; + for (i=1; ilength; i++) { + number = (number << 7) | (cp[i] & 0x7f); + if ((cp[i] & 0x80) == 0) { + sprintf(numstr, "%ld ", number); + strcat(bp, numstr); + number = 0; + } + } + strcat(bp, "}"); + oid_str->length = strlen(bp)+1; + oid_str->value = (void *) bp; + *minor_status = 0; + return(GSS_S_COMPLETE); + } + *minor_status = ENOMEM; + return(GSS_S_FAILURE); +} + +OM_uint32 +generic_gss_str_to_oid(minor_status, oid_str, oid) + OM_uint32 *minor_status; + gss_buffer_t oid_str; + gss_OID *oid; +{ + char *cp, *bp, *startp; + int brace; + long numbuf; + long onumbuf; + OM_uint32 nbytes; + int index; + unsigned char *op; + + brace = 0; + bp = (char *) oid_str->value; + cp = bp; + /* Skip over leading space */ + while ((bp < &cp[oid_str->length]) && isspace(*bp)) + bp++; + if (*bp == '{') { + brace = 1; + bp++; + } + while ((bp < &cp[oid_str->length]) && isspace(*bp)) + bp++; + startp = bp; + nbytes = 0; + + /* + * The first two numbers are chewed up by the first octet. + */ + if (sscanf(bp, "%ld", &numbuf) != 1) { + *minor_status = EINVAL; + return(GSS_S_FAILURE); + } + while ((bp < &cp[oid_str->length]) && isdigit(*bp)) + bp++; + while ((bp < &cp[oid_str->length]) && isspace(*bp)) + bp++; + if (sscanf(bp, "%ld", &numbuf) != 1) { + *minor_status = EINVAL; + return(GSS_S_FAILURE); + } + while ((bp < &cp[oid_str->length]) && isdigit(*bp)) + bp++; + while ((bp < &cp[oid_str->length]) && isspace(*bp)) + bp++; + nbytes++; + while (isdigit(*bp)) { + if (sscanf(bp, "%ld", &numbuf) != 1) { + *minor_status = EINVAL; + return(GSS_S_FAILURE); + } + while (numbuf) { + nbytes++; + numbuf >>= 7; + } + while ((bp < &cp[oid_str->length]) && isdigit(*bp)) + bp++; + while ((bp < &cp[oid_str->length]) && isspace(*bp)) + bp++; + } + if (brace && (*bp != '}')) { + *minor_status = EINVAL; + return(GSS_S_FAILURE); + } + + /* + * Phew! We've come this far, so the syntax is good. + */ + if ((*oid = (gss_OID) malloc(sizeof(gss_OID_desc)))) { + if (((*oid)->elements = (void *) malloc((size_t) nbytes))) { + (*oid)->length = nbytes; + op = (unsigned char *) (*oid)->elements; + bp = startp; + sscanf(bp, "%ld", &numbuf); + while (isdigit(*bp)) + bp++; + while (isspace(*bp)) + bp++; + onumbuf = 40*numbuf; + sscanf(bp, "%ld", &numbuf); + onumbuf += numbuf; + *op = (unsigned char) onumbuf; + op++; + while (isdigit(*bp)) + bp++; + while (isspace(*bp)) + bp++; + while (isdigit(*bp)) { + sscanf(bp, "%ld", &numbuf); + nbytes = 0; + /* Have to fill in the bytes msb-first */ + onumbuf = numbuf; + while (numbuf) { + nbytes++; + numbuf >>= 7; + } + numbuf = onumbuf; + op += nbytes; + index = -1; + while (numbuf) { + op[index] = (unsigned char) numbuf & 0x7f; + if (index != -1) + op[index] |= 0x80; + index--; + numbuf >>= 7; + } + while (isdigit(*bp)) + bp++; + while (isspace(*bp)) + bp++; + } + *minor_status = 0; + return(GSS_S_COMPLETE); + } + else { + free(*oid); + *oid = GSS_C_NO_OID; + } + } + *minor_status = ENOMEM; + return(GSS_S_FAILURE); +} + -- 2.26.2