X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_mech.c;h=7343b310fd8d02e6b44bd80f73c6ebce480971ca;hb=a4a91192e39832457581c00a484ae567b2f7e30f;hp=756057538a78ebdcf1ae6e5d7c10006a1edc7f4d;hpb=251ae350d3edce2b627f7fc9b7d790f5d615f777;p=moonshot.git

diff --git a/mech_eap/util_mech.c b/mech_eap/util_mech.c
index 7560575..7343b31 100644
--- a/mech_eap/util_mech.c
+++ b/mech_eap/util_mech.c
@@ -30,11 +30,15 @@
  * SUCH DAMAGE.
  */
 
+/*
+ * General mechanism utility routines.
+ */
+
 #include "gssapiP_eap.h"
 
 /*
  * 1.3.6.1.4.1.5322(padl)
- *      gssEap(21)
+ *      gssEap(22)
  *       mechanisms(1)
  *        eap-aes128-cts-hmac-sha1-96(17)
  *        eap-aes256-cts-hmac-sha1-96(18)
@@ -47,19 +51,30 @@
  *        mechInvoke(5)
  */
 
-static gss_OID_desc gssEapConcreteMechs[] = {
-    /* 1.3.6.1.4.1.5322.21.1  */
-    { 9, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" },
-    /* 1.3.6.1.4.1.5322.21.1.17 */
-    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" },
-    /* 1.3.6.1.4.1.5322.21.1.18 */
-    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
+/*
+ * Note: the enctype-less OID is used as the mechanism OID in exported
+ * names. There is no public symbol for it. This is consistent with
+ * the krb5 mechanism which, whilst known by many OIDs, always uses a
+ * canonical OID for exported names. (This OID is also returned by
+ * gss_inquire_name.)
+ */
+static gss_OID_desc gssEapMechOids[] = {
+    /* 1.3.6.1.4.1.5322.22.1  */
+    { 9, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01" },
+    /* 1.3.6.1.4.1.5322.22.1.17 */
+    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01\x11" },
+    /* 1.3.6.1.4.1.5322.22.1.18 */
+    { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01\x12" }
 };
 
-gss_OID GSS_EAP_MECHANISM                            = &gssEapConcreteMechs[0];
-gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM    = &gssEapConcreteMechs[1];
-gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM    = &gssEapConcreteMechs[2];
+gss_OID GSS_EAP_MECHANISM                            = &gssEapMechOids[0];
+gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM    = &gssEapMechOids[1];
+gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM    = &gssEapMechOids[2];
 
+/*
+ * Returns TRUE is the OID is a concrete mechanism OID, that is, one
+ * with a Kerberos enctype as the last element.
+ */
 int
 gssEapIsConcreteMechanismOid(const gss_OID oid)
 {
@@ -76,6 +91,9 @@ gssEapIsMechanismOid(const gss_OID oid)
            gssEapIsConcreteMechanismOid(oid);
 }
 
+/*
+ * Validate that all elements are concrete mechanism OIDs.
+ */
 OM_uint32
 gssEapValidateMechs(OM_uint32 *minor,
                     const gss_OID_set mechs)
@@ -91,8 +109,10 @@ gssEapValidateMechs(OM_uint32 *minor,
     for (i = 0; i < mechs->count; i++) {
         gss_OID oid = &mechs->elements[i];
 
-        if (!gssEapIsMechanismOid(oid))
+        if (!gssEapIsConcreteMechanismOid(oid)) {
+            *minor = GSSEAP_WRONG_MECH;
             return GSS_S_BAD_MECH;
+        }
     }
 
     return GSS_S_COMPLETE;
@@ -133,7 +153,8 @@ gssEapEnctypeToOid(OM_uint32 *minor,
         return GSS_S_FAILURE;
     }
 
-    oid->elements = GSSEAP_MALLOC(GSS_EAP_MECHANISM->length + 1);
+    oid->length = GSS_EAP_MECHANISM->length + 1;
+    oid->elements = GSSEAP_MALLOC(oid->length);
     if (oid->elements == NULL) {
         *minor = ENOMEM;
         GSSEAP_FREE(oid);
@@ -174,7 +195,7 @@ gssEapIndicateMechs(OM_uint32 *minor,
 
     major = gss_create_empty_oid_set(minor, mechs);
     if (GSS_ERROR(major)) {
-        GSSEAP_FREE(etypes); /* XXX */
+        GSSEAP_FREE(etypes);
         return major;
     }
 
@@ -196,8 +217,9 @@ gssEapIndicateMechs(OM_uint32 *minor,
         gss_release_oid(&tmpMinor, &mechOid);
     }
 
-    GSSEAP_FREE(etypes); /* XXX */
+    GSSEAP_FREE(etypes);
 
+    *minor = 0;
     return major;
 }
 
@@ -239,10 +261,10 @@ gssEapInternalizeOid(const gss_OID oid,
     *pInternalizedOid = GSS_C_NO_OID;
 
     for (i = 0;
-         i < sizeof(gssEapConcreteMechs) / sizeof(gssEapConcreteMechs[0]);
+         i < sizeof(gssEapMechOids) / sizeof(gssEapMechOids[0]);
          i++) {
-        if (oidEqual(oid, &gssEapConcreteMechs[i])) {
-            *pInternalizedOid = (const gss_OID)&gssEapConcreteMechs[i];
+        if (oidEqual(oid, &gssEapMechOids[i])) {
+            *pInternalizedOid = (const gss_OID)&gssEapMechOids[i];
             break;
         }
     }
@@ -259,3 +281,52 @@ gssEapInternalizeOid(const gss_OID oid,
 
     return 1;
 }
+
+OM_uint32
+gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid)
+{
+    gss_OID internalizedOid = GSS_C_NO_OID;
+
+    *minor = 0;
+
+    if (gssEapInternalizeOid(*oid, &internalizedOid)) {
+        /* OID was internalized, so we can mark it as "freed" */
+        *oid = GSS_C_NO_OID;
+        return GSS_S_COMPLETE;
+    }
+
+    /* we don't know about this OID */
+    return GSS_S_CONTINUE_NEEDED;
+}
+
+static gss_buffer_desc gssEapSaslMechs[] = {
+    { sizeof("EAP") - 1,        "EAP",       }, /* not used */
+    { sizeof("EAP-AES128") - 1, "EAP-AES128" },
+    { sizeof("EAP-AES256") - 1, "EAP-AES256" },
+};
+
+gss_buffer_t
+gssEapOidToSaslName(const gss_OID oid)
+{
+    size_t i;
+
+    for (i = 1; i < sizeof(gssEapMechOids)/sizeof(gssEapMechOids[0]); i++) {
+        if (oidEqual(&gssEapMechOids[i], oid))
+            return &gssEapSaslMechs[i];
+    }
+
+    return GSS_C_NO_BUFFER;
+}
+
+gss_OID
+gssEapSaslNameToOid(const gss_buffer_t name)
+{
+    size_t i;
+
+    for (i = 1; i < sizeof(gssEapSaslMechs)/sizeof(gssEapSaslMechs[0]); i++) {
+        if (bufferEqual(&gssEapSaslMechs[i], name))
+            return &gssEapMechOids[i];
+    }
+
+    return GSS_C_NO_OID;
+}