X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_mech.c;h=131ac0b3311fbcffadefe948fbb93e3e1bf78ca6;hb=refs%2Fheads%2Fjson-name;hp=35b1570188b3a7747e28058c1ad959d2b33af57f;hpb=7bc9efe3999f6a7e069f9249a00a540b5b2b3eaf;p=mech_eap.orig diff --git a/util_mech.c b/util_mech.c index 35b1570..131ac0b 100644 --- a/util_mech.c +++ b/util_mech.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, JANET(UK) + * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -30,11 +30,15 @@ * SUCH DAMAGE. */ +/* + * General mechanism utility routines. + */ + #include "gssapiP_eap.h" /* * 1.3.6.1.4.1.5322(padl) - * gssEap(21) + * gssEap(22) * mechanisms(1) * eap-aes128-cts-hmac-sha1-96(17) * eap-aes256-cts-hmac-sha1-96(18) @@ -48,25 +52,26 @@ */ /* - * Note: the enctype-less OID is used as the mechanism OID in exported - * names. There is no exported symbol for it. This is consistent with - * the krb5 mechanism which, whilst known by many OIDs, always uses a - * canonical OID for exported names. (This OID is also returned by - * gss_inquire_name.) + * Note: the enctype-less OID is used as the mechanism OID in non- + * canonicalized exported names. */ static gss_OID_desc gssEapMechOids[] = { - /* 1.3.6.1.4.1.5322.21.1 */ - { 9, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" }, - /* 1.3.6.1.4.1.5322.21.1.17 */ - { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" }, - /* 1.3.6.1.4.1.5322.21.1.18 */ - { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" } + /* 1.3.6.1.4.1.5322.22.1 */ + { 9, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01" }, + /* 1.3.6.1.4.1.5322.22.1.17 */ + { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01\x11" }, + /* 1.3.6.1.4.1.5322.22.1.18 */ + { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x01\x12" } }; gss_OID GSS_EAP_MECHANISM = &gssEapMechOids[0]; gss_OID GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM = &gssEapMechOids[1]; gss_OID GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM = &gssEapMechOids[2]; +static int +internalizeOid(const gss_OID oid, + gss_OID *const pInternalizedOid); + /* * Returns TRUE is the OID is a concrete mechanism OID, that is, one * with a Kerberos enctype as the last element. @@ -105,8 +110,10 @@ gssEapValidateMechs(OM_uint32 *minor, for (i = 0; i < mechs->count; i++) { gss_OID oid = &mechs->elements[i]; - if (!gssEapIsConcreteMechanismOid(oid)) + if (!gssEapIsConcreteMechanismOid(oid)) { + *minor = GSSEAP_WRONG_MECH; return GSS_S_BAD_MECH; + } } return GSS_S_COMPLETE; @@ -161,7 +168,7 @@ gssEapEnctypeToOid(OM_uint32 *minor, enctype, oid); if (major == GSS_S_COMPLETE) { - gssEapInternalizeOid(oid, pOid); + internalizeOid(oid, pOid); *pOid = oid; } else { GSSEAP_FREE(oid->elements); @@ -189,7 +196,7 @@ gssEapIndicateMechs(OM_uint32 *minor, major = gss_create_empty_oid_set(minor, mechs); if (GSS_ERROR(major)) { - GSSEAP_FREE(etypes); /* XXX */ + GSSEAP_FREE(etypes); return major; } @@ -211,7 +218,7 @@ gssEapIndicateMechs(OM_uint32 *minor, gss_release_oid(&tmpMinor, &mechOid); } - GSSEAP_FREE(etypes); /* XXX */ + GSSEAP_FREE(etypes); *minor = 0; return major; @@ -234,7 +241,7 @@ gssEapDefaultMech(OM_uint32 *minor, return GSS_S_BAD_MECH; } - if (!gssEapInternalizeOid(&mechs->elements[0], oid)) { + if (!internalizeOid(&mechs->elements[0], oid)) { /* don't double-free if we didn't internalize it */ mechs->elements[0].length = 0; mechs->elements[0].elements = NULL; @@ -246,9 +253,9 @@ gssEapDefaultMech(OM_uint32 *minor, return GSS_S_COMPLETE; } -int -gssEapInternalizeOid(const gss_OID oid, - gss_OID *const pInternalizedOid) +static int +internalizeOid(const gss_OID oid, + gss_OID *const pInternalizedOid) { int i; @@ -264,8 +271,8 @@ gssEapInternalizeOid(const gss_OID oid, } if (*pInternalizedOid == GSS_C_NO_OID) { - if (oidEqual(oid, GSS_EAP_NT_PRINCIPAL_NAME)) - *pInternalizedOid = (const gss_OID)GSS_EAP_NT_PRINCIPAL_NAME; + if (oidEqual(oid, GSS_EAP_NT_EAP_NAME)) + *pInternalizedOid = (const gss_OID)GSS_EAP_NT_EAP_NAME; } if (*pInternalizedOid == GSS_C_NO_OID) { @@ -276,6 +283,65 @@ gssEapInternalizeOid(const gss_OID oid, return 1; } +OM_uint32 +gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid) +{ + gss_OID internalizedOid = GSS_C_NO_OID; + + *minor = 0; + + if (internalizeOid(*oid, &internalizedOid)) { + /* OID was internalized, so we can mark it as "freed" */ + *oid = GSS_C_NO_OID; + return GSS_S_COMPLETE; + } + + /* we don't know about this OID */ + return GSS_S_CONTINUE_NEEDED; +} + +OM_uint32 +gssEapCanonicalizeOid(OM_uint32 *minor, + const gss_OID oid, + OM_uint32 flags, + gss_OID *pOid) +{ + OM_uint32 major; + int mapToNull = 0; + + major = GSS_S_COMPLETE; + *minor = 0; + *pOid = GSS_C_NULL_OID; + + if (oid == GSS_C_NULL_OID) { + if ((flags & OID_FLAG_NULL_VALID) == 0) { + *minor = GSSEAP_WRONG_MECH; + return GSS_S_BAD_MECH; + } else if (flags & OID_FLAG_MAP_NULL_TO_DEFAULT_MECH) { + return gssEapDefaultMech(minor, pOid); + } else { + mapToNull = 1; + } + } else if (oidEqual(oid, GSS_EAP_MECHANISM)) { + if ((flags & OID_FLAG_FAMILY_MECH_VALID) == 0) { + *minor = GSSEAP_WRONG_MECH; + return GSS_S_BAD_MECH; + } else if (flags & OID_FLAG_MAP_FAMILY_MECH_TO_NULL) { + mapToNull = 1; + } + } else if (!gssEapIsConcreteMechanismOid(oid)) { + *minor = GSSEAP_WRONG_MECH; + return GSS_S_BAD_MECH; + } + + if (!mapToNull) { + if (!internalizeOid(oid, pOid)) + major = duplicateOid(minor, oid, pOid); + } + + return major; +} + static gss_buffer_desc gssEapSaslMechs[] = { { sizeof("EAP") - 1, "EAP", }, /* not used */ { sizeof("EAP-AES128") - 1, "EAP-AES128" },