From 0f4808326141fbb85ee30553d2d5c677629fd7ff Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Wed, 8 Sep 2010 14:35:24 +0200 Subject: [PATCH] gss_canonicalize_name implementation --- mech_eap/canonicalize_name.c | 7 ++++++ mech_eap/util.h | 3 +++ mech_eap/util_mech.c | 54 +++++++++++++++++++++++++++----------------- 3 files changed, 43 insertions(+), 21 deletions(-) diff --git a/mech_eap/canonicalize_name.c b/mech_eap/canonicalize_name.c index 5527e38..0d5e277 100644 --- a/mech_eap/canonicalize_name.c +++ b/mech_eap/canonicalize_name.c @@ -38,4 +38,11 @@ gss_canonicalize_name(OM_uint32 *minor, const gss_OID mech_type, gss_name_t *output_name) { + if (mech_type != GSS_C_NULL_OID && + !gssEapIsMechanismOid(mech_type)) { + *minor = 0; + return GSS_S_BAD_MECH; + } + + return gss_duplicate_name(minor, input_name, output_name); } diff --git a/mech_eap/util.h b/mech_eap/util.h index cc56fe3..1c368d4 100644 --- a/mech_eap/util.h +++ b/mech_eap/util.h @@ -143,6 +143,9 @@ gssEapOidToEnctype(OM_uint32 *minor, const gss_OID oid, krb5_enctype *enctype); +int +gssEapIsMechanismOid(const gss_OID oid); + /* util_name.c */ OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName); OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName); diff --git a/mech_eap/util_mech.c b/mech_eap/util_mech.c index 7d7990a..6e8676d 100644 --- a/mech_eap/util_mech.c +++ b/mech_eap/util_mech.c @@ -47,28 +47,40 @@ * mechInvoke(5) */ -/* - * Prefix for GSS EAP mechanisms. A Kerberos encryption type is - * concatenated with this to form a concrete mechanism OID. - */ static const gss_OID_desc gssEapMechPrefix = { - /* 1.3.6.1.4.1.5322.21.1 */ - 11, "\x06\x09\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" + /* Note that alone this is not a valid DER encoded OID */ + 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x00" }; -const gss_OID_desc *const gss_mech_eap = &gssEapMechPrefix; - static const gss_OID_desc gssEapConcreteMechs[] = { + /* 1.3.6.1.4.1.5322.21.1 */ + { 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" }, /* 1.3.6.1.4.1.5322.21.1.17 */ { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" }, /* 1.3.6.1.4.1.5322.21.1.18 */ { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" } }; -const gss_OID_desc *const gss_mech_eap_aes128_cts_hmac_sha1_96 = +const gss_OID_desc *const gss_mech_eap = &gssEapConcreteMechs[0]; -const gss_OID_desc *const gss_mech_eap_aes256_cts_hmac_sha1_96 = +const gss_OID_desc *const gss_mech_eap_aes128_cts_hmac_sha1_96 = &gssEapConcreteMechs[1]; +const gss_OID_desc *const gss_mech_eap_aes256_cts_hmac_sha1_96 = + &gssEapConcreteMechs[2]; + +int +gssEapIsMechanismOid(const gss_OID oid) +{ + if (oidEqual(oid, gss_mech_eap)) { + return TRUE; + } else if (oid->length > gssEapMechPrefix.length && + memcmp(oid->elements, gssEapMechPrefix.elements, + gssEapMechPrefix.length) == 0) { + return TRUE; + } + + return FALSE; +} OM_uint32 gssEapOidToEnctype(OM_uint32 *minor, @@ -105,7 +117,7 @@ gssEapEnctypeToOid(OM_uint32 *minor, return GSS_S_FAILURE; } - oid->elements = GSSEAP_MALLOC(gssEapMechPrefix.length + 2); + oid->elements = GSSEAP_MALLOC(gssEapMechPrefix.length + 1); if (oid->elements == NULL) { *minor = ENOMEM; free(oid); @@ -158,6 +170,10 @@ gssEapIndicateMechs(OM_uint32 *minor, for (i = 0; etypes[i] != ENCTYPE_NULL; i++) { gss_OID mechOid; + /* XXX currently we aren't equipped to encode these enctypes */ + if (etypes[i] < 0 || etypes[i] > 127) + continue; + major = gssEapEnctypeToOid(minor, etypes[i], &mechOid); if (GSS_ERROR(major)) break; @@ -213,16 +229,12 @@ gssEapInternalizeOid(const gss_OID oid, *pInternalizedOid = GSS_C_NO_OID; - if (oidEqual(oid, &gssEapMechPrefix)) { - *pInternalizedOid = (const gss_OID)&gssEapMechPrefix; - } else { - for (i = 0; - i < sizeof(gssEapConcreteMechs) / sizeof(gssEapConcreteMechs[0]); - i++) { - if (oidEqual(oid, &gssEapConcreteMechs[i])) { - *pInternalizedOid = (const gss_OID)&gssEapConcreteMechs[i]; - break; - } + for (i = 0; + i < sizeof(gssEapConcreteMechs) / sizeof(gssEapConcreteMechs[0]); + i++) { + if (oidEqual(oid, &gssEapConcreteMechs[i])) { + *pInternalizedOid = (const gss_OID)&gssEapConcreteMechs[i]; + break; } } -- 2.1.4