2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Portions Copyright 2009 by the Massachusetts Institute of Technology.
34 * All Rights Reserved.
36 * Export of this software from the United States of America may
37 * require a specific license from the United States Government.
38 * It is the responsibility of any person or organization contemplating
39 * export to obtain such a license before exporting.
41 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
42 * distribute this software and its documentation for any purpose and
43 * without fee is hereby granted, provided that the above copyright
44 * notice appear in all copies and that both that copyright notice and
45 * this permission notice appear in supporting documentation, and that
46 * the name of M.I.T. not be used in advertising or publicity pertaining
47 * to distribution of the software without specific, written prior
48 * permission. Furthermore if you modify this software you must label
49 * your software as modified software and not distribute it in such a
50 * fashion that it might be confused with the original M.I.T. software.
51 * M.I.T. makes no representations about the suitability of
52 * this software for any purpose. It is provided "as is" without express
53 * or implied warranty.
57 * Name utility routines.
60 #include "gssapiP_eap.h"
62 static gss_OID_desc gssEapNtPrincipalName = {
63 /* 1.3.6.1.4.1.5322.22.2.1 */
64 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x16\x02\x01"
67 gss_OID GSS_EAP_NT_PRINCIPAL_NAME = &gssEapNtPrincipalName;
70 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName)
75 *pName = GSS_C_NO_NAME;
77 name = (gss_name_t)GSSEAP_CALLOC(1, sizeof(*name));
83 if (GSSEAP_MUTEX_INIT(&name->mutex) != 0) {
85 gssEapReleaseName(&tmpMinor, &name);
91 return GSS_S_COMPLETE;
95 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName)
98 krb5_context krbContext = NULL;
104 return GSS_S_COMPLETE;
108 if (name == GSS_C_NO_NAME) {
109 return GSS_S_COMPLETE;
112 GSSEAP_KRB_INIT(&krbContext);
113 krb5_free_principal(krbContext, name->krbPrincipal);
115 gssEapReleaseAttrContext(&tmpMinor, name);
117 GSSEAP_MUTEX_DESTROY(&name->mutex);
121 return GSS_S_COMPLETE;
125 krbPrincipalToName(OM_uint32 *minor,
126 krb5_principal *principal,
132 major = gssEapAllocName(minor, &name);
133 if (GSS_ERROR(major))
136 name->krbPrincipal = *principal;
139 if (name->krbPrincipal->length > 1) {
140 name->flags |= NAME_FLAG_SERVICE;
142 name->flags |= NAME_FLAG_NAI;
148 return GSS_S_COMPLETE;
152 importServiceName(OM_uint32 *minor,
153 const gss_buffer_t nameBuffer,
157 krb5_context krbContext;
158 krb5_principal krbPrinc;
159 char *service, *host;
161 GSSEAP_KRB_INIT(&krbContext);
163 major = bufferToString(minor, nameBuffer, &service);
164 if (GSS_ERROR(major))
167 host = strchr(service, '@');
173 /* XXX this is probably NOT what we want to be doing */
174 if (krb5_sname_to_principal(krbContext, host, service,
175 KRB5_NT_SRV_HST, &krbPrinc) != 0) {
176 GSSEAP_FREE(service);
177 *minor = GSSEAP_BAD_SERVICE_NAME;
178 return GSS_S_FAILURE;
181 major = krbPrincipalToName(minor, &krbPrinc, pName);
182 if (GSS_ERROR(major)) {
183 krb5_free_principal(krbContext, krbPrinc);
186 GSSEAP_FREE(service);
191 importUserName(OM_uint32 *minor,
192 const gss_buffer_t nameBuffer,
196 krb5_context krbContext;
197 krb5_principal krbPrinc;
200 GSSEAP_KRB_INIT(&krbContext);
202 if (nameBuffer == GSS_C_NO_BUFFER) {
203 *minor = krb5_copy_principal(krbContext,
204 krb5_anonymous_principal(), &krbPrinc);
206 return GSS_S_FAILURE;
208 major = bufferToString(minor, nameBuffer, &nameString);
209 if (GSS_ERROR(major))
212 *minor = krb5_parse_name(krbContext, nameString, &krbPrinc);
214 GSSEAP_FREE(nameString);
215 return GSS_S_FAILURE;
219 major = krbPrincipalToName(minor, &krbPrinc, pName);
220 if (GSS_ERROR(major)) {
221 krb5_free_principal(krbContext, krbPrinc);
224 GSSEAP_FREE(nameString);
228 #define UPDATE_REMAIN(n) do { \
233 #define CHECK_REMAIN(n) do { \
234 if (remain < (n)) { \
235 major = GSS_S_BAD_NAME; \
236 *minor = GSSEAP_TOK_TRUNC; \
242 gssEapImportNameInternal(OM_uint32 *minor,
243 const gss_buffer_t nameBuffer,
247 OM_uint32 major, tmpMinor;
248 krb5_context krbContext;
252 enum gss_eap_token_type tokType;
253 gss_name_t name = GSS_C_NO_NAME;
255 GSSEAP_KRB_INIT(&krbContext);
257 p = (unsigned char *)nameBuffer->value;
258 remain = nameBuffer->length;
260 if (flags & EXPORT_NAME_FLAG_OID) {
261 if (remain < 6 + GSS_EAP_MECHANISM->length + 4)
262 return GSS_S_BAD_NAME;
264 if (flags & EXPORT_NAME_FLAG_COMPOSITE)
265 tokType = TOK_TYPE_EXPORT_NAME_COMPOSITE;
267 tokType = TOK_TYPE_EXPORT_NAME;
270 if (load_uint16_be(p) != tokType)
271 return GSS_S_BAD_NAME;
275 len = load_uint16_be(p);
276 if (len != 2 + GSS_EAP_MECHANISM->length)
277 return GSS_S_BAD_NAME;
282 return GSS_S_BAD_NAME;
283 if (p[1] != GSS_EAP_MECHANISM->length)
284 return GSS_S_BAD_MECH;
285 if (memcmp(&p[2], GSS_EAP_MECHANISM->elements, GSS_EAP_MECHANISM->length))
286 return GSS_S_BAD_MECH;
287 UPDATE_REMAIN(2 + GSS_EAP_MECHANISM->length);
291 len = load_uint32_be(p);
300 major = importUserName(minor, &buf, &name);
301 if (GSS_ERROR(major))
304 if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
310 major = gssEapImportAttrContext(minor, &buf, name);
311 if (GSS_ERROR(major))
315 major = GSS_S_COMPLETE;
319 if (GSS_ERROR(major))
320 gssEapReleaseName(&tmpMinor, &name);
328 importExportName(OM_uint32 *minor,
329 const gss_buffer_t nameBuffer,
332 return gssEapImportNameInternal(minor, nameBuffer, name,
333 EXPORT_NAME_FLAG_OID);
336 #ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT
338 importCompositeExportName(OM_uint32 *minor,
339 const gss_buffer_t nameBuffer,
342 return gssEapImportNameInternal(minor, nameBuffer, name,
343 EXPORT_NAME_FLAG_OID |
344 EXPORT_NAME_FLAG_COMPOSITE);
348 struct gss_eap_name_import_provider {
350 OM_uint32 (*import)(OM_uint32 *, const gss_buffer_t, gss_name_t *);
354 gssEapImportName(OM_uint32 *minor,
355 const gss_buffer_t nameBuffer,
359 struct gss_eap_name_import_provider nameTypes[] = {
360 { GSS_C_NT_USER_NAME, importUserName },
361 { GSS_EAP_NT_PRINCIPAL_NAME, importUserName },
362 { GSS_C_NT_HOSTBASED_SERVICE, importServiceName },
363 { GSS_C_NT_HOSTBASED_SERVICE_X, importServiceName },
364 { GSS_C_NT_EXPORT_NAME, importExportName },
365 #ifdef HAVE_GSS_C_NT_COMPOSITE_EXPORT
366 { GSS_C_NT_COMPOSITE_EXPORT, importCompositeExportName },
371 *name = GSS_C_NO_NAME;
373 if (nameType == GSS_C_NO_OID)
374 nameType = nameTypes[0].oid;
376 for (i = 0; i < sizeof(nameTypes) / sizeof(nameTypes[0]); i++) {
377 if (oidEqual(nameTypes[i].oid, nameType))
378 return nameTypes[i].import(minor, nameBuffer, name);
381 return GSS_S_BAD_NAMETYPE;
385 gssEapExportName(OM_uint32 *minor,
386 const gss_name_t name,
387 gss_buffer_t exportedName)
389 return gssEapExportNameInternal(minor, name, exportedName,
390 EXPORT_NAME_FLAG_OID);
394 gssEapExportNameInternal(OM_uint32 *minor,
395 const gss_name_t name,
396 gss_buffer_t exportedName,
399 OM_uint32 major = GSS_S_FAILURE, tmpMinor;
400 krb5_context krbContext;
401 char *krbName = NULL;
402 size_t krbNameLen, exportedNameLen;
404 gss_buffer_desc attrs = GSS_C_EMPTY_BUFFER;
406 exportedName->length = 0;
407 exportedName->value = NULL;
409 GSSEAP_KRB_INIT(&krbContext);
411 *minor = krb5_unparse_name(krbContext, name->krbPrincipal, &krbName);
413 major = GSS_S_FAILURE;
416 krbNameLen = strlen(krbName);
419 if (flags & EXPORT_NAME_FLAG_OID) {
420 exportedNameLen += 6 + GSS_EAP_MECHANISM->length;
422 exportedNameLen += 4 + krbNameLen;
423 if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
424 major = gssEapExportAttrContext(minor, name, &attrs);
425 if (GSS_ERROR(major))
427 exportedNameLen += attrs.length;
430 exportedName->value = GSSEAP_MALLOC(exportedNameLen);
431 if (exportedName->value == NULL) {
432 major = GSS_S_FAILURE;
436 exportedName->length = exportedNameLen;
438 p = (unsigned char *)exportedName->value;
440 if (flags & EXPORT_NAME_FLAG_OID) {
441 /* TOK | MECH_OID_LEN */
442 store_uint16_be((flags & EXPORT_NAME_FLAG_COMPOSITE)
443 ? TOK_TYPE_EXPORT_NAME_COMPOSITE
444 : TOK_TYPE_EXPORT_NAME,
447 store_uint16_be(GSS_EAP_MECHANISM->length + 2, p);
452 *p++ = GSS_EAP_MECHANISM->length & 0xff;
453 memcpy(p, GSS_EAP_MECHANISM->elements, GSS_EAP_MECHANISM->length);
454 p += GSS_EAP_MECHANISM->length;
458 store_uint32_be(krbNameLen, p);
462 memcpy(p, krbName, krbNameLen);
465 if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
466 memcpy(p, attrs.value, attrs.length);
470 assert(p == (unsigned char *)exportedName->value + exportedNameLen);
472 major = GSS_S_COMPLETE;
476 gss_release_buffer(&tmpMinor, &attrs);
477 if (GSS_ERROR(major))
478 gss_release_buffer(&tmpMinor, exportedName);
479 krb5_free_unparsed_name(krbContext, krbName);
485 gssEapDuplicateName(OM_uint32 *minor,
486 const gss_name_t input_name,
487 gss_name_t *dest_name)
489 OM_uint32 major, tmpMinor;
490 krb5_context krbContext;
493 if (input_name == GSS_C_NO_NAME) {
495 return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
498 GSSEAP_KRB_INIT(&krbContext);
500 major = gssEapAllocName(minor, &name);
501 if (GSS_ERROR(major)) {
505 name->flags = input_name->flags;
507 *minor = krb5_copy_principal(krbContext, input_name->krbPrincipal,
508 &name->krbPrincipal);
510 major = GSS_S_FAILURE;
514 if (input_name->attrCtx != NULL) {
515 major = gssEapDuplicateAttrContext(minor, input_name, name);
516 if (GSS_ERROR(major))
523 if (GSS_ERROR(major)) {
524 gssEapReleaseName(&tmpMinor, &name);
531 gssEapDisplayName(OM_uint32 *minor,
533 gss_buffer_t output_name_buffer,
534 gss_OID *output_name_type)
537 krb5_context krbContext;
540 GSSEAP_KRB_INIT(&krbContext);
542 output_name_buffer->length = 0;
543 output_name_buffer->value = NULL;
545 if (name == GSS_C_NO_NAME) {
547 return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
550 *minor = krb5_unparse_name(krbContext, name->krbPrincipal, &krbName);
552 return GSS_S_FAILURE;
555 major = makeStringBuffer(minor, krbName, output_name_buffer);
556 if (GSS_ERROR(major)) {
557 krb5_free_unparsed_name(krbContext, krbName);
561 krb5_free_unparsed_name(krbContext, krbName);
563 if (output_name_type != NULL)
564 *output_name_type = GSS_EAP_NT_PRINCIPAL_NAME;
566 return GSS_S_COMPLETE;
projects / mech_eap.orig / blob