1/*- 2 * Copyright (c) 2005 Doug Rabson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD: src/lib/libgssapi/gss_import_name.c,v 1.1 2005/12/29 14:40:20 dfr Exp $ 27 */ 28 29#include "mech_locl.h" 30RCSID("$Id: gss_import_name.c,v 1.1.1.1 2011/06/10 09:34:42 andrew Exp $"); 31 32static OM_uint32 33_gss_import_export_name(OM_uint32 *minor_status, 34 const gss_buffer_t input_name_buffer, 35 gss_name_t *output_name) 36{ 37 OM_uint32 major_status; 38 unsigned char *p = input_name_buffer->value; 39 size_t len = input_name_buffer->length; 40 size_t t; 41 gss_OID_desc mech_oid; 42 gssapi_mech_interface m; 43 struct _gss_name *name; 44 gss_name_t new_canonical_name; 45 46 *minor_status = 0; 47 *output_name = 0; 48 49 /* 50 * Make sure that TOK_ID is {4, 1}. 51 */ 52 if (len < 2) 53 return (GSS_S_BAD_NAME); 54 if (p[0] != 4 || p[1] != 1) 55 return (GSS_S_BAD_NAME); 56 p += 2; 57 len -= 2; 58 59 /* 60 * Get the mech length and the name length and sanity 61 * check the size of of the buffer. 62 */ 63 if (len < 2) 64 return (GSS_S_BAD_NAME); 65 t = (p[0] << 8) + p[1]; 66 p += 2; 67 len -= 2; 68 69 /* 70 * Check the DER encoded OID to make sure it agrees with the 71 * length we just decoded. 72 */ 73 if (p[0] != 6) /* 6=OID */ 74 return (GSS_S_BAD_NAME); 75 p++; 76 len--; 77 t--; 78 if (p[0] & 0x80) { 79 int digits = p[0]; 80 p++; 81 len--; 82 t--; 83 mech_oid.length = 0; 84 while (digits--) { 85 mech_oid.length = (mech_oid.length << 8) | p[0]; 86 p++; 87 len--; 88 t--; 89 } 90 } else { 91 mech_oid.length = p[0]; 92 p++; 93 len--; 94 t--; 95 } 96 if (mech_oid.length != t) 97 return (GSS_S_BAD_NAME); 98 99 mech_oid.elements = p; 100 101 if (len < t + 4) 102 return (GSS_S_BAD_NAME); 103 p += t; 104 len -= t; 105 106 t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; 107 p += 4; 108 len -= 4; 109 110 if (len != t) 111 return (GSS_S_BAD_NAME); 112 113 m = __gss_get_mechanism(&mech_oid); 114 if (!m) 115 return (GSS_S_BAD_MECH); 116 117 /* 118 * Ask the mechanism to import the name. 119 */ 120 major_status = m->gm_import_name(minor_status, 121 input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name); 122 if (major_status != GSS_S_COMPLETE) { 123 _gss_mg_error(m, major_status, *minor_status); 124 return major_status; 125 } 126 127 /* 128 * Now we make a new name and mark it as an MN. 129 */ 130 name = _gss_make_name(m, new_canonical_name); 131 if (!name) { 132 m->gm_release_name(minor_status, &new_canonical_name); 133 return (GSS_S_FAILURE); 134 } 135 136 *output_name = (gss_name_t) name; 137 138 *minor_status = 0; 139 return (GSS_S_COMPLETE); 140} 141 142OM_uint32 GSSAPI_LIB_FUNCTION 143gss_import_name(OM_uint32 *minor_status, 144 const gss_buffer_t input_name_buffer, 145 const gss_OID input_name_type, 146 gss_name_t *output_name) 147{ 148 struct _gss_mechanism_name *mn; 149 gss_OID name_type = input_name_type; 150 OM_uint32 major_status, ms; 151 struct _gss_name *name; 152 struct _gss_mech_switch *m; 153 gss_name_t rname; 154 155 *output_name = GSS_C_NO_NAME; 156 157 if (input_name_buffer->length == 0) { 158 *minor_status = 0; 159 return (GSS_S_BAD_NAME); 160 } 161 162 _gss_load_mech(); 163 164 /* 165 * Use GSS_NT_USER_NAME as default name type. 166 */ 167 if (name_type == GSS_C_NO_OID) 168 name_type = GSS_C_NT_USER_NAME; 169 170 /* 171 * If this is an exported name, we need to parse it to find 172 * the mechanism and then import it as an MN. See RFC 2743 173 * section 3.2 for a description of the format. 174 */ 175 if (gss_oid_equal(name_type, GSS_C_NT_EXPORT_NAME)) { 176 return _gss_import_export_name(minor_status, 177 input_name_buffer, output_name); 178 } 179 180 181 *minor_status = 0; 182 name = calloc(1, sizeof(struct _gss_name)); 183 if (!name) { 184 *minor_status = ENOMEM; 185 return (GSS_S_FAILURE); 186 } 187 188 SLIST_INIT(&name->gn_mn); 189 190 major_status = _gss_copy_oid(minor_status, 191 name_type, &name->gn_type); 192 if (major_status) { 193 free(name); 194 return (GSS_S_FAILURE); 195 } 196 197 major_status = _gss_copy_buffer(minor_status, 198 input_name_buffer, &name->gn_value); 199 if (major_status) 200 goto out; 201 202 /* 203 * Walk over the mechs and import the name into a mech name 204 * for those supported this nametype. 205 */ 206 207 SLIST_FOREACH(m, &_gss_mechs, gm_link) { 208 int present = 0; 209 210 major_status = gss_test_oid_set_member(minor_status, 211 name_type, m->gm_name_types, &present); 212 213 if (major_status || present == 0) 214 continue; 215 216 mn = malloc(sizeof(struct _gss_mechanism_name)); 217 if (!mn) { 218 *minor_status = ENOMEM; 219 major_status = GSS_S_FAILURE; 220 goto out; 221 } 222 223 major_status = (*m->gm_mech.gm_import_name)(minor_status, 224 &name->gn_value, 225 (name->gn_type.elements 226 ? &name->gn_type : GSS_C_NO_OID), 227 &mn->gmn_name); 228 if (major_status != GSS_S_COMPLETE) { 229 _gss_mg_error(&m->gm_mech, major_status, *minor_status); 230 free(mn); 231 goto out; 232 } 233 234 mn->gmn_mech = &m->gm_mech; 235 mn->gmn_mech_oid = &m->gm_mech_oid; 236 SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); 237 } 238 239 /* 240 * If we can't find a mn for the name, bail out already here. 241 */ 242 243 mn = SLIST_FIRST(&name->gn_mn); 244 if (!mn) { 245 *minor_status = 0; 246 major_status = GSS_S_NAME_NOT_MN; 247 goto out; 248 } 249 250 *output_name = (gss_name_t) name; 251 return (GSS_S_COMPLETE); 252 253 out: 254 rname = (gss_name_t)name; 255 gss_release_name(&ms, &rname); 256 return major_status; 257} 258