1178825Sdfr/* 2233294Sstas * Copyright (c) 1997 - 2000 Kungliga Tekniska H��gskolan 3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden). 4233294Sstas * All rights reserved. 5178825Sdfr * 6233294Sstas * Redistribution and use in source and binary forms, with or without 7233294Sstas * modification, are permitted provided that the following conditions 8233294Sstas * are met: 9178825Sdfr * 10233294Sstas * 1. Redistributions of source code must retain the above copyright 11233294Sstas * notice, this list of conditions and the following disclaimer. 12178825Sdfr * 13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright 14233294Sstas * notice, this list of conditions and the following disclaimer in the 15233294Sstas * documentation and/or other materials provided with the distribution. 16178825Sdfr * 17233294Sstas * 3. Neither the name of the Institute nor the names of its contributors 18233294Sstas * may be used to endorse or promote products derived from this software 19233294Sstas * without specific prior written permission. 20178825Sdfr * 21233294Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22233294Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23233294Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24233294Sstas * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25233294Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26233294Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27233294Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28233294Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29233294Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30233294Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31233294Sstas * SUCH DAMAGE. 32178825Sdfr */ 33178825Sdfr 34233294Sstas#include "gsskrb5_locl.h" 35178825Sdfr#include <gssapi_mech.h> 36178825Sdfr 37178825Sdfr/* 38178825Sdfr * The implementation must reserve static storage for a 39178825Sdfr * gss_OID_desc object containing the value 40178825Sdfr * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 41178825Sdfr * "\x01\x02\x01\x01"}, 42178825Sdfr * corresponding to an object-identifier value of 43178825Sdfr * {iso(1) member-body(2) United States(840) mit(113554) 44178825Sdfr * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 45178825Sdfr * GSS_C_NT_USER_NAME should be initialized to point 46178825Sdfr * to that gss_OID_desc. 47178825Sdfr */ 48178825Sdfr 49233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc = 50233294Sstas {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; 51178825Sdfr 52178825Sdfr/* 53178825Sdfr * The implementation must reserve static storage for a 54178825Sdfr * gss_OID_desc object containing the value 55178825Sdfr * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 56178825Sdfr * "\x01\x02\x01\x02"}, 57178825Sdfr * corresponding to an object-identifier value of 58178825Sdfr * {iso(1) member-body(2) United States(840) mit(113554) 59178825Sdfr * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 60178825Sdfr * The constant GSS_C_NT_MACHINE_UID_NAME should be 61178825Sdfr * initialized to point to that gss_OID_desc. 62178825Sdfr */ 63178825Sdfr 64233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc = 65233294Sstas {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; 66178825Sdfr 67178825Sdfr/* 68178825Sdfr * The implementation must reserve static storage for a 69178825Sdfr * gss_OID_desc object containing the value 70178825Sdfr * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 71178825Sdfr * "\x01\x02\x01\x03"}, 72178825Sdfr * corresponding to an object-identifier value of 73178825Sdfr * {iso(1) member-body(2) United States(840) mit(113554) 74178825Sdfr * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 75178825Sdfr * The constant GSS_C_NT_STRING_UID_NAME should be 76178825Sdfr * initialized to point to that gss_OID_desc. 77178825Sdfr */ 78178825Sdfr 79233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc = 80233294Sstas {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; 81178825Sdfr 82178825Sdfr/* 83178825Sdfr * The implementation must reserve static storage for a 84178825Sdfr * gss_OID_desc object containing the value 85178825Sdfr * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 86178825Sdfr * corresponding to an object-identifier value of 87178825Sdfr * {iso(1) org(3) dod(6) internet(1) security(5) 88178825Sdfr * nametypes(6) gss-host-based-services(2)). The constant 89178825Sdfr * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 90178825Sdfr * to that gss_OID_desc. This is a deprecated OID value, and 91178825Sdfr * implementations wishing to support hostbased-service names 92178825Sdfr * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 93178825Sdfr * defined below, to identify such names; 94178825Sdfr * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 95178825Sdfr * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 96178825Sdfr * parameter, but should not be emitted by GSS-API 97178825Sdfr * implementations 98178825Sdfr */ 99178825Sdfr 100233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc = 101233294Sstas {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; 102178825Sdfr 103178825Sdfr/* 104178825Sdfr * The implementation must reserve static storage for a 105178825Sdfr * gss_OID_desc object containing the value 106178825Sdfr * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 107178825Sdfr * "\x01\x02\x01\x04"}, corresponding to an 108178825Sdfr * object-identifier value of {iso(1) member-body(2) 109178825Sdfr * Unites States(840) mit(113554) infosys(1) gssapi(2) 110178825Sdfr * generic(1) service_name(4)}. The constant 111178825Sdfr * GSS_C_NT_HOSTBASED_SERVICE should be initialized 112178825Sdfr * to point to that gss_OID_desc. 113178825Sdfr */ 114233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc = 115233294Sstas {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; 116178825Sdfr 117178825Sdfr/* 118178825Sdfr * The implementation must reserve static storage for a 119178825Sdfr * gss_OID_desc object containing the value 120178825Sdfr * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 121178825Sdfr * corresponding to an object identifier value of 122178825Sdfr * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 123178825Sdfr * 6(nametypes), 3(gss-anonymous-name)}. The constant 124178825Sdfr * and GSS_C_NT_ANONYMOUS should be initialized to point 125178825Sdfr * to that gss_OID_desc. 126178825Sdfr */ 127178825Sdfr 128233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc = 129233294Sstas {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; 130178825Sdfr 131178825Sdfr/* 132178825Sdfr * The implementation must reserve static storage for a 133178825Sdfr * gss_OID_desc object containing the value 134178825Sdfr * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 135178825Sdfr * corresponding to an object-identifier value of 136178825Sdfr * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 137178825Sdfr * 6(nametypes), 4(gss-api-exported-name)}. The constant 138178825Sdfr * GSS_C_NT_EXPORT_NAME should be initialized to point 139178825Sdfr * to that gss_OID_desc. 140178825Sdfr */ 141178825Sdfr 142233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc = 143233294Sstas {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; 144178825Sdfr 145178825Sdfr/* 146178825Sdfr * This name form shall be represented by the Object Identifier {iso(1) 147178825Sdfr * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 148178825Sdfr * krb5(2) krb5_name(1)}. The recommended symbolic name for this type 149178825Sdfr * is "GSS_KRB5_NT_PRINCIPAL_NAME". 150178825Sdfr */ 151178825Sdfr 152233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc = 153233294Sstas {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; 154178825Sdfr 155178825Sdfr/* 156178825Sdfr * draft-ietf-cat-iakerb-09, IAKERB: 157178825Sdfr * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance 158178825Sdfr * with the mechanism proposed by SPNEGO [7] for negotiating protocol 159178825Sdfr * variations, is: {iso(1) org(3) dod(6) internet(1) security(5) 160178825Sdfr * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed 161178825Sdfr * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in 162178825Sdfr * accordance with the mechanism proposed by SPNEGO for negotiating 163178825Sdfr * protocol variations, is: {iso(1) org(3) dod(6) internet(1) 164178825Sdfr * security(5) mechanisms(5) iakerb(10) 165178825Sdfr * iakerbMinimumMessagesProtocol(2)}. 166178825Sdfr */ 167178825Sdfr 168233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc = 169233294Sstas {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; 170178825Sdfr 171233294Sstasgss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc = 172233294Sstas {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; 173178825Sdfr 174178825Sdfr/* 175233294Sstas * Context for krb5 calls. 176178825Sdfr */ 177178825Sdfr 178233294Sstas#if 0 179233294Sstasstatic gss_mo_desc krb5_mo[] = { 180233294Sstas { 181233294Sstas GSS_C_MA_SASL_MECH_NAME, 182233294Sstas GSS_MO_MA, 183233294Sstas "SASL mech name", 184233294Sstas rk_UNCONST("GS2-KRB5"), 185233294Sstas _gss_mo_get_ctx_as_string, 186233294Sstas NULL 187233294Sstas }, 188233294Sstas { 189233294Sstas GSS_C_MA_MECH_NAME, 190233294Sstas GSS_MO_MA, 191233294Sstas "Mechanism name", 192233294Sstas rk_UNCONST("KRB5"), 193233294Sstas _gss_mo_get_ctx_as_string, 194233294Sstas NULL 195233294Sstas }, 196233294Sstas { 197233294Sstas GSS_C_MA_MECH_DESCRIPTION, 198233294Sstas GSS_MO_MA, 199233294Sstas "Mechanism description", 200233294Sstas rk_UNCONST("Heimdal Kerberos 5 mech"), 201233294Sstas _gss_mo_get_ctx_as_string, 202233294Sstas NULL 203233294Sstas }, 204233294Sstas { 205233294Sstas GSS_C_MA_MECH_CONCRETE, 206233294Sstas GSS_MO_MA 207233294Sstas }, 208233294Sstas { 209233294Sstas GSS_C_MA_ITOK_FRAMED, 210233294Sstas GSS_MO_MA 211233294Sstas }, 212233294Sstas { 213233294Sstas GSS_C_MA_AUTH_INIT, 214233294Sstas GSS_MO_MA 215233294Sstas }, 216233294Sstas { 217233294Sstas GSS_C_MA_AUTH_TARG, 218233294Sstas GSS_MO_MA 219233294Sstas }, 220233294Sstas { 221233294Sstas GSS_C_MA_AUTH_INIT_ANON, 222233294Sstas GSS_MO_MA 223233294Sstas }, 224233294Sstas { 225233294Sstas GSS_C_MA_DELEG_CRED, 226233294Sstas GSS_MO_MA 227233294Sstas }, 228233294Sstas { 229233294Sstas GSS_C_MA_INTEG_PROT, 230233294Sstas GSS_MO_MA 231233294Sstas }, 232233294Sstas { 233233294Sstas GSS_C_MA_CONF_PROT, 234233294Sstas GSS_MO_MA 235233294Sstas }, 236233294Sstas { 237233294Sstas GSS_C_MA_MIC, 238233294Sstas GSS_MO_MA 239233294Sstas }, 240233294Sstas { 241233294Sstas GSS_C_MA_WRAP, 242233294Sstas GSS_MO_MA 243233294Sstas }, 244233294Sstas { 245233294Sstas GSS_C_MA_PROT_READY, 246233294Sstas GSS_MO_MA 247233294Sstas }, 248233294Sstas { 249233294Sstas GSS_C_MA_REPLAY_DET, 250233294Sstas GSS_MO_MA 251233294Sstas }, 252233294Sstas { 253233294Sstas GSS_C_MA_OOS_DET, 254233294Sstas GSS_MO_MA 255233294Sstas }, 256233294Sstas { 257233294Sstas GSS_C_MA_CBINDINGS, 258233294Sstas GSS_MO_MA 259233294Sstas }, 260233294Sstas { 261233294Sstas GSS_C_MA_PFS, 262233294Sstas GSS_MO_MA 263233294Sstas }, 264233294Sstas { 265233294Sstas GSS_C_MA_CTX_TRANS, 266233294Sstas GSS_MO_MA 267233294Sstas } 268233294Sstas}; 269233294Sstas#endif 270178825Sdfr 271178825Sdfr/* 272178825Sdfr * 273178825Sdfr */ 274178825Sdfr 275178825Sdfrstatic gssapi_mech_interface_desc krb5_mech = { 276178825Sdfr GMI_VERSION, 277178825Sdfr "kerberos 5", 278233294Sstas {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }, 279233294Sstas 0, 280178825Sdfr _gsskrb5_acquire_cred, 281178825Sdfr _gsskrb5_release_cred, 282178825Sdfr _gsskrb5_init_sec_context, 283178825Sdfr _gsskrb5_accept_sec_context, 284178825Sdfr _gsskrb5_process_context_token, 285178825Sdfr _gsskrb5_delete_sec_context, 286178825Sdfr _gsskrb5_context_time, 287178825Sdfr _gsskrb5_get_mic, 288178825Sdfr _gsskrb5_verify_mic, 289178825Sdfr _gsskrb5_wrap, 290178825Sdfr _gsskrb5_unwrap, 291178825Sdfr _gsskrb5_display_status, 292178825Sdfr _gsskrb5_indicate_mechs, 293178825Sdfr _gsskrb5_compare_name, 294178825Sdfr _gsskrb5_display_name, 295178825Sdfr _gsskrb5_import_name, 296178825Sdfr _gsskrb5_export_name, 297178825Sdfr _gsskrb5_release_name, 298178825Sdfr _gsskrb5_inquire_cred, 299178825Sdfr _gsskrb5_inquire_context, 300178825Sdfr _gsskrb5_wrap_size_limit, 301178825Sdfr _gsskrb5_add_cred, 302178825Sdfr _gsskrb5_inquire_cred_by_mech, 303178825Sdfr _gsskrb5_export_sec_context, 304178825Sdfr _gsskrb5_import_sec_context, 305178825Sdfr _gsskrb5_inquire_names_for_mech, 306178825Sdfr _gsskrb5_inquire_mechs_for_name, 307178825Sdfr _gsskrb5_canonicalize_name, 308178825Sdfr _gsskrb5_duplicate_name, 309178825Sdfr _gsskrb5_inquire_sec_context_by_oid, 310178825Sdfr _gsskrb5_inquire_cred_by_oid, 311178825Sdfr _gsskrb5_set_sec_context_option, 312178825Sdfr _gsskrb5_set_cred_option, 313233294Sstas _gsskrb5_pseudo_random, 314233294Sstas#if 0 315233294Sstas _gk_wrap_iov, 316233294Sstas _gk_unwrap_iov, 317233294Sstas _gk_wrap_iov_length, 318233294Sstas#else 319233294Sstas NULL, 320233294Sstas NULL, 321233294Sstas NULL, 322233294Sstas#endif 323233294Sstas _gsskrb5_store_cred, 324233294Sstas _gsskrb5_export_cred, 325233294Sstas _gsskrb5_import_cred, 326233294Sstas _gsskrb5_acquire_cred_ext, 327233294Sstas NULL, 328233294Sstas NULL, 329233294Sstas NULL, 330233294Sstas NULL, 331233294Sstas NULL, 332233294Sstas NULL, 333233294Sstas#if 0 334233294Sstas krb5_mo, 335233294Sstas sizeof(krb5_mo) / sizeof(krb5_mo[0]), 336233294Sstas#else 337233294Sstas NULL, 338233294Sstas 0, 339233294Sstas#endif 340233294Sstas _gsskrb5_pname_to_uid, 341233294Sstas _gsskrb5_authorize_localname, 342233294Sstas NULL, 343233294Sstas NULL, 344233294Sstas NULL, 345233294Sstas NULL, 346233294Sstas NULL, 347233294Sstas NULL, 348233294Sstas NULL 349178825Sdfr}; 350178825Sdfr 351178825Sdfrgssapi_mech_interface 352178825Sdfr__gss_krb5_initialize(void) 353178825Sdfr{ 354178825Sdfr return &krb5_mech; 355178825Sdfr} 356