1153838Sdfr/*- 2153838Sdfr * Copyright (c) 2005 Doug Rabson 3153838Sdfr * All rights reserved. 4153838Sdfr * 5153838Sdfr * Redistribution and use in source and binary forms, with or without 6153838Sdfr * modification, are permitted provided that the following conditions 7153838Sdfr * are met: 8153838Sdfr * 1. Redistributions of source code must retain the above copyright 9153838Sdfr * notice, this list of conditions and the following disclaimer. 10153838Sdfr * 2. Redistributions in binary form must reproduce the above copyright 11153838Sdfr * notice, this list of conditions and the following disclaimer in the 12153838Sdfr * documentation and/or other materials provided with the distribution. 13153838Sdfr * 14153838Sdfr * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15153838Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16153838Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17153838Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18153838Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19153838Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20153838Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21153838Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22153838Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23153838Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24153838Sdfr * SUCH DAMAGE. 25153838Sdfr * 26153838Sdfr * $FreeBSD: stable/11/lib/libgssapi/gss_names.c 350474 2019-07-31 18:10:50Z brooks $ 27153838Sdfr */ 28153838Sdfr 29153838Sdfr#include <gssapi/gssapi.h> 30153838Sdfr#include <stdlib.h> 31168340Skan#include <string.h> 32153838Sdfr#include <errno.h> 33153838Sdfr 34153838Sdfr#include "mech_switch.h" 35153838Sdfr#include "name.h" 36178828Sdfr#include "utils.h" 37153838Sdfr 38153838Sdfr/* 39153838Sdfr * The implementation must reserve static storage for a 40153838Sdfr * gss_OID_desc object containing the value 41153838Sdfr * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 42153838Sdfr * "\x01\x02\x01\x01"}, 43153838Sdfr * corresponding to an object-identifier value of 44153838Sdfr * {iso(1) member-body(2) United States(840) mit(113554) 45153838Sdfr * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 46153838Sdfr * GSS_C_NT_USER_NAME should be initialized to point 47153838Sdfr * to that gss_OID_desc. 48153838Sdfr */ 49153838Sdfrstatic gss_OID_desc GSS_C_NT_USER_NAME_storage = 50350474Sbrooks {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01")}; 51153838Sdfrgss_OID GSS_C_NT_USER_NAME = &GSS_C_NT_USER_NAME_storage; 52153838Sdfr 53153838Sdfr/* 54153838Sdfr * The implementation must reserve static storage for a 55153838Sdfr * gss_OID_desc object containing the value 56153838Sdfr * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 57153838Sdfr * "\x01\x02\x01\x02"}, 58153838Sdfr * corresponding to an object-identifier value of 59153838Sdfr * {iso(1) member-body(2) United States(840) mit(113554) 60153838Sdfr * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 61153838Sdfr * The constant GSS_C_NT_MACHINE_UID_NAME should be 62153838Sdfr * initialized to point to that gss_OID_desc. 63153838Sdfr */ 64153838Sdfrstatic gss_OID_desc GSS_C_NT_MACHINE_UID_NAME_storage = 65350474Sbrooks {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02")}; 66153838Sdfrgss_OID GSS_C_NT_MACHINE_UID_NAME = &GSS_C_NT_MACHINE_UID_NAME_storage; 67153838Sdfr 68153838Sdfr/* 69153838Sdfr * The implementation must reserve static storage for a 70153838Sdfr * gss_OID_desc object containing the value 71153838Sdfr * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 72153838Sdfr * "\x01\x02\x01\x03"}, 73153838Sdfr * corresponding to an object-identifier value of 74153838Sdfr * {iso(1) member-body(2) United States(840) mit(113554) 75153838Sdfr * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 76153838Sdfr * The constant GSS_C_NT_STRING_UID_NAME should be 77153838Sdfr * initialized to point to that gss_OID_desc. 78153838Sdfr */ 79153838Sdfrstatic gss_OID_desc GSS_C_NT_STRING_UID_NAME_storage = 80350474Sbrooks {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03")}; 81153838Sdfrgss_OID GSS_C_NT_STRING_UID_NAME = &GSS_C_NT_STRING_UID_NAME_storage; 82153838Sdfr 83153838Sdfr/* 84153838Sdfr * The implementation must reserve static storage for a 85153838Sdfr * gss_OID_desc object containing the value 86153838Sdfr * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 87153838Sdfr * corresponding to an object-identifier value of 88153838Sdfr * {iso(1) org(3) dod(6) internet(1) security(5) 89153838Sdfr * nametypes(6) gss-host-based-services(2)). The constant 90153838Sdfr * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 91153838Sdfr * to that gss_OID_desc. This is a deprecated OID value, and 92153838Sdfr * implementations wishing to support hostbased-service names 93153838Sdfr * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 94153838Sdfr * defined below, to identify such names; 95153838Sdfr * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 96153838Sdfr * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 97153838Sdfr * parameter, but should not be emitted by GSS-API 98153838Sdfr * implementations 99153838Sdfr */ 100153838Sdfrstatic gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_X_storage = 101350474Sbrooks {6, __DECONST(void *, "\x2b\x06\x01\x05\x06\x02")}; 102153838Sdfrgss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &GSS_C_NT_HOSTBASED_SERVICE_X_storage; 103153838Sdfr 104153838Sdfr/* 105153838Sdfr * The implementation must reserve static storage for a 106153838Sdfr * gss_OID_desc object containing the value 107153838Sdfr * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 108153838Sdfr * "\x01\x02\x01\x04"}, corresponding to an 109153838Sdfr * object-identifier value of {iso(1) member-body(2) 110153838Sdfr * Unites States(840) mit(113554) infosys(1) gssapi(2) 111153838Sdfr * generic(1) service_name(4)}. The constant 112153838Sdfr * GSS_C_NT_HOSTBASED_SERVICE should be initialized 113153838Sdfr * to point to that gss_OID_desc. 114153838Sdfr */ 115153838Sdfrstatic gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_storage = 116350474Sbrooks {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")}; 117153838Sdfrgss_OID GSS_C_NT_HOSTBASED_SERVICE = &GSS_C_NT_HOSTBASED_SERVICE_storage; 118153838Sdfr 119153838Sdfr/* 120153838Sdfr * The implementation must reserve static storage for a 121153838Sdfr * gss_OID_desc object containing the value 122153838Sdfr * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 123153838Sdfr * corresponding to an object identifier value of 124153838Sdfr * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 125153838Sdfr * 6(nametypes), 3(gss-anonymous-name)}. The constant 126153838Sdfr * and GSS_C_NT_ANONYMOUS should be initialized to point 127153838Sdfr * to that gss_OID_desc. 128153838Sdfr */ 129153838Sdfrstatic gss_OID_desc GSS_C_NT_ANONYMOUS_storage = 130350474Sbrooks {6, __DECONST(void *, "\x2b\x06\01\x05\x06\x03")}; 131153838Sdfrgss_OID GSS_C_NT_ANONYMOUS = &GSS_C_NT_ANONYMOUS_storage; 132153838Sdfr 133153838Sdfr/* 134153838Sdfr * The implementation must reserve static storage for a 135153838Sdfr * gss_OID_desc object containing the value 136153838Sdfr * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 137153838Sdfr * corresponding to an object-identifier value of 138153838Sdfr * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 139153838Sdfr * 6(nametypes), 4(gss-api-exported-name)}. The constant 140153838Sdfr * GSS_C_NT_EXPORT_NAME should be initialized to point 141153838Sdfr * to that gss_OID_desc. 142153838Sdfr */ 143153838Sdfrstatic gss_OID_desc GSS_C_NT_EXPORT_NAME_storage = 144350474Sbrooks {6, __DECONST(void *, "\x2b\x06\x01\x05\x06\x04")}; 145153838Sdfrgss_OID GSS_C_NT_EXPORT_NAME = &GSS_C_NT_EXPORT_NAME_storage; 146153838Sdfr 147153838Sdfr/* 148153838Sdfr * This name form shall be represented by the Object Identifier {iso(1) 149153838Sdfr * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 150153838Sdfr * krb5(2) krb5_name(1)}. The recommended symbolic name for this type 151153838Sdfr * is "GSS_KRB5_NT_PRINCIPAL_NAME". 152153838Sdfr */ 153153838Sdfrstatic gss_OID_desc GSS_KRB5_NT_PRINCIPAL_NAME_storage = 154350474Sbrooks {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01")}; 155153838Sdfrgss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &GSS_KRB5_NT_PRINCIPAL_NAME_storage; 156153838Sdfr 157153838Sdfr/* 158153838Sdfr * This name form shall be represented by the Object Identifier {iso(1) 159153838Sdfr * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 160153838Sdfr * generic(1) user_name(1)}. The recommended symbolic name for this 161153838Sdfr * type is "GSS_KRB5_NT_USER_NAME". 162153838Sdfr */ 163153838Sdfrgss_OID GSS_KRB5_NT_USER_NAME = &GSS_C_NT_USER_NAME_storage; 164153838Sdfr 165153838Sdfr/* 166153838Sdfr * This name form shall be represented by the Object Identifier {iso(1) 167153838Sdfr * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 168153838Sdfr * generic(1) machine_uid_name(2)}. The recommended symbolic name for 169153838Sdfr * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". 170153838Sdfr */ 171153838Sdfrgss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &GSS_C_NT_MACHINE_UID_NAME_storage; 172153838Sdfr 173153838Sdfr/* 174153838Sdfr * This name form shall be represented by the Object Identifier {iso(1) 175153838Sdfr * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 176153838Sdfr * generic(1) string_uid_name(3)}. The recommended symbolic name for 177153838Sdfr * this type is "GSS_KRB5_NT_STRING_UID_NAME". 178153838Sdfr */ 179153838Sdfrgss_OID GSS_KRB5_NT_STRING_UID_NAME = &GSS_C_NT_STRING_UID_NAME_storage; 180153838Sdfr 181178828SdfrOM_uint32 182178828Sdfr_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech, 183178828Sdfr struct _gss_mechanism_name **output_mn) 184153838Sdfr{ 185178828Sdfr OM_uint32 major_status; 186153838Sdfr struct _gss_mech_switch *m; 187153838Sdfr struct _gss_mechanism_name *mn; 188153838Sdfr 189178828Sdfr *output_mn = NULL; 190178828Sdfr 191153838Sdfr SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { 192178828Sdfr if (gss_oid_equal(mech, mn->gmn_mech_oid)) 193153838Sdfr break; 194153838Sdfr } 195153838Sdfr 196153838Sdfr if (!mn) { 197153838Sdfr /* 198153838Sdfr * If this name is canonical (i.e. there is only an 199153838Sdfr * MN but it is from a different mech), give up now. 200153838Sdfr */ 201153838Sdfr if (!name->gn_value.value) 202178828Sdfr return (GSS_S_BAD_NAME); 203153838Sdfr 204153838Sdfr m = _gss_find_mech_switch(mech); 205153838Sdfr if (!m) 206178828Sdfr return (GSS_S_BAD_MECH); 207153838Sdfr 208153838Sdfr mn = malloc(sizeof(struct _gss_mechanism_name)); 209153838Sdfr if (!mn) 210178828Sdfr return (GSS_S_FAILURE); 211153838Sdfr 212178828Sdfr major_status = m->gm_import_name(minor_status, 213153838Sdfr &name->gn_value, 214153838Sdfr (name->gn_type.elements 215153838Sdfr ? &name->gn_type : GSS_C_NO_OID), 216153838Sdfr &mn->gmn_name); 217178828Sdfr if (major_status != GSS_S_COMPLETE) { 218178828Sdfr _gss_mg_error(m, major_status, *minor_status); 219153838Sdfr free(mn); 220178828Sdfr return (major_status); 221153838Sdfr } 222153838Sdfr 223153838Sdfr mn->gmn_mech = m; 224153838Sdfr mn->gmn_mech_oid = &m->gm_mech_oid; 225153838Sdfr SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); 226153838Sdfr } 227178828Sdfr *output_mn = mn; 228178828Sdfr return (GSS_S_COMPLETE); 229153838Sdfr} 230153838Sdfr 231178828Sdfr 232153838Sdfr/* 233153838Sdfr * Make a name from an MN. 234153838Sdfr */ 235153838Sdfrstruct _gss_name * 236153838Sdfr_gss_make_name(struct _gss_mech_switch *m, gss_name_t new_mn) 237153838Sdfr{ 238153838Sdfr struct _gss_name *name; 239153838Sdfr struct _gss_mechanism_name *mn; 240153838Sdfr 241153838Sdfr name = malloc(sizeof(struct _gss_name)); 242153838Sdfr if (!name) 243153838Sdfr return (0); 244153838Sdfr memset(name, 0, sizeof(struct _gss_name)); 245153838Sdfr 246153838Sdfr mn = malloc(sizeof(struct _gss_mechanism_name)); 247153838Sdfr if (!mn) { 248153838Sdfr free(name); 249153838Sdfr return (0); 250153838Sdfr } 251153838Sdfr 252153838Sdfr SLIST_INIT(&name->gn_mn); 253153838Sdfr mn->gmn_mech = m; 254153838Sdfr mn->gmn_mech_oid = &m->gm_mech_oid; 255153838Sdfr mn->gmn_name = new_mn; 256153838Sdfr SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); 257153838Sdfr 258153838Sdfr return (name); 259153838Sdfr} 260153838Sdfr 261