1/*
2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 - 2010 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 *    may be used to endorse or promote products derived from this software
21 *    without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36#include "gsskrb5_locl.h"
37#include <gssapi_mech.h>
38
39/*
40 * Context for krb5 calls.
41 */
42
43static gss_mo_desc krb5_mo[] = {
44    {
45	GSS_C_MA_SASL_MECH_NAME,
46	GSS_MO_MA,
47	"SASL mech name",
48	rk_UNCONST("GS2-KRB5"),
49	_gss_mo_get_ctx_as_string,
50	NULL
51    },
52    {
53	GSS_C_MA_MECH_NAME,
54	GSS_MO_MA,
55	"Mechanism name",
56	rk_UNCONST("KRB5"),
57	_gss_mo_get_ctx_as_string,
58	NULL
59    },
60    {
61	GSS_C_MA_MECH_DESCRIPTION,
62	GSS_MO_MA,
63	"Mechanism description",
64	rk_UNCONST("Heimdal Kerberos 5 mech"),
65	_gss_mo_get_ctx_as_string,
66	NULL
67    },
68    {
69	GSS_C_MA_MECH_CONCRETE,
70	GSS_MO_MA
71    },
72    {
73	GSS_C_MA_ITOK_FRAMED,
74	GSS_MO_MA
75    },
76    {
77	GSS_C_MA_AUTH_INIT,
78	GSS_MO_MA
79    },
80    {
81	GSS_C_MA_AUTH_TARG,
82	GSS_MO_MA
83    },
84    {
85	GSS_C_MA_AUTH_INIT_ANON,
86	GSS_MO_MA
87    },
88    {
89	GSS_C_MA_DELEG_CRED,
90	GSS_MO_MA
91    },
92    {
93	GSS_C_MA_INTEG_PROT,
94	GSS_MO_MA
95    },
96    {
97	GSS_C_MA_CONF_PROT,
98	GSS_MO_MA
99    },
100    {
101	GSS_C_MA_MIC,
102	GSS_MO_MA
103    },
104    {
105	GSS_C_MA_WRAP,
106	GSS_MO_MA
107    },
108    {
109	GSS_C_MA_PROT_READY,
110	GSS_MO_MA
111    },
112    {
113	GSS_C_MA_REPLAY_DET,
114	GSS_MO_MA
115    },
116    {
117	GSS_C_MA_OOS_DET,
118	GSS_MO_MA
119    },
120    {
121	GSS_C_MA_CBINDINGS,
122	GSS_MO_MA
123    },
124    {
125	GSS_C_MA_PFS,
126	GSS_MO_MA
127    },
128    {
129	GSS_C_MA_CTX_TRANS,
130	GSS_MO_MA
131    }
132};
133
134/*
135 *
136 */
137
138static gssapi_mech_interface_desc krb5_mech = {
139    GMI_VERSION,
140    "kerberos 5",
141    {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
142    0,
143    _gsskrb5_acquire_cred,
144    _gsskrb5_release_cred,
145    _gsskrb5_init_sec_context,
146    _gsskrb5_accept_sec_context,
147    _gsskrb5_process_context_token,
148    _gsskrb5_delete_sec_context,
149    _gsskrb5_context_time,
150    _gsskrb5_get_mic,
151    _gsskrb5_verify_mic,
152    _gsskrb5_wrap,
153    _gsskrb5_unwrap,
154    _gsskrb5_display_status,
155    NULL,
156    _gsskrb5_compare_name,
157    _gsskrb5_display_name,
158    _gsskrb5_import_name,
159    _gsskrb5_export_name,
160    _gsskrb5_release_name,
161    _gsskrb5_inquire_cred,
162    _gsskrb5_inquire_context,
163    _gsskrb5_wrap_size_limit,
164    _gsskrb5_add_cred,
165    _gsskrb5_inquire_cred_by_mech,
166    _gsskrb5_export_sec_context,
167    _gsskrb5_import_sec_context,
168    _gsskrb5_inquire_names_for_mech,
169    _gsskrb5_inquire_mechs_for_name,
170    _gsskrb5_canonicalize_name,
171    _gsskrb5_duplicate_name,
172    _gsskrb5_inquire_sec_context_by_oid,
173    _gsskrb5_inquire_cred_by_oid,
174    _gsskrb5_set_sec_context_option,
175    _gsskrb5_set_cred_option,
176    _gsskrb5_pseudo_random,
177    _gk_wrap_iov,
178    _gk_unwrap_iov,
179    _gk_wrap_iov_length,
180    _gsskrb5_store_cred,
181    _gsskrb5_export_cred,
182    _gsskrb5_import_cred,
183    _gss_krb5_acquire_cred_ext,
184    _gss_krb5_iter_creds_f,
185    _gsskrb5_destroy_cred,
186    _gsskrb5_cred_hold,
187    _gsskrb5_cred_unhold,
188    _gsskrb5_cred_label_get,
189    _gsskrb5_cred_label_set,
190    krb5_mo,
191    sizeof(krb5_mo) / sizeof(krb5_mo[0]),
192    _gsskrb5_pname_to_uid,
193    _gsskrb5_authorize_localname,
194    NULL,
195    NULL,
196    NULL,
197    NULL,
198    NULL,
199    NULL,
200    NULL,
201    _gsskrb5_appl_change_password
202};
203
204static gssapi_mech_interface_desc iakerb_mech = {
205    GMI_VERSION,
206    "iakerb",
207    {6, "\x2b\x06\x01\x05\x02\x05" },
208    0,
209    _gssiakerb_acquire_cred,
210    _gsskrb5_release_cred,
211    _gsskrb5_init_sec_context,
212    _gssiakerb_accept_sec_context,
213    _gsskrb5_process_context_token,
214    _gsskrb5_delete_sec_context,
215    _gsskrb5_context_time,
216    _gsskrb5_get_mic,
217    _gsskrb5_verify_mic,
218    _gsskrb5_wrap,
219    _gsskrb5_unwrap,
220    _gsskrb5_display_status,
221    NULL,
222    _gsskrb5_compare_name,
223    _gsskrb5_display_name,
224    _gssiakerb_import_name,
225    _gssiakerb_export_name,
226    _gsskrb5_release_name,
227    _gsskrb5_inquire_cred,
228    _gsskrb5_inquire_context,
229    _gsskrb5_wrap_size_limit,
230    _gsskrb5_add_cred,
231    _gsskrb5_inquire_cred_by_mech,
232    _gsskrb5_export_sec_context,
233    _gsskrb5_import_sec_context,
234    _gssiakerb_inquire_names_for_mech,
235    _gsskrb5_inquire_mechs_for_name,
236    _gsskrb5_canonicalize_name,
237    _gsskrb5_duplicate_name,
238    _gsskrb5_inquire_sec_context_by_oid,
239    _gsskrb5_inquire_cred_by_oid,
240    _gsskrb5_set_sec_context_option,
241    _gsskrb5_set_cred_option,
242    _gsskrb5_pseudo_random,
243    _gk_wrap_iov,
244    _gk_unwrap_iov,
245    _gk_wrap_iov_length,
246    _gsskrb5_store_cred,
247    _gsskrb5_export_cred,
248    _gsskrb5_import_cred,
249    _gss_iakerb_acquire_cred_ext,
250    _gss_iakerb_iter_creds_f,
251    _gsskrb5_destroy_cred,
252    _gsskrb5_cred_hold,
253    _gsskrb5_cred_unhold,
254    _gsskrb5_cred_label_get,
255    _gsskrb5_cred_label_set,
256    NULL,
257    0,
258    _gsskrb5_pname_to_uid,
259    _gsskrb5_authorize_localname,
260    NULL,
261    NULL,
262    NULL,
263    NULL,
264    NULL,
265    NULL,
266    NULL,
267    _gsskrb5_appl_change_password
268};
269
270
271#ifdef PKINIT
272
273static gssapi_mech_interface_desc pku2u_mech = {
274    GMI_VERSION,
275    "pku2u",
276    {6, "\x2b\x05\x01\x05\x02\x07" },
277    0,
278    _gsspku2u_acquire_cred,
279    _gsskrb5_release_cred,
280    _gsskrb5_init_sec_context,
281    _gsspku2u_accept_sec_context,
282    _gsskrb5_process_context_token,
283    _gsskrb5_delete_sec_context,
284    _gsskrb5_context_time,
285    _gsskrb5_get_mic,
286    _gsskrb5_verify_mic,
287    _gsskrb5_wrap,
288    _gsskrb5_unwrap,
289    _gsskrb5_display_status,
290    NULL,
291    _gsskrb5_compare_name,
292    _gsskrb5_display_name,
293    _gsspku2u_import_name,
294    _gsspku2u_export_name,
295    _gsskrb5_release_name,
296    _gsskrb5_inquire_cred,
297    _gsskrb5_inquire_context,
298    _gsskrb5_wrap_size_limit,
299    _gsskrb5_add_cred,
300    _gsskrb5_inquire_cred_by_mech,
301    _gsskrb5_export_sec_context,
302    _gsskrb5_import_sec_context,
303    _gsspku2u_inquire_names_for_mech,
304    _gsskrb5_inquire_mechs_for_name,
305    _gsskrb5_canonicalize_name,
306    _gsskrb5_duplicate_name,
307    _gsskrb5_inquire_sec_context_by_oid,
308    _gsskrb5_inquire_cred_by_oid,
309    _gsskrb5_set_sec_context_option,
310    _gsskrb5_set_cred_option,
311    _gsskrb5_pseudo_random,
312    _gk_wrap_iov,
313    _gk_unwrap_iov,
314    _gk_wrap_iov_length,
315    _gsskrb5_store_cred,
316    _gsskrb5_export_cred,
317    _gsskrb5_import_cred,
318    _gss_krb5_acquire_cred_ext,
319    _gss_pku2u_iter_creds_f,
320    _gsskrb5_destroy_cred,
321    _gsskrb5_cred_hold,
322    _gsskrb5_cred_unhold,
323    _gsskrb5_cred_label_get,
324    _gsskrb5_cred_label_set,
325    NULL,
326    0,
327    _gsskrb5_pname_to_uid,
328    _gsskrb5_authorize_localname,
329    NULL,
330    NULL,
331    NULL,
332    NULL,
333    NULL,
334    NULL,
335    NULL,
336    _gsskrb5_appl_change_password
337};
338
339#endif
340
341gssapi_mech_interface
342__gss_krb5_initialize(void)
343{
344    return &krb5_mech;
345}
346
347gssapi_mech_interface
348__gss_pku2u_initialize(void)
349{
350    return &iakerb_mech;
351}
352
353gssapi_mech_interface
354__gss_iakerb_initialize(void)
355{
356#ifdef PKINIT
357    return &pku2u_mech;
358#else
359    return NULL;
360#endif
361}
362
363/*
364 * compat glue
365 */
366
367gss_OID_desc GSSAPI_LIB_VARIABLE __gss_appl_lkdc_supported_desc =
368    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x03") };
369gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_uuid_desc =
370    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1e")};
371