1/* 2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Portions Copyright (c) 2009 - 2010 Apple Inc. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include "gsskrb5_locl.h" 37#include <gssapi_mech.h> 38 39/* 40 * Context for krb5 calls. 41 */ 42 43static gss_mo_desc krb5_mo[] = { 44 { 45 GSS_C_MA_SASL_MECH_NAME, 46 GSS_MO_MA, 47 "SASL mech name", 48 rk_UNCONST("GS2-KRB5"), 49 _gss_mo_get_ctx_as_string, 50 NULL 51 }, 52 { 53 GSS_C_MA_MECH_NAME, 54 GSS_MO_MA, 55 "Mechanism name", 56 rk_UNCONST("KRB5"), 57 _gss_mo_get_ctx_as_string, 58 NULL 59 }, 60 { 61 GSS_C_MA_MECH_DESCRIPTION, 62 GSS_MO_MA, 63 "Mechanism description", 64 rk_UNCONST("Heimdal Kerberos 5 mech"), 65 _gss_mo_get_ctx_as_string, 66 NULL 67 }, 68 { 69 GSS_C_MA_MECH_CONCRETE, 70 GSS_MO_MA 71 }, 72 { 73 GSS_C_MA_ITOK_FRAMED, 74 GSS_MO_MA 75 }, 76 { 77 GSS_C_MA_AUTH_INIT, 78 GSS_MO_MA 79 }, 80 { 81 GSS_C_MA_AUTH_TARG, 82 GSS_MO_MA 83 }, 84 { 85 GSS_C_MA_AUTH_INIT_ANON, 86 GSS_MO_MA 87 }, 88 { 89 GSS_C_MA_DELEG_CRED, 90 GSS_MO_MA 91 }, 92 { 93 GSS_C_MA_INTEG_PROT, 94 GSS_MO_MA 95 }, 96 { 97 GSS_C_MA_CONF_PROT, 98 GSS_MO_MA 99 }, 100 { 101 GSS_C_MA_MIC, 102 GSS_MO_MA 103 }, 104 { 105 GSS_C_MA_WRAP, 106 GSS_MO_MA 107 }, 108 { 109 GSS_C_MA_PROT_READY, 110 GSS_MO_MA 111 }, 112 { 113 GSS_C_MA_REPLAY_DET, 114 GSS_MO_MA 115 }, 116 { 117 GSS_C_MA_OOS_DET, 118 GSS_MO_MA 119 }, 120 { 121 GSS_C_MA_CBINDINGS, 122 GSS_MO_MA 123 }, 124 { 125 GSS_C_MA_PFS, 126 GSS_MO_MA 127 }, 128 { 129 GSS_C_MA_CTX_TRANS, 130 GSS_MO_MA 131 } 132}; 133 134/* 135 * 136 */ 137 138static gssapi_mech_interface_desc krb5_mech = { 139 GMI_VERSION, 140 "kerberos 5", 141 {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }, 142 0, 143 _gsskrb5_acquire_cred, 144 _gsskrb5_release_cred, 145 _gsskrb5_init_sec_context, 146 _gsskrb5_accept_sec_context, 147 _gsskrb5_process_context_token, 148 _gsskrb5_delete_sec_context, 149 _gsskrb5_context_time, 150 _gsskrb5_get_mic, 151 _gsskrb5_verify_mic, 152 _gsskrb5_wrap, 153 _gsskrb5_unwrap, 154 _gsskrb5_display_status, 155 NULL, 156 _gsskrb5_compare_name, 157 _gsskrb5_display_name, 158 _gsskrb5_import_name, 159 _gsskrb5_export_name, 160 _gsskrb5_release_name, 161 _gsskrb5_inquire_cred, 162 _gsskrb5_inquire_context, 163 _gsskrb5_wrap_size_limit, 164 _gsskrb5_add_cred, 165 _gsskrb5_inquire_cred_by_mech, 166 _gsskrb5_export_sec_context, 167 _gsskrb5_import_sec_context, 168 _gsskrb5_inquire_names_for_mech, 169 _gsskrb5_inquire_mechs_for_name, 170 _gsskrb5_canonicalize_name, 171 _gsskrb5_duplicate_name, 172 _gsskrb5_inquire_sec_context_by_oid, 173 _gsskrb5_inquire_cred_by_oid, 174 _gsskrb5_set_sec_context_option, 175 _gsskrb5_set_cred_option, 176 _gsskrb5_pseudo_random, 177 _gk_wrap_iov, 178 _gk_unwrap_iov, 179 _gk_wrap_iov_length, 180 _gsskrb5_store_cred, 181 _gsskrb5_export_cred, 182 _gsskrb5_import_cred, 183 _gss_krb5_acquire_cred_ext, 184 _gss_krb5_iter_creds_f, 185 _gsskrb5_destroy_cred, 186 _gsskrb5_cred_hold, 187 _gsskrb5_cred_unhold, 188 _gsskrb5_cred_label_get, 189 _gsskrb5_cred_label_set, 190 krb5_mo, 191 sizeof(krb5_mo) / sizeof(krb5_mo[0]), 192 _gsskrb5_pname_to_uid, 193 _gsskrb5_authorize_localname, 194 NULL, 195 NULL, 196 NULL, 197 NULL, 198 NULL, 199 NULL, 200 NULL, 201 _gsskrb5_appl_change_password 202}; 203 204static gssapi_mech_interface_desc iakerb_mech = { 205 GMI_VERSION, 206 "iakerb", 207 {6, "\x2b\x06\x01\x05\x02\x05" }, 208 0, 209 _gssiakerb_acquire_cred, 210 _gsskrb5_release_cred, 211 _gsskrb5_init_sec_context, 212 _gssiakerb_accept_sec_context, 213 _gsskrb5_process_context_token, 214 _gsskrb5_delete_sec_context, 215 _gsskrb5_context_time, 216 _gsskrb5_get_mic, 217 _gsskrb5_verify_mic, 218 _gsskrb5_wrap, 219 _gsskrb5_unwrap, 220 _gsskrb5_display_status, 221 NULL, 222 _gsskrb5_compare_name, 223 _gsskrb5_display_name, 224 _gssiakerb_import_name, 225 _gssiakerb_export_name, 226 _gsskrb5_release_name, 227 _gsskrb5_inquire_cred, 228 _gsskrb5_inquire_context, 229 _gsskrb5_wrap_size_limit, 230 _gsskrb5_add_cred, 231 _gsskrb5_inquire_cred_by_mech, 232 _gsskrb5_export_sec_context, 233 _gsskrb5_import_sec_context, 234 _gssiakerb_inquire_names_for_mech, 235 _gsskrb5_inquire_mechs_for_name, 236 _gsskrb5_canonicalize_name, 237 _gsskrb5_duplicate_name, 238 _gsskrb5_inquire_sec_context_by_oid, 239 _gsskrb5_inquire_cred_by_oid, 240 _gsskrb5_set_sec_context_option, 241 _gsskrb5_set_cred_option, 242 _gsskrb5_pseudo_random, 243 _gk_wrap_iov, 244 _gk_unwrap_iov, 245 _gk_wrap_iov_length, 246 _gsskrb5_store_cred, 247 _gsskrb5_export_cred, 248 _gsskrb5_import_cred, 249 _gss_iakerb_acquire_cred_ext, 250 _gss_iakerb_iter_creds_f, 251 _gsskrb5_destroy_cred, 252 _gsskrb5_cred_hold, 253 _gsskrb5_cred_unhold, 254 _gsskrb5_cred_label_get, 255 _gsskrb5_cred_label_set, 256 NULL, 257 0, 258 _gsskrb5_pname_to_uid, 259 _gsskrb5_authorize_localname, 260 NULL, 261 NULL, 262 NULL, 263 NULL, 264 NULL, 265 NULL, 266 NULL, 267 _gsskrb5_appl_change_password 268}; 269 270 271#ifdef PKINIT 272 273static gssapi_mech_interface_desc pku2u_mech = { 274 GMI_VERSION, 275 "pku2u", 276 {6, "\x2b\x05\x01\x05\x02\x07" }, 277 0, 278 _gsspku2u_acquire_cred, 279 _gsskrb5_release_cred, 280 _gsskrb5_init_sec_context, 281 _gsspku2u_accept_sec_context, 282 _gsskrb5_process_context_token, 283 _gsskrb5_delete_sec_context, 284 _gsskrb5_context_time, 285 _gsskrb5_get_mic, 286 _gsskrb5_verify_mic, 287 _gsskrb5_wrap, 288 _gsskrb5_unwrap, 289 _gsskrb5_display_status, 290 NULL, 291 _gsskrb5_compare_name, 292 _gsskrb5_display_name, 293 _gsspku2u_import_name, 294 _gsspku2u_export_name, 295 _gsskrb5_release_name, 296 _gsskrb5_inquire_cred, 297 _gsskrb5_inquire_context, 298 _gsskrb5_wrap_size_limit, 299 _gsskrb5_add_cred, 300 _gsskrb5_inquire_cred_by_mech, 301 _gsskrb5_export_sec_context, 302 _gsskrb5_import_sec_context, 303 _gsspku2u_inquire_names_for_mech, 304 _gsskrb5_inquire_mechs_for_name, 305 _gsskrb5_canonicalize_name, 306 _gsskrb5_duplicate_name, 307 _gsskrb5_inquire_sec_context_by_oid, 308 _gsskrb5_inquire_cred_by_oid, 309 _gsskrb5_set_sec_context_option, 310 _gsskrb5_set_cred_option, 311 _gsskrb5_pseudo_random, 312 _gk_wrap_iov, 313 _gk_unwrap_iov, 314 _gk_wrap_iov_length, 315 _gsskrb5_store_cred, 316 _gsskrb5_export_cred, 317 _gsskrb5_import_cred, 318 _gss_krb5_acquire_cred_ext, 319 _gss_pku2u_iter_creds_f, 320 _gsskrb5_destroy_cred, 321 _gsskrb5_cred_hold, 322 _gsskrb5_cred_unhold, 323 _gsskrb5_cred_label_get, 324 _gsskrb5_cred_label_set, 325 NULL, 326 0, 327 _gsskrb5_pname_to_uid, 328 _gsskrb5_authorize_localname, 329 NULL, 330 NULL, 331 NULL, 332 NULL, 333 NULL, 334 NULL, 335 NULL, 336 _gsskrb5_appl_change_password 337}; 338 339#endif 340 341gssapi_mech_interface 342__gss_krb5_initialize(void) 343{ 344 return &krb5_mech; 345} 346 347gssapi_mech_interface 348__gss_pku2u_initialize(void) 349{ 350 return &iakerb_mech; 351} 352 353gssapi_mech_interface 354__gss_iakerb_initialize(void) 355{ 356#ifdef PKINIT 357 return &pku2u_mech; 358#else 359 return NULL; 360#endif 361} 362 363/* 364 * compat glue 365 */ 366 367gss_OID_desc GSSAPI_LIB_VARIABLE __gss_appl_lkdc_supported_desc = 368 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x03") }; 369gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_uuid_desc = 370 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1e")}; 371