1/*
2 * Copyright (c) 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 *    may be used to endorse or promote products derived from this software
21 *    without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36#include "ntlm.h"
37
38#ifdef ENABLE_NTLM
39
40int __gss_ntlm_is_digest_service = 0;
41
42static int
43get_signing_supported(gss_const_OID mech, gss_mo_desc *mo, gss_buffer_t value)
44{
45    OM_uint32 major, minor;
46    ntlm_ctx ctx;
47    int def = 0;
48
49    if (!__gss_ntlm_is_digest_service) {
50
51	major = _gss_ntlm_allocate_ctx(&minor, NULL, &ctx);
52	if (major == GSS_S_COMPLETE) {
53	    gss_ctx_id_t gctx = (gss_ctx_id_t)ctx;
54
55	    if ((ctx->probe_flags & NSI_NO_SIGNING) == 0)
56		def = 1;
57
58	    _gss_ntlm_delete_sec_context(&minor, &gctx, NULL);
59	}
60    }
61    if (!def)
62	return _gss_mo_get_option_0(mech, mo, value);
63
64    return _gss_mo_get_option_1(mech, mo, value);
65}
66
67
68
69static gss_mo_desc _gssntlm_mech_options[] = {
70    {
71	GSS_C_NTLM_V1,
72	GSS_MO_MA,
73	"NTLMv1",
74	NULL,
75	_gss_mo_get_option_0
76    },
77    {
78	GSS_C_NTLM_FORCE_V1,
79	GSS_MO_MA,
80	"Force NTLMv1",
81	NULL,
82	_gss_mo_get_option_0
83    },
84    {
85	GSS_C_NTLM_V2,
86	GSS_MO_MA,
87	"NTLMv2",
88	NULL,
89	_gss_mo_get_option_1
90    },
91    {
92	GSS_C_NTLM_SESSION_KEY,
93	GSS_MO_MA,
94	"NTLM session key",
95	NULL,
96	get_signing_supported
97    },
98    {
99	GSS_C_NTLM_SUPPORT_CHANNELBINDINGS,
100	GSS_MO_MA,
101	"NTLM support channel bindings",
102	NULL,
103	_gss_mo_get_option_1
104    },
105    {
106	GSS_C_NTLM_SUPPORT_LM2,
107	GSS_MO_MA,
108	"NTLM support LM2",
109	NULL,
110	_gss_mo_get_option_1
111    }
112};
113
114static gssapi_mech_interface_desc ntlm_mech = {
115    GMI_VERSION,
116    "ntlm",
117    {10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") },
118    0,
119    _gss_ntlm_acquire_cred,
120    _gss_ntlm_release_cred,
121    _gss_ntlm_init_sec_context,
122    _gss_ntlm_accept_sec_context,
123    _gss_ntlm_process_context_token,
124    _gss_ntlm_delete_sec_context,
125    _gss_ntlm_context_time,
126    _gss_ntlm_get_mic,
127    _gss_ntlm_verify_mic,
128    _gss_ntlm_wrap,
129    _gss_ntlm_unwrap,
130    NULL,
131    NULL,
132    _gss_ntlm_compare_name,
133    _gss_ntlm_display_name,
134    _gss_ntlm_import_name,
135    _gss_ntlm_export_name,
136    _gss_ntlm_release_name,
137    _gss_ntlm_inquire_cred,
138    _gss_ntlm_inquire_context,
139    _gss_ntlm_wrap_size_limit,
140    _gss_ntlm_add_cred,
141    _gss_ntlm_inquire_cred_by_mech,
142    _gss_ntlm_export_sec_context,
143    _gss_ntlm_import_sec_context,
144    _gss_ntlm_inquire_names_for_mech,
145    _gss_ntlm_inquire_mechs_for_name,
146    _gss_ntlm_canonicalize_name,
147    _gss_ntlm_duplicate_name,
148    _gss_ntlm_inquire_sec_context_by_oid,
149    NULL,
150    NULL,
151    NULL,
152    NULL,
153    _gss_ntlm_wrap_iov,
154    _gss_ntlm_unwrap_iov,
155    _gss_ntlm_wrap_iov_length,
156    NULL,
157    NULL,
158    NULL,
159    _gss_ntlm_acquire_cred_ext,
160    _gss_ntlm_iter_creds_f,
161    _gss_ntlm_destroy_cred,
162    _gss_ntlm_cred_hold,
163    _gss_ntlm_cred_unhold,
164    _gss_ntlm_cred_label_get,
165    _gss_ntlm_cred_label_set,
166    _gssntlm_mech_options,
167    sizeof(_gssntlm_mech_options) / sizeof(_gssntlm_mech_options[0])
168};
169
170#endif
171
172gssapi_mech_interface
173__gss_ntlm_initialize(void)
174{
175#ifdef ENABLE_NTLM
176	return &ntlm_mech;
177#else
178	return NULL;
179#endif
180}
181
182/*
183 * Binary compat, thse version are missing the trailer "_oid_desc"
184 * that the autogenerged version have.
185 */
186gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1 =
187    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x19")};
188gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2 =
189    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1a")};
190gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key =
191    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1b")};
192gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1 =
193    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1c")};
194gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_support_channelbindings =
195    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1d")};
196gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_support_lm2 =
197    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1f")};
198
199