1/* $NetBSD: compat.c,v 1.1.1.1 2011/04/13 18:14:44 elric Exp $ */ 2 3/* 4 * Copyright (c) 2003 - 2005 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include "gsskrb5_locl.h" 37 38static krb5_error_code 39check_compat(OM_uint32 *minor_status, 40 krb5_context context, krb5_const_principal name, 41 const char *option, krb5_boolean *compat, 42 krb5_boolean match_val) 43{ 44 krb5_error_code ret = 0; 45 char **p, **q; 46 krb5_principal match; 47 48 49 p = krb5_config_get_strings(context, NULL, "gssapi", 50 option, NULL); 51 if(p == NULL) 52 return 0; 53 54 match = NULL; 55 for(q = p; *q; q++) { 56 ret = krb5_parse_name(context, *q, &match); 57 if (ret) 58 break; 59 60 if (krb5_principal_match(context, name, match)) { 61 *compat = match_val; 62 break; 63 } 64 65 krb5_free_principal(context, match); 66 match = NULL; 67 } 68 if (match) 69 krb5_free_principal(context, match); 70 krb5_config_free_strings(p); 71 72 if (ret) { 73 if (minor_status) 74 *minor_status = ret; 75 return GSS_S_FAILURE; 76 } 77 78 return 0; 79} 80 81/* 82 * ctx->ctx_id_mutex is assumed to be locked 83 */ 84 85OM_uint32 86_gss_DES3_get_mic_compat(OM_uint32 *minor_status, 87 gsskrb5_ctx ctx, 88 krb5_context context) 89{ 90 krb5_boolean use_compat = FALSE; 91 OM_uint32 ret; 92 93 if ((ctx->more_flags & COMPAT_OLD_DES3_SELECTED) == 0) { 94 ret = check_compat(minor_status, context, ctx->target, 95 "broken_des3_mic", &use_compat, TRUE); 96 if (ret) 97 return ret; 98 ret = check_compat(minor_status, context, ctx->target, 99 "correct_des3_mic", &use_compat, FALSE); 100 if (ret) 101 return ret; 102 103 if (use_compat) 104 ctx->more_flags |= COMPAT_OLD_DES3; 105 ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; 106 } 107 return 0; 108} 109 110#if 0 111OM_uint32 112gss_krb5_compat_des3_mic(OM_uint32 *minor_status, gss_ctx_id_t ctx, int on) 113{ 114 *minor_status = 0; 115 116 HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); 117 if (on) { 118 ctx->more_flags |= COMPAT_OLD_DES3; 119 } else { 120 ctx->more_flags &= ~COMPAT_OLD_DES3; 121 } 122 ctx->more_flags |= COMPAT_OLD_DES3_SELECTED; 123 HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); 124 125 return 0; 126} 127#endif 128