1/* $NetBSD: external.c,v 1.1.1.1 2011/04/13 18:14:45 elric Exp $ */ 2 3/* 4 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include "gsskrb5_locl.h" 37#include <gssapi_mech.h> 38 39/* 40 * The implementation must reserve static storage for a 41 * gss_OID_desc object containing the value 42 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 43 * "\x01\x02\x01\x01"}, 44 * corresponding to an object-identifier value of 45 * {iso(1) member-body(2) United States(840) mit(113554) 46 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 47 * GSS_C_NT_USER_NAME should be initialized to point 48 * to that gss_OID_desc. 49 */ 50 51gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc = 52 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; 53 54/* 55 * The implementation must reserve static storage for a 56 * gss_OID_desc object containing the value 57 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 58 * "\x01\x02\x01\x02"}, 59 * corresponding to an object-identifier value of 60 * {iso(1) member-body(2) United States(840) mit(113554) 61 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 62 * The constant GSS_C_NT_MACHINE_UID_NAME should be 63 * initialized to point to that gss_OID_desc. 64 */ 65 66gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc = 67 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; 68 69/* 70 * The implementation must reserve static storage for a 71 * gss_OID_desc object containing the value 72 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 73 * "\x01\x02\x01\x03"}, 74 * corresponding to an object-identifier value of 75 * {iso(1) member-body(2) United States(840) mit(113554) 76 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 77 * The constant GSS_C_NT_STRING_UID_NAME should be 78 * initialized to point to that gss_OID_desc. 79 */ 80 81gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc = 82 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; 83 84/* 85 * The implementation must reserve static storage for a 86 * gss_OID_desc object containing the value 87 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 88 * corresponding to an object-identifier value of 89 * {iso(1) org(3) dod(6) internet(1) security(5) 90 * nametypes(6) gss-host-based-services(2)). The constant 91 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 92 * to that gss_OID_desc. This is a deprecated OID value, and 93 * implementations wishing to support hostbased-service names 94 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 95 * defined below, to identify such names; 96 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 97 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 98 * parameter, but should not be emitted by GSS-API 99 * implementations 100 */ 101 102gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc = 103 {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; 104 105/* 106 * The implementation must reserve static storage for a 107 * gss_OID_desc object containing the value 108 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 109 * "\x01\x02\x01\x04"}, corresponding to an 110 * object-identifier value of {iso(1) member-body(2) 111 * Unites States(840) mit(113554) infosys(1) gssapi(2) 112 * generic(1) service_name(4)}. The constant 113 * GSS_C_NT_HOSTBASED_SERVICE should be initialized 114 * to point to that gss_OID_desc. 115 */ 116gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc = 117 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; 118 119/* 120 * The implementation must reserve static storage for a 121 * gss_OID_desc object containing the value 122 * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 123 * corresponding to an object identifier value of 124 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 125 * 6(nametypes), 3(gss-anonymous-name)}. The constant 126 * and GSS_C_NT_ANONYMOUS should be initialized to point 127 * to that gss_OID_desc. 128 */ 129 130gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc = 131 {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; 132 133/* 134 * The implementation must reserve static storage for a 135 * gss_OID_desc object containing the value 136 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 137 * corresponding to an object-identifier value of 138 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 139 * 6(nametypes), 4(gss-api-exported-name)}. The constant 140 * GSS_C_NT_EXPORT_NAME should be initialized to point 141 * to that gss_OID_desc. 142 */ 143 144gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc = 145 {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; 146 147/* 148 * This name form shall be represented by the Object Identifier {iso(1) 149 * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 150 * krb5(2) krb5_name(1)}. The recommended symbolic name for this type 151 * is "GSS_KRB5_NT_PRINCIPAL_NAME". 152 */ 153 154gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc = 155 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; 156 157/* 158 * draft-ietf-cat-iakerb-09, IAKERB: 159 * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance 160 * with the mechanism proposed by SPNEGO [7] for negotiating protocol 161 * variations, is: {iso(1) org(3) dod(6) internet(1) security(5) 162 * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed 163 * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in 164 * accordance with the mechanism proposed by SPNEGO for negotiating 165 * protocol variations, is: {iso(1) org(3) dod(6) internet(1) 166 * security(5) mechanisms(5) iakerb(10) 167 * iakerbMinimumMessagesProtocol(2)}. 168 */ 169 170gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc = 171 {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; 172 173gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc = 174 {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; 175 176/* 177 * Context for krb5 calls. 178 */ 179 180static gss_mo_desc krb5_mo[] = { 181 { 182 GSS_C_MA_SASL_MECH_NAME, 183 GSS_MO_MA, 184 "SASL mech name", 185 "GS2-KRB5", 186 _gss_mo_get_ctx_as_string, 187 NULL 188 }, 189 { 190 GSS_C_MA_MECH_NAME, 191 GSS_MO_MA, 192 "Mechanism name", 193 "KRB5", 194 _gss_mo_get_ctx_as_string, 195 NULL 196 }, 197 { 198 GSS_C_MA_MECH_DESCRIPTION, 199 GSS_MO_MA, 200 "Mechanism description", 201 "Heimdal Kerberos 5 mech", 202 _gss_mo_get_ctx_as_string, 203 NULL 204 }, 205 { 206 GSS_C_MA_MECH_CONCRETE, 207 GSS_MO_MA 208 }, 209 { 210 GSS_C_MA_ITOK_FRAMED, 211 GSS_MO_MA 212 }, 213 { 214 GSS_C_MA_AUTH_INIT, 215 GSS_MO_MA 216 }, 217 { 218 GSS_C_MA_AUTH_TARG, 219 GSS_MO_MA 220 }, 221 { 222 GSS_C_MA_AUTH_INIT_ANON, 223 GSS_MO_MA 224 }, 225 { 226 GSS_C_MA_DELEG_CRED, 227 GSS_MO_MA 228 }, 229 { 230 GSS_C_MA_INTEG_PROT, 231 GSS_MO_MA 232 }, 233 { 234 GSS_C_MA_CONF_PROT, 235 GSS_MO_MA 236 }, 237 { 238 GSS_C_MA_MIC, 239 GSS_MO_MA 240 }, 241 { 242 GSS_C_MA_WRAP, 243 GSS_MO_MA 244 }, 245 { 246 GSS_C_MA_PROT_READY, 247 GSS_MO_MA 248 }, 249 { 250 GSS_C_MA_REPLAY_DET, 251 GSS_MO_MA 252 }, 253 { 254 GSS_C_MA_OOS_DET, 255 GSS_MO_MA 256 }, 257 { 258 GSS_C_MA_CBINDINGS, 259 GSS_MO_MA 260 }, 261 { 262 GSS_C_MA_PFS, 263 GSS_MO_MA 264 }, 265 { 266 GSS_C_MA_CTX_TRANS, 267 GSS_MO_MA 268 } 269}; 270 271/* 272 * 273 */ 274 275static gssapi_mech_interface_desc krb5_mech = { 276 GMI_VERSION, 277 "kerberos 5", 278 {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }, 279 0, 280 _gsskrb5_acquire_cred, 281 _gsskrb5_release_cred, 282 _gsskrb5_init_sec_context, 283 _gsskrb5_accept_sec_context, 284 _gsskrb5_process_context_token, 285 _gsskrb5_delete_sec_context, 286 _gsskrb5_context_time, 287 _gsskrb5_get_mic, 288 _gsskrb5_verify_mic, 289 _gsskrb5_wrap, 290 _gsskrb5_unwrap, 291 _gsskrb5_display_status, 292 _gsskrb5_indicate_mechs, 293 _gsskrb5_compare_name, 294 _gsskrb5_display_name, 295 _gsskrb5_import_name, 296 _gsskrb5_export_name, 297 _gsskrb5_release_name, 298 _gsskrb5_inquire_cred, 299 _gsskrb5_inquire_context, 300 _gsskrb5_wrap_size_limit, 301 _gsskrb5_add_cred, 302 _gsskrb5_inquire_cred_by_mech, 303 _gsskrb5_export_sec_context, 304 _gsskrb5_import_sec_context, 305 _gsskrb5_inquire_names_for_mech, 306 _gsskrb5_inquire_mechs_for_name, 307 _gsskrb5_canonicalize_name, 308 _gsskrb5_duplicate_name, 309 _gsskrb5_inquire_sec_context_by_oid, 310 _gsskrb5_inquire_cred_by_oid, 311 _gsskrb5_set_sec_context_option, 312 _gsskrb5_set_cred_option, 313 _gsskrb5_pseudo_random, 314 _gk_wrap_iov, 315 _gk_unwrap_iov, 316 _gk_wrap_iov_length, 317 _gsskrb5_store_cred, 318 _gsskrb5_export_cred, 319 _gsskrb5_import_cred, 320 NULL, 321 NULL, 322 NULL, 323 NULL, 324 NULL, 325 NULL, 326 NULL, 327 krb5_mo, 328 sizeof(krb5_mo) / sizeof(krb5_mo[0]) 329}; 330 331gssapi_mech_interface 332__gss_krb5_initialize(void) 333{ 334 return &krb5_mech; 335} 336