180709Sjake/* $NetBSD$ */ 280709Sjake 380709Sjake/* 480709Sjake * Copyright (c) 1997 - 2000 Kungliga Tekniska H��gskolan 580709Sjake * (Royal Institute of Technology, Stockholm, Sweden). 680709Sjake * All rights reserved. 780709Sjake * 880709Sjake * Redistribution and use in source and binary forms, with or without 980709Sjake * modification, are permitted provided that the following conditions 1080709Sjake * are met: 1180709Sjake * 1280709Sjake * 1. Redistributions of source code must retain the above copyright 1380709Sjake * notice, this list of conditions and the following disclaimer. 1481337Sobrien * 1580709Sjake * 2. Redistributions in binary form must reproduce the above copyright 1680709Sjake * notice, this list of conditions and the following disclaimer in the 1781337Sobrien * documentation and/or other materials provided with the distribution. 1880709Sjake * 1980709Sjake * 3. Neither the name of the Institute nor the names of its contributors 2080709Sjake * may be used to endorse or promote products derived from this software 2180709Sjake * without specific prior written permission. 2280709Sjake * 2380709Sjake * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 2480709Sjake * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2580709Sjake * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2680709Sjake * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27155839Smarius * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28155839Smarius * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29155839Smarius * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 3080709Sjake * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 3180709Sjake * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32131952Smarcel * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3380709Sjake * SUCH DAMAGE. 34148666Sjeff */ 3586525Sjake 3680709Sjake#include "gsskrb5_locl.h" 3780709Sjake#include <gssapi_mech.h> 3880709Sjake 3980709Sjake/* 4080709Sjake * The implementation must reserve static storage for a 4180709Sjake * gss_OID_desc object containing the value 42138129Sdas * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 43174195Srwatson * "\x01\x02\x01\x01"}, 4480709Sjake * corresponding to an object-identifier value of 4580709Sjake * {iso(1) member-body(2) United States(840) mit(113554) 4680709Sjake * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 4780709Sjake * GSS_C_NT_USER_NAME should be initialized to point 4880709Sjake * to that gss_OID_desc. 4980709Sjake */ 5080709Sjake 5180709Sjakegss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc = 5280709Sjake {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; 53131952Smarcel 54131952Smarcel/* 55131952Smarcel * The implementation must reserve static storage for a 5680709Sjake * gss_OID_desc object containing the value 57131952Smarcel * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 58131952Smarcel * "\x01\x02\x01\x02"}, 59131952Smarcel * corresponding to an object-identifier value of 60131952Smarcel * {iso(1) member-body(2) United States(840) mit(113554) 61131952Smarcel * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 62131952Smarcel * The constant GSS_C_NT_MACHINE_UID_NAME should be 63131952Smarcel * initialized to point to that gss_OID_desc. 64131952Smarcel */ 65131952Smarcel 66131952Smarcelgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc = 67131952Smarcel {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; 68131952Smarcel 69131952Smarcel/* 70131952Smarcel * The implementation must reserve static storage for a 71131952Smarcel * gss_OID_desc object containing the value 72131952Smarcel * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 73131952Smarcel * "\x01\x02\x01\x03"}, 74131952Smarcel * corresponding to an object-identifier value of 75131952Smarcel * {iso(1) member-body(2) United States(840) mit(113554) 7680709Sjake * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 7780709Sjake * The constant GSS_C_NT_STRING_UID_NAME should be 7880709Sjake * initialized to point to that gss_OID_desc. 79131952Smarcel */ 80131952Smarcel 8180709Sjakegss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc = 82131952Smarcel {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; 8380709Sjake 84131952Smarcel/* 85131952Smarcel * The implementation must reserve static storage for a 86131952Smarcel * gss_OID_desc object containing the value 87131952Smarcel * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 88131952Smarcel * corresponding to an object-identifier value of 89131952Smarcel * {iso(1) org(3) dod(6) internet(1) security(5) 90131952Smarcel * nametypes(6) gss-host-based-services(2)). The constant 91131952Smarcel * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 92131952Smarcel * to that gss_OID_desc. This is a deprecated OID value, and 93131952Smarcel * implementations wishing to support hostbased-service names 94131952Smarcel * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 95131952Smarcel * defined below, to identify such names; 96131952Smarcel * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 97131952Smarcel * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 98160312Sjhb * parameter, but should not be emitted by GSS-API 99131952Smarcel * implementations 100131952Smarcel */ 101131952Smarcel 102131952Smarcelgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc = 103131952Smarcel {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; 104131952Smarcel 105131952Smarcel/* 106131952Smarcel * The implementation must reserve static storage for a 107131952Smarcel * gss_OID_desc object containing the value 108131952Smarcel * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 109131952Smarcel * "\x01\x02\x01\x04"}, corresponding to an 110160312Sjhb * object-identifier value of {iso(1) member-body(2) 111131952Smarcel * Unites States(840) mit(113554) infosys(1) gssapi(2) 112131952Smarcel * generic(1) service_name(4)}. The constant 113131952Smarcel * GSS_C_NT_HOSTBASED_SERVICE should be initialized 114131952Smarcel * to point to that gss_OID_desc. 115131952Smarcel */ 116131952Smarcelgss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc = 117131952Smarcel {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; 118131952Smarcel 119131952Smarcel/* 12088635Sjake * The implementation must reserve static storage for a 12186525Sjake * gss_OID_desc object containing the value 122131952Smarcel * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 123131952Smarcel * corresponding to an object identifier value of 124131952Smarcel * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 125131952Smarcel * 6(nametypes), 3(gss-anonymous-name)}. The constant 126131952Smarcel * and GSS_C_NT_ANONYMOUS should be initialized to point 127131952Smarcel * to that gss_OID_desc. 128131952Smarcel */ 129131952Smarcel 13080709Sjakegss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc = 13180709Sjake {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; 132131952Smarcel 13380709Sjake/* 13480709Sjake * The implementation must reserve static storage for a 13581379Sjake * gss_OID_desc object containing the value 136160312Sjhb * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 13780709Sjake * corresponding to an object-identifier value of 13893028Sjake * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 13986525Sjake * 6(nametypes), 4(gss-api-exported-name)}. The constant 14086525Sjake * GSS_C_NT_EXPORT_NAME should be initialized to point 14186525Sjake * to that gss_OID_desc. 14286525Sjake */ 14386525Sjake 14480709Sjakegss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc = 14588635Sjake {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; 14688635Sjake 14788635Sjake/* 14888635Sjake * This name form shall be represented by the Object Identifier {iso(1) 14988635Sjake * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 15086525Sjake * krb5(2) krb5_name(1)}. The recommended symbolic name for this type 15193028Sjake * is "GSS_KRB5_NT_PRINCIPAL_NAME". 15288635Sjake */ 15380709Sjake 15493028Sjakegss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc = 15588635Sjake {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; 15688635Sjake 15786525Sjake/* 15880709Sjake * draft-ietf-cat-iakerb-09, IAKERB: 15988635Sjake * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance 16088635Sjake * with the mechanism proposed by SPNEGO [7] for negotiating protocol 16188635Sjake * variations, is: {iso(1) org(3) dod(6) internet(1) security(5) 16288635Sjake * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed 16388635Sjake * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in 16488635Sjake * accordance with the mechanism proposed by SPNEGO for negotiating 16588635Sjake * protocol variations, is: {iso(1) org(3) dod(6) internet(1) 16688635Sjake * security(5) mechanisms(5) iakerb(10) 16788635Sjake * iakerbMinimumMessagesProtocol(2)}. 16888635Sjake */ 16988635Sjake 17088635Sjakegss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc = 17188635Sjake {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; 17280709Sjake 17388635Sjakegss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc = 17488635Sjake {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; 17588635Sjake 17688635Sjake/* 17788635Sjake * Context for krb5 calls. 17888635Sjake */ 17986525Sjake 18086525Sjakestatic gss_mo_desc krb5_mo[] = { 18188635Sjake { 18286525Sjake GSS_C_MA_SASL_MECH_NAME, 18386525Sjake GSS_MO_MA, 18486525Sjake "SASL mech name", 18586525Sjake "GS2-KRB5", 18686525Sjake _gss_mo_get_ctx_as_string, 18786525Sjake NULL 18886525Sjake }, 18986525Sjake { 19086525Sjake GSS_C_MA_MECH_NAME, 19186525Sjake GSS_MO_MA, 19286525Sjake "Mechanism name", 19386525Sjake "KRB5", 19488635Sjake _gss_mo_get_ctx_as_string, 19588635Sjake NULL 19688635Sjake }, 19788635Sjake { 19888635Sjake GSS_C_MA_MECH_DESCRIPTION, 19988635Sjake GSS_MO_MA, 20088635Sjake "Mechanism description", 20180709Sjake "Heimdal Kerberos 5 mech", 20280709Sjake _gss_mo_get_ctx_as_string, 20380709Sjake NULL 20493028Sjake }, 20593028Sjake { 20693028Sjake GSS_C_MA_MECH_CONCRETE, 20788635Sjake GSS_MO_MA 20888635Sjake }, 20988635Sjake { 21088635Sjake GSS_C_MA_ITOK_FRAMED, 21188635Sjake GSS_MO_MA 21288635Sjake }, 21388635Sjake { 214160312Sjhb GSS_C_MA_AUTH_INIT, 21580709Sjake GSS_MO_MA 21688635Sjake }, 21780709Sjake { 21893028Sjake GSS_C_MA_AUTH_TARG, 219131952Smarcel GSS_MO_MA 220131952Smarcel }, 22193028Sjake { 222131952Smarcel GSS_C_MA_AUTH_INIT_ANON, 223131952Smarcel GSS_MO_MA 224131952Smarcel }, 225131952Smarcel { 226131952Smarcel GSS_C_MA_DELEG_CRED, 227131952Smarcel GSS_MO_MA 228131952Smarcel }, 229131952Smarcel { 230131952Smarcel GSS_C_MA_INTEG_PROT, 23193028Sjake GSS_MO_MA 232131952Smarcel }, 233131952Smarcel { 234131952Smarcel GSS_C_MA_CONF_PROT, 235131952Smarcel GSS_MO_MA 236131952Smarcel }, 237131952Smarcel { 238160312Sjhb GSS_C_MA_MIC, 239131952Smarcel GSS_MO_MA 240131952Smarcel }, 241131952Smarcel { 242131952Smarcel GSS_C_MA_WRAP, 243131952Smarcel GSS_MO_MA 24493028Sjake }, 245131952Smarcel { 246131952Smarcel GSS_C_MA_PROT_READY, 247131952Smarcel GSS_MO_MA 248131952Smarcel }, 249131952Smarcel { 250131952Smarcel GSS_C_MA_REPLAY_DET, 251131952Smarcel GSS_MO_MA 252131952Smarcel }, 253131952Smarcel { 254131952Smarcel GSS_C_MA_OOS_DET, 255131952Smarcel GSS_MO_MA 256131952Smarcel }, 257155839Smarius { 258155839Smarius GSS_C_MA_CBINDINGS, 259155839Smarius GSS_MO_MA 260155839Smarius }, 261131952Smarcel { 262131952Smarcel GSS_C_MA_PFS, 263131952Smarcel GSS_MO_MA 264160312Sjhb }, 265131952Smarcel { 266131952Smarcel GSS_C_MA_CTX_TRANS, 267131952Smarcel GSS_MO_MA 268131952Smarcel } 269131952Smarcel}; 27093028Sjake 27193028Sjake/* 272131952Smarcel * 27393028Sjake */ 274103646Sjhb 275103646Sjhbstatic gssapi_mech_interface_desc krb5_mech = { 276131952Smarcel GMI_VERSION, 277131952Smarcel "kerberos 5", 278131952Smarcel {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }, 279184376Smarius 0, 280184376Smarius _gsskrb5_acquire_cred, 281131952Smarcel _gsskrb5_release_cred, 282131952Smarcel _gsskrb5_init_sec_context, 283131952Smarcel _gsskrb5_accept_sec_context, 284131952Smarcel _gsskrb5_process_context_token, 285131952Smarcel _gsskrb5_delete_sec_context, 286131952Smarcel _gsskrb5_context_time, 287131952Smarcel _gsskrb5_get_mic, 288131952Smarcel _gsskrb5_verify_mic, 289184376Smarius _gsskrb5_wrap, 290184376Smarius _gsskrb5_unwrap, 291131952Smarcel _gsskrb5_display_status, 292 _gsskrb5_indicate_mechs, 293 _gsskrb5_compare_name, 294 _gsskrb5_display_name, 295 _gsskrb5_import_name, 296 _gsskrb5_export_name, 297 _gsskrb5_release_name, 298 _gsskrb5_inquire_cred, 299 _gsskrb5_inquire_context, 300 _gsskrb5_wrap_size_limit, 301 _gsskrb5_add_cred, 302 _gsskrb5_inquire_cred_by_mech, 303 _gsskrb5_export_sec_context, 304 _gsskrb5_import_sec_context, 305 _gsskrb5_inquire_names_for_mech, 306 _gsskrb5_inquire_mechs_for_name, 307 _gsskrb5_canonicalize_name, 308 _gsskrb5_duplicate_name, 309 _gsskrb5_inquire_sec_context_by_oid, 310 _gsskrb5_inquire_cred_by_oid, 311 _gsskrb5_set_sec_context_option, 312 _gsskrb5_set_cred_option, 313 _gsskrb5_pseudo_random, 314 _gk_wrap_iov, 315 _gk_unwrap_iov, 316 _gk_wrap_iov_length, 317 _gsskrb5_store_cred, 318 _gsskrb5_export_cred, 319 _gsskrb5_import_cred, 320 NULL, 321 NULL, 322 NULL, 323 NULL, 324 NULL, 325 NULL, 326 NULL, 327 krb5_mo, 328 sizeof(krb5_mo) / sizeof(krb5_mo[0]) 329}; 330 331gssapi_mech_interface 332__gss_krb5_initialize(void) 333{ 334 return &krb5_mech; 335} 336