1/* $NetBSD: external.c,v 1.2 2017/01/28 21:31:46 christos Exp $ */ 2 3/* 4 * Copyright (c) 1997 - 2000 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36#include "gsskrb5_locl.h" 37#include <gssapi_mech.h> 38 39/* 40 * The implementation must reserve static storage for a 41 * gss_OID_desc object containing the value 42 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 43 * "\x01\x02\x01\x01"}, 44 * corresponding to an object-identifier value of 45 * {iso(1) member-body(2) United States(840) mit(113554) 46 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant 47 * GSS_C_NT_USER_NAME should be initialized to point 48 * to that gss_OID_desc. 49 */ 50 51gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc = 52 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")}; 53 54/* 55 * The implementation must reserve static storage for a 56 * gss_OID_desc object containing the value 57 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 58 * "\x01\x02\x01\x02"}, 59 * corresponding to an object-identifier value of 60 * {iso(1) member-body(2) United States(840) mit(113554) 61 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. 62 * The constant GSS_C_NT_MACHINE_UID_NAME should be 63 * initialized to point to that gss_OID_desc. 64 */ 65 66gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc = 67 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")}; 68 69/* 70 * The implementation must reserve static storage for a 71 * gss_OID_desc object containing the value 72 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 73 * "\x01\x02\x01\x03"}, 74 * corresponding to an object-identifier value of 75 * {iso(1) member-body(2) United States(840) mit(113554) 76 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. 77 * The constant GSS_C_NT_STRING_UID_NAME should be 78 * initialized to point to that gss_OID_desc. 79 */ 80 81gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc = 82 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")}; 83 84/* 85 * The implementation must reserve static storage for a 86 * gss_OID_desc object containing the value 87 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, 88 * corresponding to an object-identifier value of 89 * {iso(1) org(3) dod(6) internet(1) security(5) 90 * nametypes(6) gss-host-based-services(2)). The constant 91 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point 92 * to that gss_OID_desc. This is a deprecated OID value, and 93 * implementations wishing to support hostbased-service names 94 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, 95 * defined below, to identify such names; 96 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym 97 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input 98 * parameter, but should not be emitted by GSS-API 99 * implementations 100 */ 101 102gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc = 103 {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")}; 104 105/* 106 * The implementation must reserve static storage for a 107 * gss_OID_desc object containing the value 108 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" 109 * "\x01\x02\x01\x04"}, corresponding to an 110 * object-identifier value of {iso(1) member-body(2) 111 * Unites States(840) mit(113554) infosys(1) gssapi(2) 112 * generic(1) service_name(4)}. The constant 113 * GSS_C_NT_HOSTBASED_SERVICE should be initialized 114 * to point to that gss_OID_desc. 115 */ 116gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc = 117 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")}; 118 119/* 120 * The implementation must reserve static storage for a 121 * gss_OID_desc object containing the value 122 * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, 123 * corresponding to an object identifier value of 124 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 125 * 6(nametypes), 3(gss-anonymous-name)}. The constant 126 * and GSS_C_NT_ANONYMOUS should be initialized to point 127 * to that gss_OID_desc. 128 */ 129 130gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc = 131 {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")}; 132 133/* 134 * The implementation must reserve static storage for a 135 * gss_OID_desc object containing the value 136 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, 137 * corresponding to an object-identifier value of 138 * {1(iso), 3(org), 6(dod), 1(internet), 5(security), 139 * 6(nametypes), 4(gss-api-exported-name)}. The constant 140 * GSS_C_NT_EXPORT_NAME should be initialized to point 141 * to that gss_OID_desc. 142 */ 143 144gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc = 145 {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") }; 146 147/* 148 * This name form shall be represented by the Object Identifier {iso(1) 149 * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) 150 * krb5(2) krb5_name(1)}. The recommended symbolic name for this type 151 * is "GSS_KRB5_NT_PRINCIPAL_NAME". 152 */ 153 154gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc = 155 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") }; 156 157/* 158 * draft-ietf-cat-iakerb-09, IAKERB: 159 * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance 160 * with the mechanism proposed by SPNEGO [7] for negotiating protocol 161 * variations, is: {iso(1) org(3) dod(6) internet(1) security(5) 162 * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed 163 * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in 164 * accordance with the mechanism proposed by SPNEGO for negotiating 165 * protocol variations, is: {iso(1) org(3) dod(6) internet(1) 166 * security(5) mechanisms(5) iakerb(10) 167 * iakerbMinimumMessagesProtocol(2)}. 168 */ 169 170gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_proxy_mechanism_oid_desc = 171 {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")}; 172 173gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc = 174 {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") }; 175 176/* 177 * Context for krb5 calls. 178 */ 179 180static gss_mo_desc krb5_mo[] = { 181 { 182 GSS_C_MA_SASL_MECH_NAME, 183 GSS_MO_MA, 184 "SASL mech name", 185 rk_UNCONST("GS2-KRB5"), 186 _gss_mo_get_ctx_as_string, 187 NULL 188 }, 189 { 190 GSS_C_MA_MECH_NAME, 191 GSS_MO_MA, 192 "Mechanism name", 193 rk_UNCONST("KRB5"), 194 _gss_mo_get_ctx_as_string, 195 NULL 196 }, 197 { 198 GSS_C_MA_MECH_DESCRIPTION, 199 GSS_MO_MA, 200 "Mechanism description", 201 rk_UNCONST("Heimdal Kerberos 5 mech"), 202 _gss_mo_get_ctx_as_string, 203 NULL 204 }, 205 { 206 GSS_C_MA_MECH_CONCRETE, 207 GSS_MO_MA, 208 NULL, 209 NULL, 210 NULL, 211 NULL 212 }, 213 { 214 GSS_C_MA_ITOK_FRAMED, 215 GSS_MO_MA, 216 NULL, 217 NULL, 218 NULL, 219 NULL 220 }, 221 { 222 GSS_C_MA_AUTH_INIT, 223 GSS_MO_MA, 224 NULL, 225 NULL, 226 NULL, 227 NULL 228 }, 229 { 230 GSS_C_MA_AUTH_TARG, 231 GSS_MO_MA, 232 NULL, 233 NULL, 234 NULL, 235 NULL 236 }, 237 { 238 GSS_C_MA_AUTH_INIT_ANON, 239 GSS_MO_MA, 240 NULL, 241 NULL, 242 NULL, 243 NULL 244 }, 245 { 246 GSS_C_MA_DELEG_CRED, 247 GSS_MO_MA, 248 NULL, 249 NULL, 250 NULL, 251 NULL 252 }, 253 { 254 GSS_C_MA_INTEG_PROT, 255 GSS_MO_MA, 256 NULL, 257 NULL, 258 NULL, 259 NULL 260 }, 261 { 262 GSS_C_MA_CONF_PROT, 263 GSS_MO_MA, 264 NULL, 265 NULL, 266 NULL, 267 NULL 268 }, 269 { 270 GSS_C_MA_MIC, 271 GSS_MO_MA, 272 NULL, 273 NULL, 274 NULL, 275 NULL 276 }, 277 { 278 GSS_C_MA_WRAP, 279 GSS_MO_MA, 280 NULL, 281 NULL, 282 NULL, 283 NULL 284 }, 285 { 286 GSS_C_MA_PROT_READY, 287 GSS_MO_MA, 288 NULL, 289 NULL, 290 NULL, 291 NULL 292 }, 293 { 294 GSS_C_MA_REPLAY_DET, 295 GSS_MO_MA, 296 NULL, 297 NULL, 298 NULL, 299 NULL 300 }, 301 { 302 GSS_C_MA_OOS_DET, 303 GSS_MO_MA, 304 NULL, 305 NULL, 306 NULL, 307 NULL 308 }, 309 { 310 GSS_C_MA_CBINDINGS, 311 GSS_MO_MA, 312 NULL, 313 NULL, 314 NULL, 315 NULL 316 }, 317 { 318 GSS_C_MA_PFS, 319 GSS_MO_MA, 320 NULL, 321 NULL, 322 NULL, 323 NULL 324 }, 325 { 326 GSS_C_MA_CTX_TRANS, 327 GSS_MO_MA, 328 NULL, 329 NULL, 330 NULL, 331 NULL 332 } 333}; 334 335/* 336 * 337 */ 338 339static gssapi_mech_interface_desc krb5_mech = { 340 GMI_VERSION, 341 "kerberos 5", 342 {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }, 343 0, 344 _gsskrb5_acquire_cred, 345 _gsskrb5_release_cred, 346 _gsskrb5_init_sec_context, 347 _gsskrb5_accept_sec_context, 348 _gsskrb5_process_context_token, 349 _gsskrb5_delete_sec_context, 350 _gsskrb5_context_time, 351 _gsskrb5_get_mic, 352 _gsskrb5_verify_mic, 353 _gsskrb5_wrap, 354 _gsskrb5_unwrap, 355 _gsskrb5_display_status, 356 _gsskrb5_indicate_mechs, 357 _gsskrb5_compare_name, 358 _gsskrb5_display_name, 359 _gsskrb5_import_name, 360 _gsskrb5_export_name, 361 _gsskrb5_release_name, 362 _gsskrb5_inquire_cred, 363 _gsskrb5_inquire_context, 364 _gsskrb5_wrap_size_limit, 365 _gsskrb5_add_cred, 366 _gsskrb5_inquire_cred_by_mech, 367 _gsskrb5_export_sec_context, 368 _gsskrb5_import_sec_context, 369 _gsskrb5_inquire_names_for_mech, 370 _gsskrb5_inquire_mechs_for_name, 371 _gsskrb5_canonicalize_name, 372 _gsskrb5_duplicate_name, 373 _gsskrb5_inquire_sec_context_by_oid, 374 _gsskrb5_inquire_cred_by_oid, 375 _gsskrb5_set_sec_context_option, 376 _gsskrb5_set_cred_option, 377 _gsskrb5_pseudo_random, 378 _gk_wrap_iov, 379 _gk_unwrap_iov, 380 _gk_wrap_iov_length, 381 _gsskrb5_store_cred, 382 _gsskrb5_export_cred, 383 _gsskrb5_import_cred, 384 _gsskrb5_acquire_cred_ext, 385 NULL, 386 NULL, 387 NULL, 388 NULL, 389 NULL, 390 NULL, 391 krb5_mo, 392 sizeof(krb5_mo) / sizeof(krb5_mo[0]), 393 _gsskrb5_localname, 394 _gsskrb5_authorize_localname, 395 NULL, 396 NULL, 397 NULL, 398 NULL, 399 NULL, 400 NULL, 401 NULL 402}; 403 404gssapi_mech_interface 405__gss_krb5_initialize(void) 406{ 407 return &krb5_mech; 408} 409