1/*	$NetBSD: external.c,v 1.2 2017/01/28 21:31:46 christos Exp $	*/
2
3/*
4 * Copyright (c) 1997 - 2000 Kungliga Tekniska H��gskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 *    may be used to endorse or promote products derived from this software
21 *    without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36#include "gsskrb5_locl.h"
37#include <gssapi_mech.h>
38
39/*
40 * The implementation must reserve static storage for a
41 * gss_OID_desc object containing the value
42 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
43 *              "\x01\x02\x01\x01"},
44 * corresponding to an object-identifier value of
45 * {iso(1) member-body(2) United States(840) mit(113554)
46 *  infosys(1) gssapi(2) generic(1) user_name(1)}.  The constant
47 * GSS_C_NT_USER_NAME should be initialized to point
48 * to that gss_OID_desc.
49 */
50
51gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_user_name_oid_desc =
52    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
53
54/*
55 * The implementation must reserve static storage for a
56 * gss_OID_desc object containing the value
57 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
58 *              "\x01\x02\x01\x02"},
59 * corresponding to an object-identifier value of
60 * {iso(1) member-body(2) United States(840) mit(113554)
61 *  infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
62 * The constant GSS_C_NT_MACHINE_UID_NAME should be
63 * initialized to point to that gss_OID_desc.
64 */
65
66gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_machine_uid_name_oid_desc =
67    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
68
69/*
70 * The implementation must reserve static storage for a
71 * gss_OID_desc object containing the value
72 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
73 *              "\x01\x02\x01\x03"},
74 * corresponding to an object-identifier value of
75 * {iso(1) member-body(2) United States(840) mit(113554)
76 *  infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
77 * The constant GSS_C_NT_STRING_UID_NAME should be
78 * initialized to point to that gss_OID_desc.
79 */
80
81gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_string_uid_name_oid_desc =
82    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
83
84/*
85 * The implementation must reserve static storage for a
86 * gss_OID_desc object containing the value
87 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
88 * corresponding to an object-identifier value of
89 * {iso(1) org(3) dod(6) internet(1) security(5)
90 * nametypes(6) gss-host-based-services(2)).  The constant
91 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
92 * to that gss_OID_desc.  This is a deprecated OID value, and
93 * implementations wishing to support hostbased-service names
94 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
95 * defined below, to identify such names;
96 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
97 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
98 * parameter, but should not be emitted by GSS-API
99 * implementations
100 */
101
102gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_x_oid_desc =
103    {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
104
105/*
106 * The implementation must reserve static storage for a
107 * gss_OID_desc object containing the value
108 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
109 *              "\x01\x02\x01\x04"}, corresponding to an
110 * object-identifier value of {iso(1) member-body(2)
111 * Unites States(840) mit(113554) infosys(1) gssapi(2)
112 * generic(1) service_name(4)}.  The constant
113 * GSS_C_NT_HOSTBASED_SERVICE should be initialized
114 * to point to that gss_OID_desc.
115 */
116gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_hostbased_service_oid_desc =
117    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
118
119/*
120 * The implementation must reserve static storage for a
121 * gss_OID_desc object containing the value
122 * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
123 * corresponding to an object identifier value of
124 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
125 * 6(nametypes), 3(gss-anonymous-name)}.  The constant
126 * and GSS_C_NT_ANONYMOUS should be initialized to point
127 * to that gss_OID_desc.
128 */
129
130gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_anonymous_oid_desc =
131    {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
132
133/*
134 * The implementation must reserve static storage for a
135 * gss_OID_desc object containing the value
136 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
137 * corresponding to an object-identifier value of
138 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
139 * 6(nametypes), 4(gss-api-exported-name)}.  The constant
140 * GSS_C_NT_EXPORT_NAME should be initialized to point
141 * to that gss_OID_desc.
142 */
143
144gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_export_name_oid_desc =
145    {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
146
147/*
148 *   This name form shall be represented by the Object Identifier {iso(1)
149 *   member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
150 *   krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
151 *   is "GSS_KRB5_NT_PRINCIPAL_NAME".
152 */
153
154gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_oid_desc =
155    {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
156
157/*
158 * draft-ietf-cat-iakerb-09, IAKERB:
159 *   The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
160 *   with the mechanism proposed by SPNEGO [7] for negotiating protocol
161 *   variations, is:  {iso(1) org(3) dod(6) internet(1) security(5)
162 *   mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}.  The proposed
163 *   mechanism ID for IAKERB minimum messages GSS-API Kerberos, in
164 *   accordance with the mechanism proposed by SPNEGO for negotiating
165 *   protocol variations, is: {iso(1) org(3) dod(6) internet(1)
166 *   security(5) mechanisms(5) iakerb(10)
167 *   iakerbMinimumMessagesProtocol(2)}.
168 */
169
170gss_OID_desc GSSAPI_LIB_VARIABLE  __gss_iakerb_proxy_mechanism_oid_desc =
171    {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
172
173gss_OID_desc GSSAPI_LIB_VARIABLE __gss_iakerb_min_msg_mechanism_oid_desc =
174    {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
175
176/*
177 * Context for krb5 calls.
178 */
179
180static gss_mo_desc krb5_mo[] = {
181    {
182	GSS_C_MA_SASL_MECH_NAME,
183	GSS_MO_MA,
184	"SASL mech name",
185	rk_UNCONST("GS2-KRB5"),
186	_gss_mo_get_ctx_as_string,
187	NULL
188    },
189    {
190	GSS_C_MA_MECH_NAME,
191	GSS_MO_MA,
192	"Mechanism name",
193	rk_UNCONST("KRB5"),
194	_gss_mo_get_ctx_as_string,
195	NULL
196    },
197    {
198	GSS_C_MA_MECH_DESCRIPTION,
199	GSS_MO_MA,
200	"Mechanism description",
201	rk_UNCONST("Heimdal Kerberos 5 mech"),
202	_gss_mo_get_ctx_as_string,
203	NULL
204    },
205    {
206	GSS_C_MA_MECH_CONCRETE,
207	GSS_MO_MA,
208	NULL,
209	NULL,
210	NULL,
211	NULL
212    },
213    {
214	GSS_C_MA_ITOK_FRAMED,
215	GSS_MO_MA,
216	NULL,
217	NULL,
218	NULL,
219	NULL
220    },
221    {
222	GSS_C_MA_AUTH_INIT,
223	GSS_MO_MA,
224	NULL,
225	NULL,
226	NULL,
227	NULL
228    },
229    {
230	GSS_C_MA_AUTH_TARG,
231	GSS_MO_MA,
232	NULL,
233	NULL,
234	NULL,
235	NULL
236    },
237    {
238	GSS_C_MA_AUTH_INIT_ANON,
239	GSS_MO_MA,
240	NULL,
241	NULL,
242	NULL,
243	NULL
244    },
245    {
246	GSS_C_MA_DELEG_CRED,
247	GSS_MO_MA,
248	NULL,
249	NULL,
250	NULL,
251	NULL
252    },
253    {
254	GSS_C_MA_INTEG_PROT,
255	GSS_MO_MA,
256	NULL,
257	NULL,
258	NULL,
259	NULL
260    },
261    {
262	GSS_C_MA_CONF_PROT,
263	GSS_MO_MA,
264	NULL,
265	NULL,
266	NULL,
267	NULL
268    },
269    {
270	GSS_C_MA_MIC,
271	GSS_MO_MA,
272	NULL,
273	NULL,
274	NULL,
275	NULL
276    },
277    {
278	GSS_C_MA_WRAP,
279	GSS_MO_MA,
280	NULL,
281	NULL,
282	NULL,
283	NULL
284    },
285    {
286	GSS_C_MA_PROT_READY,
287	GSS_MO_MA,
288	NULL,
289	NULL,
290	NULL,
291	NULL
292    },
293    {
294	GSS_C_MA_REPLAY_DET,
295	GSS_MO_MA,
296	NULL,
297	NULL,
298	NULL,
299	NULL
300    },
301    {
302	GSS_C_MA_OOS_DET,
303	GSS_MO_MA,
304	NULL,
305	NULL,
306	NULL,
307	NULL
308    },
309    {
310	GSS_C_MA_CBINDINGS,
311	GSS_MO_MA,
312	NULL,
313	NULL,
314	NULL,
315	NULL
316    },
317    {
318	GSS_C_MA_PFS,
319	GSS_MO_MA,
320	NULL,
321	NULL,
322	NULL,
323	NULL
324    },
325    {
326	GSS_C_MA_CTX_TRANS,
327	GSS_MO_MA,
328	NULL,
329	NULL,
330	NULL,
331	NULL
332    }
333};
334
335/*
336 *
337 */
338
339static gssapi_mech_interface_desc krb5_mech = {
340    GMI_VERSION,
341    "kerberos 5",
342    {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
343    0,
344    _gsskrb5_acquire_cred,
345    _gsskrb5_release_cred,
346    _gsskrb5_init_sec_context,
347    _gsskrb5_accept_sec_context,
348    _gsskrb5_process_context_token,
349    _gsskrb5_delete_sec_context,
350    _gsskrb5_context_time,
351    _gsskrb5_get_mic,
352    _gsskrb5_verify_mic,
353    _gsskrb5_wrap,
354    _gsskrb5_unwrap,
355    _gsskrb5_display_status,
356    _gsskrb5_indicate_mechs,
357    _gsskrb5_compare_name,
358    _gsskrb5_display_name,
359    _gsskrb5_import_name,
360    _gsskrb5_export_name,
361    _gsskrb5_release_name,
362    _gsskrb5_inquire_cred,
363    _gsskrb5_inquire_context,
364    _gsskrb5_wrap_size_limit,
365    _gsskrb5_add_cred,
366    _gsskrb5_inquire_cred_by_mech,
367    _gsskrb5_export_sec_context,
368    _gsskrb5_import_sec_context,
369    _gsskrb5_inquire_names_for_mech,
370    _gsskrb5_inquire_mechs_for_name,
371    _gsskrb5_canonicalize_name,
372    _gsskrb5_duplicate_name,
373    _gsskrb5_inquire_sec_context_by_oid,
374    _gsskrb5_inquire_cred_by_oid,
375    _gsskrb5_set_sec_context_option,
376    _gsskrb5_set_cred_option,
377    _gsskrb5_pseudo_random,
378    _gk_wrap_iov,
379    _gk_unwrap_iov,
380    _gk_wrap_iov_length,
381    _gsskrb5_store_cred,
382    _gsskrb5_export_cred,
383    _gsskrb5_import_cred,
384    _gsskrb5_acquire_cred_ext,
385    NULL,
386    NULL,
387    NULL,
388    NULL,
389    NULL,
390    NULL,
391    krb5_mo,
392    sizeof(krb5_mo) / sizeof(krb5_mo[0]),
393    _gsskrb5_localname,
394    _gsskrb5_authorize_localname,
395    NULL,
396    NULL,
397    NULL,
398    NULL,
399    NULL,
400    NULL,
401    NULL
402};
403
404gssapi_mech_interface
405__gss_krb5_initialize(void)
406{
407    return &krb5_mech;
408}
409