/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and * that both that copyright notice and this permission notice appear in * supporting documentation, and that the name of OpenVision not be used * in advertising or publicity pertaining to distribution of the software * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ /* * $Id$ */ #include "gssapiP_generic.h" /* * See krb5/gssapi_krb5.c for a description of the algorithm for * encoding an object identifier. */ /* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. */ #define oids ((gss_OID_desc *)const_oids) static const gss_OID_desc const_oids[] = { /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, /* corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant * GSS_C_NT_USER_NAME should be initialized to point * to that gss_OID_desc. */ /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, /* corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. * The constant GSS_C_NT_MACHINE_UID_NAME should be * initialized to point to that gss_OID_desc. */ /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, /* corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. * The constant GSS_C_NT_STRING_UID_NAME should be * initialized to point to that gss_OID_desc. */ /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, /* corresponding to an object-identifier value of * {iso(1) org(3) dod(6) internet(1) security(5) * nametypes(6) gss-host-based-services(2)). The constant * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point * to that gss_OID_desc. This is a deprecated OID value, and * implementations wishing to support hostbased-service names * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, * defined below, to identify such names; * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input * parameter, but should not be emitted by GSS-API * implementations */ /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"}, /* corresponding to an object-identifier value of * {iso(1) member-body(2) Unites States(840) mit(113554) * infosys(1) gssapi(2) generic(1) service_name(4)}. * The constant GSS_C_NT_HOSTBASED_SERVICE should be * initialized to point to that gss_OID_desc. */ /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ {6, (void *)"\x2b\x06\01\x05\x06\x03"}, /* corresponding to an object identifier value of * {1(iso), 3(org), 6(dod), 1(internet), 5(security), * 6(nametypes), 3(gss-anonymous-name)}. The constant * and GSS_C_NT_ANONYMOUS should be initialized to point * to that gss_OID_desc. */ /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, /* corresponding to an object-identifier value of * {1(iso), 3(org), 6(dod), 1(internet), 5(security), * 6(nametypes), 4(gss-api-exported-name)}. The constant * GSS_C_NT_EXPORT_NAME should be initialized to point * to that gss_OID_desc. */ {6, (void *)"\x2b\x06\x01\x05\x06\x06"}, /* corresponding to an object-identifier value of * {1(iso), 3(org), 6(dod), 1(internet), 5(security), * 6(nametypes), 6(gss-composite-export)}. The constant * GSS_C_NT_COMPOSITE_EXPORT should be initialized to point * to that gss_OID_desc. */ /* GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5 */ {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"}, /* GSS_C_INQ_NEGOEX_KEY 1.2.840.113554.1.2.2.5.16 */ {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x10"}, /* GSS_C_INQ_NEGOEX_VERIFY_KEY 1.2.840.113554.1.2.2.5.17 */ {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x11"}, /* RFC 5587 attributes, see below */ {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x01"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x02"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x03"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x04"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x05"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x06"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x07"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x08"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x09"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0a"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0b"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0c"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0d"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0e"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0f"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x10"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x11"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x12"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x13"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x14"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x15"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x16"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x17"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x18"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x19"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1a"}, {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1b"}, /* GSS_C_MA_NEGOEX_AND_SPNEGO 1.2.840.113554.1.2.2.5.18 */ {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x12"}, /* * GSS_SEC_CONTEXT_SASL_SSF_OID 1.2.840.113554.1.2.2.5.15 * iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) krb5(2) krb5-gssapi-ext(5) sasl-ssf(15) */ {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0f"}, }; /* Here are the constants which point to the static structure above. * * Constants of the form GSS_C_NT_* are specified by rfc 2744. * * Constants of the form gss_nt_* are the original MIT krb5 names * found in gssapi_generic.h. They are provided for compatibility. */ GSS_DLLIMP gss_OID GSS_C_NT_USER_NAME = oids+0; GSS_DLLIMP gss_OID gss_nt_user_name = oids+0; GSS_DLLIMP gss_OID GSS_C_NT_MACHINE_UID_NAME = oids+1; GSS_DLLIMP gss_OID gss_nt_machine_uid_name = oids+1; GSS_DLLIMP gss_OID GSS_C_NT_STRING_UID_NAME = oids+2; GSS_DLLIMP gss_OID gss_nt_string_uid_name = oids+2; GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3; gss_OID gss_nt_service_name_v2 = oids+3; GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE = oids+4; GSS_DLLIMP gss_OID gss_nt_service_name = oids+4; GSS_DLLIMP gss_OID GSS_C_NT_ANONYMOUS = oids+5; GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME = oids+6; gss_OID gss_nt_exported_name = oids+6; GSS_DLLIMP gss_OID GSS_C_NT_COMPOSITE_EXPORT = oids+7; GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY = oids+8; GSS_DLLIMP gss_OID GSS_C_INQ_NEGOEX_KEY = oids+9; GSS_DLLIMP gss_OID GSS_C_INQ_NEGOEX_VERIFY_KEY = oids+10; GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_CONCRETE = oids+11; GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_PSEUDO = oids+12; GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_COMPOSITE = oids+13; GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_NEGO = oids+14; GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_GLUE = oids+15; GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_MECH = oids+16; GSS_DLLIMP gss_const_OID GSS_C_MA_DEPRECATED = oids+17; GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_DFLT_MECH = oids+18; GSS_DLLIMP gss_const_OID GSS_C_MA_ITOK_FRAMED = oids+19; GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT = oids+20; GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG = oids+21; GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_INIT = oids+22; GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_INIT = oids+23; GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_ANON = oids+24; GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_ANON = oids+25; GSS_DLLIMP gss_const_OID GSS_C_MA_DELEG_CRED = oids+26; GSS_DLLIMP gss_const_OID GSS_C_MA_INTEG_PROT = oids+27; GSS_DLLIMP gss_const_OID GSS_C_MA_CONF_PROT = oids+28; GSS_DLLIMP gss_const_OID GSS_C_MA_MIC = oids+29; GSS_DLLIMP gss_const_OID GSS_C_MA_WRAP = oids+30; GSS_DLLIMP gss_const_OID GSS_C_MA_PROT_READY = oids+31; GSS_DLLIMP gss_const_OID GSS_C_MA_REPLAY_DET = oids+32; GSS_DLLIMP gss_const_OID GSS_C_MA_OOS_DET = oids+33; GSS_DLLIMP gss_const_OID GSS_C_MA_CBINDINGS = oids+34; GSS_DLLIMP gss_const_OID GSS_C_MA_PFS = oids+35; GSS_DLLIMP gss_const_OID GSS_C_MA_COMPRESS = oids+36; GSS_DLLIMP gss_const_OID GSS_C_MA_CTX_TRANS = oids+37; GSS_DLLIMP gss_const_OID GSS_C_MA_NEGOEX_AND_SPNEGO = oids+38; GSS_DLLIMP gss_OID GSS_C_SEC_CONTEXT_SASL_SSF = oids+39; static gss_OID_set_desc gss_ma_known_attrs_desc = { 28, oids+11 }; gss_OID_set gss_ma_known_attrs = &gss_ma_known_attrs_desc; static struct mech_attr_info_desc { gss_OID mech_attr; const char *name; const char *short_desc; const char *long_desc; } mech_attr_info[] = { { oids+11, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Mechanism is neither a pseudo-mechanism nor a composite mechanism.", }, { oids+12, "GSS_C_MA_MECH_PSEUDO", "pseudo-mech", "Mechanism is a pseudo-mechanism.", }, { oids+13, "GSS_C_MA_MECH_COMPOSITE", "composite-mech", "Mechanism is a composite of other mechanisms.", }, { oids+14, "GSS_C_MA_MECH_NEGO", "mech-negotiation-mech", "Mechanism negotiates other mechanisms.", }, { oids+15, "GSS_C_MA_MECH_GLUE", "mech-glue", "OID is not a mechanism but the GSS-API itself.", }, { oids+16, "GSS_C_MA_NOT_MECH", "not-mech", "Known OID but not a mechanism OID.", }, { oids+17, "GSS_C_MA_DEPRECATED", "mech-deprecated", "Mechanism is deprecated.", }, { oids+18, "GSS_C_MA_NOT_DFLT_MECH", "mech-not-default", "Mechanism must not be used as a default mechanism.", }, { oids+19, "GSS_C_MA_ITOK_FRAMED", "initial-is-framed", "Mechanism's initial contexts are properly framed.", }, { oids+20, "GSS_C_MA_AUTH_INIT", "auth-init-princ", "Mechanism supports authentication of initiator to acceptor.", }, { oids+21, "GSS_C_MA_AUTH_TARG", "auth-targ-princ", "Mechanism supports authentication of acceptor to initiator.", }, { oids+22, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "Mechanism supports authentication of initiator using " "initial credentials.", }, { oids+23, "GSS_C_MA_AUTH_TARG_INIT", "auth-target-princ-initial", "Mechanism supports authentication of acceptor using " "initial credentials.", }, { oids+24, "GSS_C_MA_AUTH_INIT_ANON", "auth-init-princ-anon", "Mechanism supports GSS_C_NT_ANONYMOUS as an initiator name.", }, { oids+25, "GSS_C_MA_AUTH_TARG_ANON", "auth-targ-princ-anon", "Mechanism supports GSS_C_NT_ANONYMOUS as an acceptor name.", }, { oids+26, "GSS_C_MA_DELEG_CRED", "deleg-cred", "Mechanism supports credential delegation.", }, { oids+27, "GSS_C_MA_INTEG_PROT", "integ-prot", "Mechanism supports per-message integrity protection.", }, { oids+28, "GSS_C_MA_CONF_PROT", "conf-prot", "Mechanism supports per-message confidentiality protection.", }, { oids+29, "GSS_C_MA_MIC", "mic", "Mechanism supports Message Integrity Code (MIC) tokens.", }, { oids+30, "GSS_C_MA_WRAP", "wrap", "Mechanism supports wrap tokens.", }, { oids+31, "GSS_C_MA_PROT_READY", "prot-ready", "Mechanism supports per-message proteciton prior to " "full context establishment.", }, { oids+32, "GSS_C_MA_REPLAY_DET", "replay-detection", "Mechanism supports replay detection.", }, { oids+33, "GSS_C_MA_OOS_DET", "oos-detection", "Mechanism supports out-of-sequence detection.", }, { oids+34, "GSS_C_MA_CBINDINGS", "channel-bindings", "Mechanism supports channel bindings.", }, { oids+35, "GSS_C_MA_PFS", "pfs", "Mechanism supports Perfect Forward Security.", }, { oids+36, "GSS_C_MA_COMPRESS", "compress", "Mechanism supports compression of data inputs to gss_wrap().", }, { oids+37, "GSS_C_MA_CTX_TRANS", "context-transfer", "Mechanism supports security context export/import.", }, { oids+38, "GSS_C_MA_NEGOEX_AND_SPNEGO", "negoex-only", "NegoEx mechanism should also be negotiable through SPNEGO.", }, }; OM_uint32 generic_gss_display_mech_attr( OM_uint32 *minor_status, gss_const_OID mech_attr, gss_buffer_t name, gss_buffer_t short_desc, gss_buffer_t long_desc) { size_t i; if (minor_status != NULL) *minor_status = 0; if (name != GSS_C_NO_BUFFER) { name->length = 0; name->value = NULL; } if (short_desc != GSS_C_NO_BUFFER) { short_desc->length = 0; short_desc->value = NULL; } if (long_desc != GSS_C_NO_BUFFER) { long_desc->length = 0; long_desc->value = NULL; } if (minor_status == NULL) return GSS_S_CALL_INACCESSIBLE_WRITE; for (i = 0; i < sizeof(mech_attr_info)/sizeof(mech_attr_info[0]); i++) { struct mech_attr_info_desc *mai = &mech_attr_info[i]; if (g_OID_equal(mech_attr, mai->mech_attr)) { if (name != GSS_C_NO_BUFFER && !g_make_string_buffer(mai->name, name)) { *minor_status = ENOMEM; return GSS_S_FAILURE; } if (short_desc != GSS_C_NO_BUFFER && !g_make_string_buffer(mai->short_desc, short_desc)) { *minor_status = ENOMEM; return GSS_S_FAILURE; } if (long_desc != GSS_C_NO_BUFFER && !g_make_string_buffer(mai->long_desc, long_desc)) { *minor_status = ENOMEM; return GSS_S_FAILURE; } return GSS_S_COMPLETE; } } return GSS_S_BAD_MECH_ATTR; } static gss_buffer_desc const_attrs[] = { { sizeof("local-login-user") - 1, "local-login-user" }, }; GSS_DLLIMP gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER = &const_attrs[0];