static int
internalizeOid(const gss_OID oid,
gss_OID *const pInternalizedOid)
{
int i;
*pInternalizedOid = GSS_C_NO_OID;
for (i = 0;
i < sizeof(gssEapMechOids) / sizeof(gssEapMechOids[0]);
i++) {
if (oidEqual(oid, &gssEapMechOids[i])) {
*pInternalizedOid = (const gss_OID)&gssEapMechOids[i];
break;
}
}
if (*pInternalizedOid == GSS_C_NO_OID) {
if (oidEqual(oid, GSS_EAP_NT_EAP_NAME))
*pInternalizedOid = (const gss_OID)GSS_EAP_NT_EAP_NAME;
}
if (*pInternalizedOid == GSS_C_NO_OID) {
*pInternalizedOid = oid;
return 0;
}
return 1;
}
int
gssEapIsMechanismOid(const gss_OID oid)
{
#ifdef MECH_EAP
return oid == GSS_C_NO_OID ||
oidEqual(oid, GSS_EAP_MECHANISM) ||
gssEapIsConcreteMechanismOid(oid);
#else
return oid == GSS_C_NO_OID ||
oidEqual(oid, GSS_SAMLEC_MECHANISM) ||
gssEapIsConcreteMechanismOid(oid);
#endif
}
gss_buffer_t
gssEapOidToSaslName(const gss_OID oid)
{
size_t i;
for (i = 1; i < sizeof(gssEapMechOids)/sizeof(gssEapMechOids[0]); i++) {
if (oidEqual(&gssEapMechOids[i], oid))
return &gssEapSaslMechs[i];
}
return GSS_C_NO_BUFFER;
}
OM_uint32
gssEapCanonicalizeOid(OM_uint32 *minor,
const gss_OID oid,
OM_uint32 flags,
gss_OID *pOid)
{
OM_uint32 major;
int mapToNull = 0;
major = GSS_S_COMPLETE;
*minor = 0;
*pOid = GSS_C_NULL_OID;
if (oid == GSS_C_NULL_OID) {
if ((flags & OID_FLAG_NULL_VALID) == 0) {
*minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
} else if (flags & OID_FLAG_MAP_NULL_TO_DEFAULT_MECH) {
return gssEapDefaultMech(minor, pOid);
} else {
mapToNull = 1;
}
#ifdef MECH_EAP
} else if (oidEqual(oid, GSS_EAP_MECHANISM)) {
if ((flags & OID_FLAG_FAMILY_MECH_VALID) == 0) {
*minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
} else if (flags & OID_FLAG_MAP_FAMILY_MECH_TO_NULL) {
mapToNull = 1;
}
#endif
} else if (!gssEapIsConcreteMechanismOid(oid)) {
*minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
}
if (!mapToNull) {
if (!internalizeOid(oid, pOid))
major = duplicateOid(minor, oid, pOid);
}
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_inquire_cred_by_oid(OM_uint32 *minor,
#ifdef HAVE_HEIMDAL_VERSION
gss_const_cred_id_t cred_handle,
#else
const gss_cred_id_t cred_handle,
#endif
const gss_OID desired_object GSSEAP_UNUSED,
gss_buffer_set_t *data_set)
{
OM_uint32 major;
#if 0
int i;
#endif
*data_set = GSS_C_NO_BUFFER_SET;
if (cred_handle == GSS_C_NO_CREDENTIAL) {
*minor = EINVAL;
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED;
}
GSSEAP_MUTEX_LOCK(&((gss_cred_id_t)cred_handle)->mutex);
major = GSS_S_UNAVAILABLE;
*minor = GSSEAP_BAD_CRED_OPTION;
#if 0
for (i = 0; i < sizeof(inquireCredOps) / sizeof(inquireCredOps[0]); i++) {
if (oidEqual(&inquireCredOps[i].oid, desired_object)) {
major = (*inquireCredOps[i].inquire)(minor, cred_handle,
desired_object, data_set);
break;
}
}
#endif
GSSEAP_MUTEX_UNLOCK(&((gss_cred_id_t)cred_handle)->mutex);
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_inquire_sec_context_by_oid(OM_uint32 *minor,
const gss_ctx_id_t ctx,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
OM_uint32 major;
int i;
*data_set = GSS_C_NO_BUFFER_SET;
GSSEAP_MUTEX_LOCK(&ctx->mutex);
#if 0
if (!CTX_IS_ESTABLISHED(ctx)) {
*minor = GSSEAP_CONTEXT_INCOMPLETE;
major = GSS_S_NO_CONTEXT;
goto cleanup;
}
#endif
major = GSS_S_UNAVAILABLE;
*minor = GSSEAP_BAD_CONTEXT_OPTION;
for (i = 0; i < sizeof(inquireCtxOps) / sizeof(inquireCtxOps[0]); i++) {
if (oidEqual(&inquireCtxOps[i].oid, desired_object)) {
major = (*inquireCtxOps[i].inquire)(minor, ctx,
desired_object, data_set);
break;
}
}
GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_inquire_attrs_for_mech(OM_uint32 *minor,
gss_const_OID mech_oid,
gss_OID_set *mech_attrs,
gss_OID_set *known_mech_attrs)
{
OM_uint32 major, tmpMinor;
if (mech_attrs != NULL)
*mech_attrs = GSS_C_NO_OID_SET;
if (known_mech_attrs != NULL)
*known_mech_attrs = GSS_C_NO_OID_SET;
if (!gssEapIsConcreteMechanismOid((const gss_OID)mech_oid)) {
*minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
}
if (mech_attrs != NULL) {
major = gss_create_empty_oid_set(minor, mech_attrs);
if (GSS_ERROR(major))
goto cleanup;
#ifdef HAVE_GSS_INQUIRE_ATTRS_FOR_MECH
if (oidEqual(mech_oid, GSS_EAP_MECHANISM))
MA_SUPPORTED(GSS_C_MA_MECH_PSEUDO);
else
MA_SUPPORTED(GSS_C_MA_MECH_CONCRETE);
MA_SUPPORTED(GSS_C_MA_ITOK_FRAMED);
MA_SUPPORTED(GSS_C_MA_AUTH_INIT);
MA_SUPPORTED(GSS_C_MA_AUTH_TARG);
MA_SUPPORTED(GSS_C_MA_AUTH_INIT_INIT);
MA_SUPPORTED(GSS_C_MA_INTEG_PROT);
MA_SUPPORTED(GSS_C_MA_CONF_PROT);
MA_SUPPORTED(GSS_C_MA_MIC);
MA_SUPPORTED(GSS_C_MA_WRAP);
MA_SUPPORTED(GSS_C_MA_REPLAY_DET);
MA_SUPPORTED(GSS_C_MA_OOS_DET);
MA_SUPPORTED(GSS_C_MA_CBINDINGS);
MA_SUPPORTED(GSS_C_MA_CTX_TRANS);
#endif
}
if (known_mech_attrs != NULL) {
major = gss_create_empty_oid_set(minor, known_mech_attrs);
if (GSS_ERROR(major))
goto cleanup;
#ifdef HAVE_GSS_INQUIRE_ATTRS_FOR_MECH
MA_KNOWN(GSS_C_MA_MECH_CONCRETE);
MA_KNOWN(GSS_C_MA_MECH_PSEUDO);
MA_KNOWN(GSS_C_MA_MECH_COMPOSITE);
MA_KNOWN(GSS_C_MA_MECH_NEGO);
MA_KNOWN(GSS_C_MA_MECH_GLUE);
MA_KNOWN(GSS_C_MA_NOT_MECH);
MA_KNOWN(GSS_C_MA_DEPRECATED);
MA_KNOWN(GSS_C_MA_NOT_DFLT_MECH);
MA_KNOWN(GSS_C_MA_ITOK_FRAMED);
MA_KNOWN(GSS_C_MA_AUTH_INIT);
MA_KNOWN(GSS_C_MA_AUTH_TARG);
MA_KNOWN(GSS_C_MA_AUTH_INIT_INIT);
MA_KNOWN(GSS_C_MA_AUTH_TARG_INIT);
MA_KNOWN(GSS_C_MA_AUTH_INIT_ANON);
MA_KNOWN(GSS_C_MA_AUTH_TARG_ANON);
MA_KNOWN(GSS_C_MA_DELEG_CRED);
MA_KNOWN(GSS_C_MA_INTEG_PROT);
MA_KNOWN(GSS_C_MA_CONF_PROT);
MA_KNOWN(GSS_C_MA_MIC);
MA_KNOWN(GSS_C_MA_WRAP);
MA_KNOWN(GSS_C_MA_PROT_READY);
MA_KNOWN(GSS_C_MA_REPLAY_DET);
MA_KNOWN(GSS_C_MA_OOS_DET);
MA_KNOWN(GSS_C_MA_CBINDINGS);
MA_KNOWN(GSS_C_MA_PFS);
MA_KNOWN(GSS_C_MA_COMPRESS);
MA_KNOWN(GSS_C_MA_CTX_TRANS);
#endif
}
major = GSS_S_COMPLETE;
*minor = 0;
cleanup:
if (GSS_ERROR(major)) {
gss_release_oid_set(&tmpMinor, mech_attrs);
gss_release_oid_set(&tmpMinor, known_mech_attrs);
}
return major;
}
