fsal_status_t fsal_internal_set_auth_gss(proxyfsal_op_context_t * p_thr_context) { #ifdef _USE_GSSRPC fsal_status_t fsal_status; struct rpc_gss_sec rpcsec_gss_data; gss_OID mechOid; char mechname[1024]; gss_buffer_desc mechgssbuff; OM_uint32 maj_stat, min_stat; /* Set up mechOid */ strcpy(mechname, "{ 1 2 840 113554 1 2 2 }"); mechgssbuff.value = mechname; mechgssbuff.length = strlen(mechgssbuff.value); LogFullDebug(COMPONENT_FSAL, "----> %p\n", p_thr_context->rpc_client); if((maj_stat = gss_str_to_oid(&min_stat, &mechgssbuff, &mechOid)) != GSS_S_COMPLETE) Return(ERR_FSAL_SEC, maj_stat, INDEX_FSAL_InitClientContext); /* Authentification avec RPCSEC_GSS */ rpcsec_gss_data.mech = mechOid; rpcsec_gss_data.qop = GSS_C_QOP_DEFAULT; rpcsec_gss_data.svc = global_fsal_proxy_specific_info.sec_type; if((p_thr_context->rpc_client->cl_auth = authgss_create_default(p_thr_context->rpc_client, global_fsal_proxy_specific_info.remote_principal, &rpcsec_gss_data)) == NULL) Return(ERR_FSAL_SEC, 0, INDEX_FSAL_InitClientContext); #endif Return(ERR_FSAL_NO_ERROR, 0, INDEX_FSAL_InitClientContext); } /* fsal_internal_set_auth_gss */
int main(int argc,char *argv[]) { char strbuf[BUFSIZE]; OM_uint32 oidvec[MAXOID]; OM_uint32 oidvecsize; unsigned char enc_oid_buf[BUFSIZE]; gss_OID oid = NULL; gss_buffer_desc buf; OM_uint32 stat, minor; while (fgets(strbuf,BUFSIZE,stdin)!=NULL) { if ((strbuf[0]!='#') && (strlen(strbuf) > 1)) { buf.length = strlen(strbuf) - 1; buf.value = (void *) strbuf; stat = gss_str_to_oid (&minor, &buf, &oid); printf ("gss_str_to_oid returns %u, %u\n", stat, minor); print_oid (oid); stat = gss_oid_to_str (&minor, oid, &buf); printf ("gss_oid_to_str returns %u, %u\n", stat, minor); printf ("string form of OID is \"%*.*s\"\n", buf.length, buf.length, buf.value); ilugss_free (oid); } } }
static int readConfMechOid(int argc, const char **argv, gss_OID *mech) { int i; OM_uint32 major, minor; const char *oidstr = NULL; #ifndef __APPLE__ size_t oidstrLen; gss_buffer_desc oidBuf; char *p; #endif for (i = 0; i < argc; i++) { if (strncmp(argv[i], "mech=", 5) != 0) continue; oidstr = &argv[i][5]; break; } if (oidstr == NULL) return PAM_SUCCESS; #ifdef __APPLE__ char mechbuf[64]; size_t mech_len; heim_oid heimOid; int ret; if (der_parse_heim_oid(oidstr, " .", &heimOid)) return PAM_SERVICE_ERR; ret = der_put_oid((unsigned char *)mechbuf + sizeof(mechbuf) - 1, sizeof(mechbuf), &heimOid, &mech_len); if (ret) { der_free_oid(&heimOid); return PAM_SERVICE_ERR; } *mech = (gss_OID)malloc(sizeof(gss_OID_desc)); if (*mech == NULL) { der_free_oid(&heimOid); return PAM_BUF_ERR; } (*mech)->elements = malloc(mech_len); if ((*mech)->elements == NULL) { der_free_oid(&heimOid); free(*mech); *mech = NULL; return PAM_BUF_ERR; } (*mech)->length = mech_len; memcpy((*mech)->elements, mechbuf + sizeof(mechbuf) - mech_len, mech_len); der_free_oid(&heimOid); major = GSS_S_COMPLETE; minor = 0; #else oidstrLen = strlen(oidstr); oidBuf.length = 2 + oidstrLen + 2; oidBuf.value = malloc(oidBuf.length + 1); if (oidBuf.value == NULL) return PAM_BUF_ERR; p = (char *)oidBuf.value; *p++ = '{'; *p++ = ' '; for (i = 0; i < oidstrLen; i++) *p++ = oidstr[i] == '.' ? ' ' : oidstr[i]; *p++ = ' '; *p++ = '}'; *p = '\0'; assert(oidBuf.length == p - (char *)oidBuf.value); major = gss_str_to_oid(&minor, &oidBuf, mech); free(oidBuf.value); #endif return pamGssMapStatus(major, minor); }
static bool mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset, bool add_spnego, const char *w) { gss_buffer_desc buf = { 0 }; uint32_t maj, min; gss_OID_set set; gss_OID oid; bool release_oid = false; if (NULL == *oidset) { maj = gss_create_empty_oid_set(&min, &set); if (maj != GSS_S_COMPLETE) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server, "gss_create_empty_oid_set() failed."); *oidset = GSS_C_NO_OID_SET; return false; } if (add_spnego) { oid = discard_const(&gss_mech_spnego); maj = gss_add_oid_set_member(&min, oid, &set); if (maj != GSS_S_COMPLETE) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server, "gss_add_oid_set_member() failed."); (void)gss_release_oid_set(&min, &set); *oidset = GSS_C_NO_OID_SET; return false; } } /* register in the pool so it can be released once the server * winds down */ apr_pool_cleanup_register(parms->pool, (void *)set, mag_oid_set_destroy, apr_pool_cleanup_null); *oidset = set; } else { set = *oidset; } if (strcmp(w, "krb5") == 0) { oid = discard_const(gss_mech_krb5); } else if (strcmp(w, "iakerb") == 0) { oid = discard_const(gss_mech_iakerb); } else if (strcmp(w, "ntlmssp") == 0) { oid = discard_const(gss_mech_ntlmssp); } else { buf.value = discard_const(w); buf.length = strlen(w); maj = gss_str_to_oid(&min, &buf, &oid); if (maj != GSS_S_COMPLETE) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server, "Unrecognized GSSAPI Mechanism: [%s]", w); return false; } release_oid = true; } maj = gss_add_oid_set_member(&min, oid, &set); if (maj != GSS_S_COMPLETE) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server, "gss_add_oid_set_member() failed for [%s].", w); } if (release_oid) { (void)gss_release_oid(&min, &oid); } return true; }