fsal_status_t fsal_internal_set_auth_gss(proxyfsal_op_context_t * p_thr_context)
{
#ifdef _USE_GSSRPC
fsal_status_t fsal_status;
struct rpc_gss_sec rpcsec_gss_data;
gss_OID mechOid;
char mechname[1024];
gss_buffer_desc mechgssbuff;
OM_uint32 maj_stat, min_stat;
/* Set up mechOid */
strcpy(mechname, "{ 1 2 840 113554 1 2 2 }");
mechgssbuff.value = mechname;
mechgssbuff.length = strlen(mechgssbuff.value);
LogFullDebug(COMPONENT_FSAL, "----> %p\n", p_thr_context->rpc_client);
if((maj_stat = gss_str_to_oid(&min_stat, &mechgssbuff, &mechOid)) != GSS_S_COMPLETE)
Return(ERR_FSAL_SEC, maj_stat, INDEX_FSAL_InitClientContext);
/* Authentification avec RPCSEC_GSS */
rpcsec_gss_data.mech = mechOid;
rpcsec_gss_data.qop = GSS_C_QOP_DEFAULT;
rpcsec_gss_data.svc = global_fsal_proxy_specific_info.sec_type;
if((p_thr_context->rpc_client->cl_auth =
authgss_create_default(p_thr_context->rpc_client,
global_fsal_proxy_specific_info.remote_principal,
&rpcsec_gss_data)) == NULL)
Return(ERR_FSAL_SEC, 0, INDEX_FSAL_InitClientContext);
#endif
Return(ERR_FSAL_NO_ERROR, 0, INDEX_FSAL_InitClientContext);
} /* fsal_internal_set_auth_gss */
int main(int argc,char *argv[])
{
char strbuf[BUFSIZE];
OM_uint32 oidvec[MAXOID];
OM_uint32 oidvecsize;
unsigned char enc_oid_buf[BUFSIZE];
gss_OID oid = NULL;
gss_buffer_desc buf;
OM_uint32 stat, minor;
while (fgets(strbuf,BUFSIZE,stdin)!=NULL) {
if ((strbuf[0]!='#') && (strlen(strbuf) > 1)) {
buf.length = strlen(strbuf) - 1;
buf.value = (void *) strbuf;
stat = gss_str_to_oid (&minor, &buf, &oid);
printf ("gss_str_to_oid returns %u, %u\n", stat, minor);
print_oid (oid);
stat = gss_oid_to_str (&minor, oid, &buf);
printf ("gss_oid_to_str returns %u, %u\n", stat, minor);
printf ("string form of OID is \"%*.*s\"\n", buf.length, buf.length, buf.value);
ilugss_free (oid);
}
}
}
static int
readConfMechOid(int argc,
const char **argv,
gss_OID *mech)
{
int i;
OM_uint32 major, minor;
const char *oidstr = NULL;
#ifndef __APPLE__
size_t oidstrLen;
gss_buffer_desc oidBuf;
char *p;
#endif
for (i = 0; i < argc; i++) {
if (strncmp(argv[i], "mech=", 5) != 0)
continue;
oidstr = &argv[i][5];
break;
}
if (oidstr == NULL)
return PAM_SUCCESS;
#ifdef __APPLE__
char mechbuf[64];
size_t mech_len;
heim_oid heimOid;
int ret;
if (der_parse_heim_oid(oidstr, " .", &heimOid))
return PAM_SERVICE_ERR;
ret = der_put_oid((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
sizeof(mechbuf),
&heimOid,
&mech_len);
if (ret) {
der_free_oid(&heimOid);
return PAM_SERVICE_ERR;
}
*mech = (gss_OID)malloc(sizeof(gss_OID_desc));
if (*mech == NULL) {
der_free_oid(&heimOid);
return PAM_BUF_ERR;
}
(*mech)->elements = malloc(mech_len);
if ((*mech)->elements == NULL) {
der_free_oid(&heimOid);
free(*mech);
*mech = NULL;
return PAM_BUF_ERR;
}
(*mech)->length = mech_len;
memcpy((*mech)->elements, mechbuf + sizeof(mechbuf) - mech_len, mech_len);
der_free_oid(&heimOid);
major = GSS_S_COMPLETE;
minor = 0;
#else
oidstrLen = strlen(oidstr);
oidBuf.length = 2 + oidstrLen + 2;
oidBuf.value = malloc(oidBuf.length + 1);
if (oidBuf.value == NULL)
return PAM_BUF_ERR;
p = (char *)oidBuf.value;
*p++ = '{';
*p++ = ' ';
for (i = 0; i < oidstrLen; i++)
*p++ = oidstr[i] == '.' ? ' ' : oidstr[i];
*p++ = ' ';
*p++ = '}';
*p = '\0';
assert(oidBuf.length == p - (char *)oidBuf.value);
major = gss_str_to_oid(&minor, &oidBuf, mech);
free(oidBuf.value);
#endif
return pamGssMapStatus(major, minor);
}
static bool mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
bool add_spnego, const char *w)
{
gss_buffer_desc buf = { 0 };
uint32_t maj, min;
gss_OID_set set;
gss_OID oid;
bool release_oid = false;
if (NULL == *oidset) {
maj = gss_create_empty_oid_set(&min, &set);
if (maj != GSS_S_COMPLETE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"gss_create_empty_oid_set() failed.");
*oidset = GSS_C_NO_OID_SET;
return false;
}
if (add_spnego) {
oid = discard_const(&gss_mech_spnego);
maj = gss_add_oid_set_member(&min, oid, &set);
if (maj != GSS_S_COMPLETE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"gss_add_oid_set_member() failed.");
(void)gss_release_oid_set(&min, &set);
*oidset = GSS_C_NO_OID_SET;
return false;
}
}
/* register in the pool so it can be released once the server
* winds down */
apr_pool_cleanup_register(parms->pool, (void *)set,
mag_oid_set_destroy,
apr_pool_cleanup_null);
*oidset = set;
} else {
set = *oidset;
}
if (strcmp(w, "krb5") == 0) {
oid = discard_const(gss_mech_krb5);
} else if (strcmp(w, "iakerb") == 0) {
oid = discard_const(gss_mech_iakerb);
} else if (strcmp(w, "ntlmssp") == 0) {
oid = discard_const(gss_mech_ntlmssp);
} else {
buf.value = discard_const(w);
buf.length = strlen(w);
maj = gss_str_to_oid(&min, &buf, &oid);
if (maj != GSS_S_COMPLETE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"Unrecognized GSSAPI Mechanism: [%s]", w);
return false;
}
release_oid = true;
}
maj = gss_add_oid_set_member(&min, oid, &set);
if (maj != GSS_S_COMPLETE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
"gss_add_oid_set_member() failed for [%s].", w);
}
if (release_oid) {
(void)gss_release_oid(&min, &oid);
}
return true;
}
