fsal_status_t fsal_internal_set_auth_gss(proxyfsal_op_context_t * p_thr_context)
{
#ifdef _USE_GSSRPC
  fsal_status_t fsal_status;
  struct rpc_gss_sec rpcsec_gss_data;
  gss_OID mechOid;
  char mechname[1024];
  gss_buffer_desc mechgssbuff;
  OM_uint32 maj_stat, min_stat;

  /* Set up mechOid */
  strcpy(mechname, "{ 1 2 840 113554 1 2 2 }");

  mechgssbuff.value = mechname;
  mechgssbuff.length = strlen(mechgssbuff.value);

  LogFullDebug(COMPONENT_FSAL, "----> %p\n", p_thr_context->rpc_client);
  if((maj_stat = gss_str_to_oid(&min_stat, &mechgssbuff, &mechOid)) != GSS_S_COMPLETE)
    Return(ERR_FSAL_SEC, maj_stat, INDEX_FSAL_InitClientContext);

  /* Authentification avec RPCSEC_GSS */
  rpcsec_gss_data.mech = mechOid;
  rpcsec_gss_data.qop = GSS_C_QOP_DEFAULT;
  rpcsec_gss_data.svc = global_fsal_proxy_specific_info.sec_type;

  if((p_thr_context->rpc_client->cl_auth =
      authgss_create_default(p_thr_context->rpc_client,
                             global_fsal_proxy_specific_info.remote_principal,
                             &rpcsec_gss_data)) == NULL)
    Return(ERR_FSAL_SEC, 0, INDEX_FSAL_InitClientContext);
#endif
  Return(ERR_FSAL_NO_ERROR, 0, INDEX_FSAL_InitClientContext);
}                               /* fsal_internal_set_auth_gss */
Exemplo n.º 2
0
int main(int argc,char *argv[])
{
     char strbuf[BUFSIZE];
     OM_uint32 oidvec[MAXOID];
     OM_uint32 oidvecsize;
     unsigned char enc_oid_buf[BUFSIZE];
     gss_OID oid = NULL;
     gss_buffer_desc buf;
     OM_uint32 stat, minor;

     while (fgets(strbuf,BUFSIZE,stdin)!=NULL) {
	  if ((strbuf[0]!='#') && (strlen(strbuf) > 1)) {
	       buf.length = strlen(strbuf) - 1;
	       buf.value = (void *) strbuf;
	       stat = gss_str_to_oid (&minor, &buf, &oid);
	       printf ("gss_str_to_oid returns %u, %u\n", stat, minor);
	       print_oid (oid);
	       stat = gss_oid_to_str (&minor, oid, &buf);
	       printf ("gss_oid_to_str returns %u, %u\n", stat, minor);
	       printf ("string form of OID is \"%*.*s\"\n", buf.length, buf.length, buf.value);
	       ilugss_free (oid);
	  }
     }
}
Exemplo n.º 3
0
static int
readConfMechOid(int argc,
                const char **argv,
                gss_OID *mech)
{
    int i;
    OM_uint32 major, minor;
    const char *oidstr = NULL;
#ifndef __APPLE__
    size_t oidstrLen;
    gss_buffer_desc oidBuf;
    char *p;
#endif

    for (i = 0; i < argc; i++) {
        if (strncmp(argv[i], "mech=", 5) != 0)
            continue;

        oidstr = &argv[i][5];
        break;
    }

    if (oidstr == NULL)
        return PAM_SUCCESS;

#ifdef __APPLE__
    char mechbuf[64];
    size_t mech_len;
    heim_oid heimOid;
    int ret;
    
    if (der_parse_heim_oid(oidstr, " .", &heimOid))
        return PAM_SERVICE_ERR;
    
    ret = der_put_oid((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
                      sizeof(mechbuf),
                      &heimOid,
                      &mech_len);
    if (ret) {
        der_free_oid(&heimOid);
        return PAM_SERVICE_ERR;
    }

    *mech = (gss_OID)malloc(sizeof(gss_OID_desc));
    if (*mech == NULL) {
        der_free_oid(&heimOid);
        return PAM_BUF_ERR;
    }
    
    (*mech)->elements = malloc(mech_len);
    if ((*mech)->elements == NULL) {
        der_free_oid(&heimOid);
        free(*mech);
        *mech = NULL;
        return PAM_BUF_ERR;
    }

    (*mech)->length = mech_len;
    memcpy((*mech)->elements, mechbuf + sizeof(mechbuf) - mech_len, mech_len);

    der_free_oid(&heimOid);

    major = GSS_S_COMPLETE;
    minor = 0;
#else
    oidstrLen = strlen(oidstr);

    oidBuf.length = 2 + oidstrLen + 2;
    oidBuf.value = malloc(oidBuf.length + 1);
    if (oidBuf.value == NULL)
        return PAM_BUF_ERR;

    p = (char *)oidBuf.value;
    *p++ = '{';
    *p++ = ' ';
    for (i = 0; i < oidstrLen; i++)
        *p++ = oidstr[i] == '.' ? ' ' : oidstr[i];
    *p++ = ' ';
    *p++ = '}';
    *p = '\0';

    assert(oidBuf.length == p - (char *)oidBuf.value);

    major = gss_str_to_oid(&minor, &oidBuf, mech);

    free(oidBuf.value);
#endif

    return pamGssMapStatus(major, minor);
}
Exemplo n.º 4
0
static bool mag_list_of_mechs(cmd_parms *parms, gss_OID_set *oidset,
                              bool add_spnego, const char *w)
{
    gss_buffer_desc buf = { 0 };
    uint32_t maj, min;
    gss_OID_set set;
    gss_OID oid;
    bool release_oid = false;

    if (NULL == *oidset) {
        maj = gss_create_empty_oid_set(&min, &set);
        if (maj != GSS_S_COMPLETE) {
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
                         "gss_create_empty_oid_set() failed.");
            *oidset = GSS_C_NO_OID_SET;
            return false;
        }
        if (add_spnego) {
            oid = discard_const(&gss_mech_spnego);
            maj = gss_add_oid_set_member(&min, oid, &set);
            if (maj != GSS_S_COMPLETE) {
                ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
                             "gss_add_oid_set_member() failed.");
                (void)gss_release_oid_set(&min, &set);
                *oidset = GSS_C_NO_OID_SET;
                return false;
            }
        }
        /* register in the pool so it can be released once the server
         * winds down */
        apr_pool_cleanup_register(parms->pool, (void *)set,
                                  mag_oid_set_destroy,
                                  apr_pool_cleanup_null);
        *oidset = set;
    } else {
        set = *oidset;
    }

    if (strcmp(w, "krb5") == 0) {
        oid = discard_const(gss_mech_krb5);
    } else if (strcmp(w, "iakerb") == 0) {
        oid = discard_const(gss_mech_iakerb);
    } else if (strcmp(w, "ntlmssp") == 0) {
        oid = discard_const(gss_mech_ntlmssp);
    } else {
        buf.value = discard_const(w);
        buf.length = strlen(w);
        maj = gss_str_to_oid(&min, &buf, &oid);
        if (maj != GSS_S_COMPLETE) {
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
                         "Unrecognized GSSAPI Mechanism: [%s]", w);
            return false;
        }
        release_oid = true;
    }
    maj = gss_add_oid_set_member(&min, oid, &set);
    if (maj != GSS_S_COMPLETE) {
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, parms->server,
                         "gss_add_oid_set_member() failed for [%s].", w);
    }
    if (release_oid) {
        (void)gss_release_oid(&min, &oid);
    }

    return true;
}