int
gssEapIsMechanismOid(const gss_OID oid)
{
#ifdef MECH_EAP
return oid == GSS_C_NO_OID ||
oidEqual(oid, GSS_EAP_MECHANISM) ||
gssEapIsConcreteMechanismOid(oid);
#else
return oid == GSS_C_NO_OID ||
oidEqual(oid, GSS_SAMLEC_MECHANISM) ||
gssEapIsConcreteMechanismOid(oid);
#endif
}
OM_uint32
gssEapCanonicalizeOid(OM_uint32 *minor,
const gss_OID oid,
OM_uint32 flags,
gss_OID *pOid)
{
OM_uint32 major;
int mapToNull = 0;
major = GSS_S_COMPLETE;
*minor = 0;
*pOid = GSS_C_NULL_OID;
if (oid == GSS_C_NULL_OID) {
if ((flags & OID_FLAG_NULL_VALID) == 0) {
*minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
} else if (flags & OID_FLAG_MAP_NULL_TO_DEFAULT_MECH) {
return gssEapDefaultMech(minor, pOid);
} else {
mapToNull = 1;
}
#ifdef MECH_EAP
} else if (oidEqual(oid, GSS_EAP_MECHANISM)) {
if ((flags & OID_FLAG_FAMILY_MECH_VALID) == 0) {
*minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
} else if (flags & OID_FLAG_MAP_FAMILY_MECH_TO_NULL) {
mapToNull = 1;
}
#endif
} else if (!gssEapIsConcreteMechanismOid(oid)) {
*minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
}
if (!mapToNull) {
if (!internalizeOid(oid, pOid))
major = duplicateOid(minor, oid, pOid);
}
return major;
}
/*
* Validate that all elements are concrete mechanism OIDs.
*/
OM_uint32
gssEapValidateMechs(OM_uint32 *minor,
const gss_OID_set mechs)
{
int i;
*minor = 0;
if (mechs == GSS_C_NO_OID_SET) {
return GSS_S_COMPLETE;
}
for (i = 0; i < mechs->count; i++) {
gss_OID oid = &mechs->elements[i];
if (!gssEapIsConcreteMechanismOid(oid)) {
*minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
}
}
return GSS_S_COMPLETE;
}
OM_uint32 GSSAPI_CALLCONV
gss_inquire_attrs_for_mech(OM_uint32 *minor,
gss_const_OID mech_oid,
gss_OID_set *mech_attrs,
gss_OID_set *known_mech_attrs)
{
OM_uint32 major, tmpMinor;
if (mech_attrs != NULL)
*mech_attrs = GSS_C_NO_OID_SET;
if (known_mech_attrs != NULL)
*known_mech_attrs = GSS_C_NO_OID_SET;
if (!gssEapIsConcreteMechanismOid((const gss_OID)mech_oid)) {
*minor = GSSEAP_WRONG_MECH;
return GSS_S_BAD_MECH;
}
if (mech_attrs != NULL) {
major = gss_create_empty_oid_set(minor, mech_attrs);
if (GSS_ERROR(major))
goto cleanup;
#ifdef HAVE_GSS_INQUIRE_ATTRS_FOR_MECH
if (oidEqual(mech_oid, GSS_EAP_MECHANISM))
MA_SUPPORTED(GSS_C_MA_MECH_PSEUDO);
else
MA_SUPPORTED(GSS_C_MA_MECH_CONCRETE);
MA_SUPPORTED(GSS_C_MA_ITOK_FRAMED);
MA_SUPPORTED(GSS_C_MA_AUTH_INIT);
MA_SUPPORTED(GSS_C_MA_AUTH_TARG);
MA_SUPPORTED(GSS_C_MA_AUTH_INIT_INIT);
MA_SUPPORTED(GSS_C_MA_INTEG_PROT);
MA_SUPPORTED(GSS_C_MA_CONF_PROT);
MA_SUPPORTED(GSS_C_MA_MIC);
MA_SUPPORTED(GSS_C_MA_WRAP);
MA_SUPPORTED(GSS_C_MA_REPLAY_DET);
MA_SUPPORTED(GSS_C_MA_OOS_DET);
MA_SUPPORTED(GSS_C_MA_CBINDINGS);
MA_SUPPORTED(GSS_C_MA_CTX_TRANS);
#endif
}
if (known_mech_attrs != NULL) {
major = gss_create_empty_oid_set(minor, known_mech_attrs);
if (GSS_ERROR(major))
goto cleanup;
#ifdef HAVE_GSS_INQUIRE_ATTRS_FOR_MECH
MA_KNOWN(GSS_C_MA_MECH_CONCRETE);
MA_KNOWN(GSS_C_MA_MECH_PSEUDO);
MA_KNOWN(GSS_C_MA_MECH_COMPOSITE);
MA_KNOWN(GSS_C_MA_MECH_NEGO);
MA_KNOWN(GSS_C_MA_MECH_GLUE);
MA_KNOWN(GSS_C_MA_NOT_MECH);
MA_KNOWN(GSS_C_MA_DEPRECATED);
MA_KNOWN(GSS_C_MA_NOT_DFLT_MECH);
MA_KNOWN(GSS_C_MA_ITOK_FRAMED);
MA_KNOWN(GSS_C_MA_AUTH_INIT);
MA_KNOWN(GSS_C_MA_AUTH_TARG);
MA_KNOWN(GSS_C_MA_AUTH_INIT_INIT);
MA_KNOWN(GSS_C_MA_AUTH_TARG_INIT);
MA_KNOWN(GSS_C_MA_AUTH_INIT_ANON);
MA_KNOWN(GSS_C_MA_AUTH_TARG_ANON);
MA_KNOWN(GSS_C_MA_DELEG_CRED);
MA_KNOWN(GSS_C_MA_INTEG_PROT);
MA_KNOWN(GSS_C_MA_CONF_PROT);
MA_KNOWN(GSS_C_MA_MIC);
MA_KNOWN(GSS_C_MA_WRAP);
MA_KNOWN(GSS_C_MA_PROT_READY);
MA_KNOWN(GSS_C_MA_REPLAY_DET);
MA_KNOWN(GSS_C_MA_OOS_DET);
MA_KNOWN(GSS_C_MA_CBINDINGS);
MA_KNOWN(GSS_C_MA_PFS);
MA_KNOWN(GSS_C_MA_COMPRESS);
MA_KNOWN(GSS_C_MA_CTX_TRANS);
#endif
}
major = GSS_S_COMPLETE;
*minor = 0;
cleanup:
if (GSS_ERROR(major)) {
gss_release_oid_set(&tmpMinor, mech_attrs);
gss_release_oid_set(&tmpMinor, known_mech_attrs);
}
return major;
}
