OM_uint32
gss_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname,
const gss_OID mech, uid_t *uidp)
{
struct _gss_name *name = (struct _gss_name *) pname;
struct _gss_mech_switch *m;
struct _gss_mechanism_name *mn;
OM_uint32 major_status;
*minor_status = 0;
if (pname == GSS_C_NO_NAME)
return (GSS_S_BAD_NAME);
m = _gss_find_mech_switch(mech);
if (!m)
return (GSS_S_BAD_MECH);
if (m->gm_pname_to_uid == NULL)
return (GSS_S_UNAVAILABLE);
major_status = _gss_find_mn(minor_status, name, mech, &mn);
if (major_status != GSS_S_COMPLETE) {
_gss_mg_error(m, major_status, *minor_status);
return (major_status);
}
major_status = (*m->gm_pname_to_uid)(minor_status, mn->gmn_name,
mech, uidp);
if (major_status != GSS_S_COMPLETE)
_gss_mg_error(m, major_status, *minor_status);
return (major_status);
}
OM_uint32
gss_set_sec_context_option (OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
const gss_OID object,
const gss_buffer_t value)
{
struct _gss_context *ctx;
OM_uint32 major_status;
gssapi_mech_interface m;
*minor_status = 0;
if (context_handle == NULL)
return GSS_S_NO_CONTEXT;
ctx = (struct _gss_context *) *context_handle;
if (ctx == NULL)
return GSS_S_NO_CONTEXT;
m = ctx->gc_mech;
if (m == NULL)
return GSS_S_BAD_MECH;
if (m->gm_set_sec_context_option != NULL) {
major_status = m->gm_set_sec_context_option(minor_status,
&ctx->gc_ctx, object, value);
if (major_status != GSS_S_COMPLETE)
_gss_mg_error(m, major_status, *minor_status);
} else
major_status = GSS_S_BAD_MECH;
return major_status;
}
OM_uint32 GSSAPI_LIB_FUNCTION
gss_pseudo_random(OM_uint32 *minor_status,
gss_ctx_id_t context,
int prf_key,
const gss_buffer_t prf_in,
ssize_t desired_output_len,
gss_buffer_t prf_out)
{
struct _gss_context *ctx = (struct _gss_context *) context;
gssapi_mech_interface m;
OM_uint32 major_status;
_mg_buffer_zero(prf_out);
*minor_status = 0;
if (ctx == NULL) {
*minor_status = 0;
return GSS_S_NO_CONTEXT;
}
m = ctx->gc_mech;
if (m->gm_pseudo_random == NULL)
return GSS_S_UNAVAILABLE;
major_status = (*m->gm_pseudo_random)(minor_status, ctx->gc_ctx,
prf_key, prf_in, desired_output_len,
prf_out);
if (major_status != GSS_S_COMPLETE)
_gss_mg_error(m, major_status, *minor_status);
return major_status;
}
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
gss_const_ctx_id_t context_handle,
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
struct _gss_context *ctx = (struct _gss_context *) context_handle;
OM_uint32 major_status;
gssapi_mech_interface m;
*minor_status = 0;
*data_set = GSS_C_NO_BUFFER_SET;
if (ctx == NULL)
return GSS_S_NO_CONTEXT;
/*
* select the approprate underlying mechanism routine and
* call it.
*/
m = ctx->gc_mech;
if (m == NULL)
return GSS_S_BAD_MECH;
if (m->gm_inquire_sec_context_by_oid != NULL) {
major_status = m->gm_inquire_sec_context_by_oid(minor_status,
ctx->gc_ctx, desired_object, data_set);
if (major_status != GSS_S_COMPLETE)
_gss_mg_error(m, *minor_status);
} else
major_status = GSS_S_BAD_MECH;
return major_status;
}
void
gss_mg_collect_error(gss_OID mech, OM_uint32 maj, OM_uint32 min)
{
gssapi_mech_interface m = __gss_get_mechanism(mech);
if (m == NULL)
return;
_gss_mg_error(m, maj, min);
}
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_canonicalize_name(OM_uint32 *minor_status,
gss_const_name_t input_name,
const gss_OID mech_type,
gss_name_t *output_name)
{
OM_uint32 major_status;
struct _gss_name *name = (struct _gss_name *) input_name;
struct _gss_mechanism_name *mn;
gssapi_mech_interface m;
gss_name_t new_canonical_name;
*minor_status = 0;
*output_name = 0;
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (major_status)
return major_status;
m = mn->gmn_mech;
major_status = m->gm_canonicalize_name(minor_status,
mn->gmn_name, mech_type, &new_canonical_name);
if (major_status) {
_gss_mg_error(m, major_status, *minor_status);
return (major_status);
}
/*
* Now we make a new name and mark it as an MN.
*/
*minor_status = 0;
name = malloc(sizeof(struct _gss_name));
if (!name) {
m->gm_release_name(minor_status, &new_canonical_name);
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
memset(name, 0, sizeof(struct _gss_name));
mn = malloc(sizeof(struct _gss_mechanism_name));
if (!mn) {
m->gm_release_name(minor_status, &new_canonical_name);
free(name);
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
HEIM_SLIST_INIT(&name->gn_mn);
mn->gmn_mech = m;
mn->gmn_mech_oid = &m->gm_mech_oid;
mn->gmn_name = new_canonical_name;
HEIM_SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
*output_name = (gss_name_t) name;
return (GSS_S_COMPLETE);
}
void
_gss_mg_collect_error(gss_OID mech, OM_uint32 maj, OM_uint32 min)
{
struct _gss_mech_switch *m;
m = _gss_find_mech_switch(mech);
if (m != NULL)
_gss_mg_error(m, maj, min);
}
OM_uint32
gss_import_sec_context(OM_uint32 *minor_status,
const gss_buffer_t interprocess_token,
gss_ctx_id_t *context_handle)
{
OM_uint32 major_status;
struct _gss_mech_switch *m;
struct _gss_context *ctx;
gss_OID_desc mech_oid;
gss_buffer_desc buf;
unsigned char *p;
size_t len;
*minor_status = 0;
*context_handle = GSS_C_NO_CONTEXT;
/*
* We added an oid to the front of the token in
* gss_export_sec_context.
*/
p = interprocess_token->value;
len = interprocess_token->length;
if (len < 2)
return (GSS_S_DEFECTIVE_TOKEN);
mech_oid.length = (p[0] << 8) | p[1];
if (len < mech_oid.length + 2)
return (GSS_S_DEFECTIVE_TOKEN);
mech_oid.elements = p + 2;
buf.length = len - 2 - mech_oid.length;
buf.value = p + 2 + mech_oid.length;
m = _gss_find_mech_switch(&mech_oid);
if (!m)
return (GSS_S_DEFECTIVE_TOKEN);
ctx = malloc(sizeof(struct _gss_context));
if (!ctx) {
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
ctx->gc_mech = m;
major_status = m->gm_import_sec_context(minor_status,
&buf, &ctx->gc_ctx);
if (major_status != GSS_S_COMPLETE) {
_gss_mg_error(m, major_status, *minor_status);
free(ctx);
} else {
*context_handle = (gss_ctx_id_t) ctx;
}
return (major_status);
}
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_canonicalize_name(OM_uint32 *minor_status,
const gss_name_t input_name,
const gss_OID mech_type,
gss_name_t *output_name)
{
OM_uint32 major_status;
struct _gss_name *name = (struct _gss_name *) input_name;
struct _gss_mechanism_name *mn;
gssapi_mech_interface m;
gss_name_t new_canonical_name;
*minor_status = 0;
*output_name = 0;
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (major_status)
return major_status;
if (mn == NULL)
return GSS_S_BAD_NAME;
m = mn->gmn_mech;
major_status = m->gm_canonicalize_name(minor_status,
mn->gmn_name, mech_type, &new_canonical_name);
if (major_status) {
_gss_mg_error(m, *minor_status);
return (major_status);
}
/*
* Now we make a new name and mark it as an MN.
*/
*minor_status = 0;
name = _gss_create_name(new_canonical_name, m);
if (!name) {
m->gm_release_name(minor_status, &new_canonical_name);
*minor_status = ENOMEM;
return (GSS_S_FAILURE);
}
*output_name = (gss_name_t) name;
return (GSS_S_COMPLETE);
}
GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_inquire_context(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
gss_name_t *src_name,
gss_name_t *targ_name,
OM_uint32 *lifetime_rec,
gss_OID *mech_type,
OM_uint32 *ctx_flags,
int *locally_initiated,
int *xopen)
{
OM_uint32 major_status;
struct _gss_context *ctx = (struct _gss_context *) context_handle;
gssapi_mech_interface m = ctx->gc_mech;
struct _gss_name *name;
gss_name_t src_mn, targ_mn;
if (locally_initiated)
*locally_initiated = 0;
if (xopen)
*xopen = 0;
if (lifetime_rec)
*lifetime_rec = 0;
if (src_name)
*src_name = GSS_C_NO_NAME;
if (targ_name)
*targ_name = GSS_C_NO_NAME;
if (mech_type)
*mech_type = GSS_C_NO_OID;
src_mn = targ_mn = GSS_C_NO_NAME;
major_status = m->gm_inquire_context(minor_status,
ctx->gc_ctx,
src_name ? &src_mn : NULL,
targ_name ? &targ_mn : NULL,
lifetime_rec,
mech_type,
ctx_flags,
locally_initiated,
xopen);
if (major_status != GSS_S_COMPLETE) {
_gss_mg_error(m, major_status, *minor_status);
return (major_status);
}
if (src_name) {
name = _gss_make_name(m, src_mn);
if (!name) {
if (mech_type)
*mech_type = GSS_C_NO_OID;
m->gm_release_name(minor_status, &src_mn);
*minor_status = 0;
return (GSS_S_FAILURE);
}
*src_name = (gss_name_t) name;
}
if (targ_name) {
name = _gss_make_name(m, targ_mn);
if (!name) {
if (mech_type)
*mech_type = GSS_C_NO_OID;
if (src_name)
gss_release_name(minor_status, src_name);
m->gm_release_name(minor_status, &targ_mn);
*minor_status = 0;
return (GSS_S_FAILURE);
}
*targ_name = (gss_name_t) name;
}
return (GSS_S_COMPLETE);
}
/**
* This function is not a public interface and is deprecated anyways, do
* not use. Use gss_acquire_cred_with_password() instead for now.
*
* @deprecated
*/
OM_uint32
_gss_acquire_cred_ext(OM_uint32 *minor_status,
gss_const_name_t desired_name,
gss_const_OID credential_type,
const void *credential_data,
OM_uint32 time_req,
gss_const_OID desired_mech,
gss_cred_usage_t cred_usage,
gss_cred_id_t *output_cred_handle)
{
OM_uint32 major_status;
struct _gss_name *name = (struct _gss_name *) desired_name;
gssapi_mech_interface m;
struct _gss_cred *cred;
gss_OID_set_desc set, *mechs;
size_t i;
*minor_status = 0;
if (output_cred_handle == NULL)
return GSS_S_CALL_INACCESSIBLE_READ;
_gss_load_mech();
if (desired_mech != GSS_C_NO_OID) {
int match = 0;
gss_test_oid_set_member(minor_status, (gss_OID)desired_mech,
_gss_mech_oids, &match);
if (!match)
return GSS_S_BAD_MECH;
set.count = 1;
set.elements = (gss_OID)desired_mech;
mechs = &set;
} else
mechs = _gss_mech_oids;
cred = calloc(1, sizeof(*cred));
if (cred == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
HEIM_SLIST_INIT(&cred->gc_mc);
for (i = 0; i < mechs->count; i++) {
struct _gss_mechanism_name *mn = NULL;
struct _gss_mechanism_cred *mc = NULL;
m = __gss_get_mechanism(&mechs->elements[i]);
if (!m)
continue;
if (desired_name != GSS_C_NO_NAME) {
major_status = _gss_find_mn(minor_status, name,
&mechs->elements[i], &mn);
if (major_status != GSS_S_COMPLETE)
continue;
}
major_status = _gss_acquire_mech_cred(minor_status, m, mn,
credential_type, credential_data,
time_req, desired_mech, cred_usage,
&mc);
if (GSS_ERROR(major_status)) {
if (mechs->count == 1)
_gss_mg_error(m, major_status, *minor_status);
continue;
}
HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
}
/*
* If we didn't manage to create a single credential, return
* an error.
*/
if (!HEIM_SLIST_FIRST(&cred->gc_mc)) {
free(cred);
if (mechs->count > 1)
*minor_status = 0;
return GSS_S_NO_CRED;
}
*output_cred_handle = (gss_cred_id_t) cred;
*minor_status = 0;
return GSS_S_COMPLETE;
}
static OM_uint32
_gss_import_export_name(OM_uint32 *minor_status,
const gss_buffer_t input_name_buffer,
gss_name_t *output_name)
{
OM_uint32 major_status;
unsigned char *p = input_name_buffer->value;
size_t len = input_name_buffer->length;
size_t t;
gss_OID_desc mech_oid;
struct _gss_mech_switch *m;
struct _gss_name *name;
gss_name_t new_canonical_name;
*minor_status = 0;
*output_name = 0;
/*
* Make sure that TOK_ID is {4, 1}.
*/
if (len < 2)
return (GSS_S_BAD_NAME);
if (p[0] != 4 || p[1] != 1)
return (GSS_S_BAD_NAME);
p += 2;
len -= 2;
/*
* Get the mech length and the name length and sanity
* check the size of of the buffer.
*/
if (len < 2)
return (GSS_S_BAD_NAME);
t = (p[0] << 8) + p[1];
p += 2;
len -= 2;
/*
* Check the DER encoded OID to make sure it agrees with the
* length we just decoded.
*/
if (p[0] != 6) /* 6=OID */
return (GSS_S_BAD_NAME);
p++;
len--;
t--;
if (p[0] & 0x80) {
int digits = p[0];
p++;
len--;
t--;
mech_oid.length = 0;
while (digits--) {
mech_oid.length = (mech_oid.length << 8) | p[0];
p++;
len--;
t--;
}
} else {
mech_oid.length = p[0];
p++;
len--;
t--;
}
if (mech_oid.length != t)
return (GSS_S_BAD_NAME);
mech_oid.elements = p;
if (len < t + 4)
return (GSS_S_BAD_NAME);
p += t;
len -= t;
t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
p += 4;
len -= 4;
if (len != t)
return (GSS_S_BAD_NAME);
m = _gss_find_mech_switch(&mech_oid);
if (!m)
return (GSS_S_BAD_MECH);
/*
* Ask the mechanism to import the name.
*/
major_status = m->gm_import_name(minor_status,
input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name);
if (major_status != GSS_S_COMPLETE) {
_gss_mg_error(m, major_status, *minor_status);
return (major_status);
}
/*
* Now we make a new name and mark it as an MN.
*/
name = _gss_make_name(m, new_canonical_name);
if (!name) {
m->gm_release_name(minor_status, &new_canonical_name);
return (GSS_S_FAILURE);
}
*output_name = (gss_name_t) name;
*minor_status = 0;
return (GSS_S_COMPLETE);
}