1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
3 * Copyright 1993 by OpenVision Technologies, Inc.
5 * Permission to use, copy, modify, distribute, and sell this software
6 * and its documentation for any purpose is hereby granted without fee,
7 * provided that the above copyright notice appears in all copies and
8 * that both that copyright notice and this permission notice appear in
9 * supporting documentation, and that the name of OpenVision not be used
10 * in advertising or publicity pertaining to distribution of the software
11 * without specific, written prior permission. OpenVision makes no
12 * representations about the suitability of this software for any
13 * purpose. It is provided "as is" without express or implied warranty.
15 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
16 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
17 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
18 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
19 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
20 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
21 * PERFORMANCE OF THIS SOFTWARE.
28 #include "gssapiP_generic.h"
31 * See krb5/gssapi_krb5.c for a description of the algorithm for
32 * encoding an object identifier.
35 /* Reserved static storage for GSS_oids. Comments are quotes from RFC 2744. */
37 #define oids ((gss_OID_desc *)const_oids)
38 static const gss_OID_desc const_oids[] = {
40 * The implementation must reserve static storage for a
41 * gss_OID_desc object containing the value */
42 {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"},
43 /* corresponding to an object-identifier value of
44 * {iso(1) member-body(2) United States(840) mit(113554)
45 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
46 * GSS_C_NT_USER_NAME should be initialized to point
47 * to that gss_OID_desc.
51 * The implementation must reserve static storage for a
52 * gss_OID_desc object containing the value */
53 {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"},
54 /* corresponding to an object-identifier value of
55 * {iso(1) member-body(2) United States(840) mit(113554)
56 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
57 * The constant GSS_C_NT_MACHINE_UID_NAME should be
58 * initialized to point to that gss_OID_desc.
62 * The implementation must reserve static storage for a
63 * gss_OID_desc object containing the value */
64 {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"},
65 /* corresponding to an object-identifier value of
66 * {iso(1) member-body(2) United States(840) mit(113554)
67 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
68 * The constant GSS_C_NT_STRING_UID_NAME should be
69 * initialized to point to that gss_OID_desc.
73 * The implementation must reserve static storage for a
74 * gss_OID_desc object containing the value */
75 {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
76 /* corresponding to an object-identifier value of
77 * {iso(1) org(3) dod(6) internet(1) security(5)
78 * nametypes(6) gss-host-based-services(2)). The constant
79 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
80 * to that gss_OID_desc. This is a deprecated OID value, and
81 * implementations wishing to support hostbased-service names
82 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
83 * defined below, to identify such names;
84 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
85 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
86 * parameter, but should not be emitted by GSS-API
91 * The implementation must reserve static storage for a
92 * gss_OID_desc object containing the value */
93 {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"},
94 /* corresponding to an object-identifier value of
95 * {iso(1) member-body(2) Unites States(840) mit(113554)
96 * infosys(1) gssapi(2) generic(1) service_name(4)}.
97 * The constant GSS_C_NT_HOSTBASED_SERVICE should be
98 * initialized to point to that gss_OID_desc.
102 * The implementation must reserve static storage for a
103 * gss_OID_desc object containing the value */
104 {6, (void *)"\x2b\x06\01\x05\x06\x03"},
105 /* corresponding to an object identifier value of
106 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
107 * 6(nametypes), 3(gss-anonymous-name)}. The constant
108 * and GSS_C_NT_ANONYMOUS should be initialized to point
109 * to that gss_OID_desc.
113 * The implementation must reserve static storage for a
114 * gss_OID_desc object containing the value */
115 {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
116 /* corresponding to an object-identifier value of
117 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
118 * 6(nametypes), 4(gss-api-exported-name)}. The constant
119 * GSS_C_NT_EXPORT_NAME should be initialized to point
120 * to that gss_OID_desc.
122 {6, (void *)"\x2b\x06\x01\x05\x06\x06"},
123 /* corresponding to an object-identifier value of
124 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
125 * 6(nametypes), 6(gss-composite-export)}. The constant
126 * GSS_C_NT_COMPOSITE_EXPORT should be initialized to point
127 * to that gss_OID_desc.
129 /* GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5 */
130 {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"},
132 /* RFC 5587 attributes, see below */
133 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x01"},
134 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x02"},
135 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x03"},
136 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x04"},
137 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x05"},
138 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x06"},
139 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x07"},
140 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x08"},
141 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x09"},
142 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0a"},
143 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0b"},
144 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0c"},
145 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0d"},
146 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0e"},
147 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x0f"},
148 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x10"},
149 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x11"},
150 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x12"},
151 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x13"},
152 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x14"},
153 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x15"},
154 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x16"},
155 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x17"},
156 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x18"},
157 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x19"},
158 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1a"},
159 {7, (void *)"\x2b\x06\x01\x05\x05\x0d\x1b"},
162 /* Here are the constants which point to the static structure above.
164 * Constants of the form GSS_C_NT_* are specified by rfc 2744.
166 * Constants of the form gss_nt_* are the original MIT krb5 names
167 * found in gssapi_generic.h. They are provided for compatibility. */
169 GSS_DLLIMP gss_OID GSS_C_NT_USER_NAME = oids+0;
170 GSS_DLLIMP gss_OID gss_nt_user_name = oids+0;
172 GSS_DLLIMP gss_OID GSS_C_NT_MACHINE_UID_NAME = oids+1;
173 GSS_DLLIMP gss_OID gss_nt_machine_uid_name = oids+1;
175 GSS_DLLIMP gss_OID GSS_C_NT_STRING_UID_NAME = oids+2;
176 GSS_DLLIMP gss_OID gss_nt_string_uid_name = oids+2;
178 GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3;
179 gss_OID gss_nt_service_name_v2 = oids+3;
181 GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE = oids+4;
182 GSS_DLLIMP gss_OID gss_nt_service_name = oids+4;
184 GSS_DLLIMP gss_OID GSS_C_NT_ANONYMOUS = oids+5;
186 GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME = oids+6;
187 gss_OID gss_nt_exported_name = oids+6;
189 GSS_DLLIMP gss_OID GSS_C_NT_COMPOSITE_EXPORT = oids+7;
191 GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY = oids+8;
193 GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_CONCRETE = oids+9;
194 GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_PSEUDO = oids+10;
195 GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_COMPOSITE = oids+11;
196 GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_NEGO = oids+12;
197 GSS_DLLIMP gss_const_OID GSS_C_MA_MECH_GLUE = oids+13;
198 GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_MECH = oids+14;
199 GSS_DLLIMP gss_const_OID GSS_C_MA_DEPRECATED = oids+15;
200 GSS_DLLIMP gss_const_OID GSS_C_MA_NOT_DFLT_MECH = oids+16;
201 GSS_DLLIMP gss_const_OID GSS_C_MA_ITOK_FRAMED = oids+17;
202 GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT = oids+18;
203 GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG = oids+19;
204 GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_INIT = oids+20;
205 GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_INIT = oids+21;
206 GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_INIT_ANON = oids+22;
207 GSS_DLLIMP gss_const_OID GSS_C_MA_AUTH_TARG_ANON = oids+23;
208 GSS_DLLIMP gss_const_OID GSS_C_MA_DELEG_CRED = oids+24;
209 GSS_DLLIMP gss_const_OID GSS_C_MA_INTEG_PROT = oids+25;
210 GSS_DLLIMP gss_const_OID GSS_C_MA_CONF_PROT = oids+26;
211 GSS_DLLIMP gss_const_OID GSS_C_MA_MIC = oids+27;
212 GSS_DLLIMP gss_const_OID GSS_C_MA_WRAP = oids+28;
213 GSS_DLLIMP gss_const_OID GSS_C_MA_PROT_READY = oids+29;
214 GSS_DLLIMP gss_const_OID GSS_C_MA_REPLAY_DET = oids+30;
215 GSS_DLLIMP gss_const_OID GSS_C_MA_OOS_DET = oids+31;
216 GSS_DLLIMP gss_const_OID GSS_C_MA_CBINDINGS = oids+32;
217 GSS_DLLIMP gss_const_OID GSS_C_MA_PFS = oids+33;
218 GSS_DLLIMP gss_const_OID GSS_C_MA_COMPRESS = oids+34;
219 GSS_DLLIMP gss_const_OID GSS_C_MA_CTX_TRANS = oids+35;
221 static gss_OID_set_desc gss_ma_known_attrs_desc = { 27, oids+9 };
222 gss_OID_set gss_ma_known_attrs = &gss_ma_known_attrs_desc;
224 static struct mech_attr_info_desc {
227 const char *short_desc;
228 const char *long_desc;
229 } mech_attr_info[] = {
232 "GSS_C_MA_MECH_CONCRETE",
234 "Mechanism is neither a pseudo-mechanism nor a composite mechanism.",
238 "GSS_C_MA_MECH_PSEUDO",
240 "Mechanism is a pseudo-mechanism.",
244 "GSS_C_MA_MECH_COMPOSITE",
246 "Mechanism is a composite of other mechanisms.",
250 "GSS_C_MA_MECH_NEGO",
251 "mech-negotiation-mech",
252 "Mechanism negotiates other mechanisms.",
256 "GSS_C_MA_MECH_GLUE",
258 "OID is not a mechanism but the GSS-API itself.",
264 "Known OID but not a mechanism OID.",
268 "GSS_C_MA_DEPRECATED",
270 "Mechanism is deprecated.",
274 "GSS_C_MA_NOT_DFLT_MECH",
276 "Mechanism must not be used as a default mechanism.",
280 "GSS_C_MA_ITOK_FRAMED",
282 "Mechanism's initial contexts are properly framed.",
286 "GSS_C_MA_AUTH_INIT",
288 "Mechanism supports authentication of initiator to acceptor.",
292 "GSS_C_MA_AUTH_TARG",
294 "Mechanism supports authentication of acceptor to initiator.",
298 "GSS_C_MA_AUTH_INIT_INIT",
299 "auth-init-princ-initial",
300 "Mechanism supports authentication of initiator using "
301 "initial credentials.",
305 "GSS_C_MA_AUTH_TARG_INIT",
306 "auth-target-princ-initial",
307 "Mechanism supports authentication of acceptor using "
308 "initial credentials.",
312 "GSS_C_MA_AUTH_INIT_ANON",
313 "auth-init-princ-anon",
314 "Mechanism supports GSS_C_NT_ANONYMOUS as an initiator name.",
318 "GSS_C_MA_AUTH_TARG_ANON",
319 "auth-targ-princ-anon",
320 "Mechanism supports GSS_C_NT_ANONYMOUS as an acceptor name.",
324 "GSS_C_MA_DELEG_CRED",
326 "Mechanism supports credential delegation.",
330 "GSS_C_MA_INTEG_PROT",
332 "Mechanism supports per-message integrity protection.",
336 "GSS_C_MA_CONF_PROT",
338 "Mechanism supports per-message confidentiality protection.",
344 "Mechanism supports Message Integrity Code (MIC) tokens.",
350 "Mechanism supports wrap tokens.",
354 "GSS_C_MA_PROT_READY",
356 "Mechanism supports per-message proteciton prior to "
357 "full context establishment.",
361 "GSS_C_MA_REPLAY_DET",
363 "Mechanism supports replay detection.",
369 "Mechanism supports out-of-sequence detection.",
373 "GSS_C_MA_CBINDINGS",
375 "Mechanism supports channel bindings.",
381 "Mechanism supports Perfect Forward Security.",
387 "Mechanism supports compression of data inputs to gss_wrap().",
391 "GSS_C_MA_CTX_TRANS",
393 "Mechanism supports security context export/import.",
398 generic_gss_display_mech_attr(
399 OM_uint32 *minor_status,
400 gss_const_OID mech_attr,
402 gss_buffer_t short_desc,
403 gss_buffer_t long_desc)
407 if (name != GSS_C_NO_BUFFER) {
411 if (short_desc != GSS_C_NO_BUFFER) {
412 short_desc->length = 0;
413 short_desc->value = NULL;
415 if (long_desc != GSS_C_NO_BUFFER) {
416 long_desc->length = 0;
417 long_desc->value = NULL;
419 for (i = 0; i < sizeof(mech_attr_info)/sizeof(mech_attr_info[0]); i++) {
420 struct mech_attr_info_desc *mai = &mech_attr_info[i];
422 if (g_OID_equal(mech_attr, mai->mech_attr)) {
423 if (name != GSS_C_NO_BUFFER &&
424 !g_make_string_buffer(mai->name, name)) {
425 *minor_status = ENOMEM;
426 return GSS_S_FAILURE;
428 if (short_desc != GSS_C_NO_BUFFER &&
429 !g_make_string_buffer(mai->short_desc, short_desc)) {
430 *minor_status = ENOMEM;
431 return GSS_S_FAILURE;
433 if (long_desc != GSS_C_NO_BUFFER &&
434 !g_make_string_buffer(mai->long_desc, long_desc)) {
435 *minor_status = ENOMEM;
436 return GSS_S_FAILURE;
438 return GSS_S_COMPLETE;
442 return GSS_S_BAD_MECH_ATTR;
445 static gss_buffer_desc const_attrs[] = {
446 { sizeof("local-login-user") - 1,
447 "local-login-user" },
450 GSS_DLLIMP gss_buffer_t GSS_C_ATTR_LOCAL_LOGIN_USER = &const_attrs[0];