1153838Sdfr/*- 2153838Sdfr * Copyright (c) 2005 Doug Rabson 3153838Sdfr * All rights reserved. 4153838Sdfr * 5153838Sdfr * Redistribution and use in source and binary forms, with or without 6153838Sdfr * modification, are permitted provided that the following conditions 7153838Sdfr * are met: 8153838Sdfr * 1. Redistributions of source code must retain the above copyright 9153838Sdfr * notice, this list of conditions and the following disclaimer. 10153838Sdfr * 2. Redistributions in binary form must reproduce the above copyright 11153838Sdfr * notice, this list of conditions and the following disclaimer in the 12153838Sdfr * documentation and/or other materials provided with the distribution. 13153838Sdfr * 14153838Sdfr * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15153838Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16153838Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17153838Sdfr * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18153838Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19153838Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20153838Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21153838Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22153838Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23153838Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24153838Sdfr * SUCH DAMAGE. 25153838Sdfr * 26153838Sdfr * $FreeBSD$ 27153838Sdfr */ 28153838Sdfr 29153838Sdfr#include <gssapi/gssapi.h> 30153838Sdfr#include <stdlib.h> 31168340Skan#include <string.h> 32153838Sdfr#include <errno.h> 33153838Sdfr 34153838Sdfr#include "mech_switch.h" 35153838Sdfr#include "utils.h" 36153838Sdfr#include "name.h" 37153838Sdfr 38153838Sdfrstatic OM_uint32 39153838Sdfr_gss_import_export_name(OM_uint32 *minor_status, 40153838Sdfr const gss_buffer_t input_name_buffer, 41153838Sdfr gss_name_t *output_name) 42153838Sdfr{ 43153838Sdfr OM_uint32 major_status; 44153838Sdfr unsigned char *p = input_name_buffer->value; 45153838Sdfr size_t len = input_name_buffer->length; 46153838Sdfr size_t t; 47153838Sdfr gss_OID_desc mech_oid; 48153838Sdfr struct _gss_mech_switch *m; 49153838Sdfr struct _gss_name *name; 50153838Sdfr gss_name_t new_canonical_name; 51153838Sdfr 52153838Sdfr *minor_status = 0; 53153838Sdfr *output_name = 0; 54153838Sdfr 55153838Sdfr /* 56153838Sdfr * Make sure that TOK_ID is {4, 1}. 57153838Sdfr */ 58153838Sdfr if (len < 2) 59153838Sdfr return (GSS_S_BAD_NAME); 60153838Sdfr if (p[0] != 4 || p[1] != 1) 61153838Sdfr return (GSS_S_BAD_NAME); 62153838Sdfr p += 2; 63153838Sdfr len -= 2; 64153838Sdfr 65153838Sdfr /* 66153838Sdfr * Get the mech length and the name length and sanity 67153838Sdfr * check the size of of the buffer. 68153838Sdfr */ 69153838Sdfr if (len < 2) 70153838Sdfr return (GSS_S_BAD_NAME); 71153838Sdfr t = (p[0] << 8) + p[1]; 72153838Sdfr p += 2; 73153838Sdfr len -= 2; 74153838Sdfr 75153838Sdfr /* 76153838Sdfr * Check the DER encoded OID to make sure it agrees with the 77153838Sdfr * length we just decoded. 78153838Sdfr */ 79153838Sdfr if (p[0] != 6) /* 6=OID */ 80153838Sdfr return (GSS_S_BAD_NAME); 81153838Sdfr p++; 82153838Sdfr len--; 83153838Sdfr t--; 84153838Sdfr if (p[0] & 0x80) { 85153838Sdfr int digits = p[0]; 86153838Sdfr p++; 87153838Sdfr len--; 88153838Sdfr t--; 89153838Sdfr mech_oid.length = 0; 90153838Sdfr while (digits--) { 91153838Sdfr mech_oid.length = (mech_oid.length << 8) | p[0]; 92153838Sdfr p++; 93153838Sdfr len--; 94153838Sdfr t--; 95153838Sdfr } 96153838Sdfr } else { 97153838Sdfr mech_oid.length = p[0]; 98153838Sdfr p++; 99153838Sdfr len--; 100153838Sdfr t--; 101153838Sdfr } 102153838Sdfr if (mech_oid.length != t) 103153838Sdfr return (GSS_S_BAD_NAME); 104153838Sdfr 105153838Sdfr mech_oid.elements = p; 106153838Sdfr 107153838Sdfr if (len < t + 4) 108153838Sdfr return (GSS_S_BAD_NAME); 109153838Sdfr p += t; 110153838Sdfr len -= t; 111153838Sdfr 112153838Sdfr t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; 113153838Sdfr p += 4; 114153838Sdfr len -= 4; 115153838Sdfr 116153838Sdfr if (len != t) 117153838Sdfr return (GSS_S_BAD_NAME); 118153838Sdfr 119153838Sdfr m = _gss_find_mech_switch(&mech_oid); 120153838Sdfr if (!m) 121153838Sdfr return (GSS_S_BAD_MECH); 122153838Sdfr 123153838Sdfr /* 124153838Sdfr * Ask the mechanism to import the name. 125153838Sdfr */ 126153838Sdfr major_status = m->gm_import_name(minor_status, 127153838Sdfr input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name); 128178828Sdfr if (major_status != GSS_S_COMPLETE) { 129178828Sdfr _gss_mg_error(m, major_status, *minor_status); 130178828Sdfr return (major_status); 131178828Sdfr } 132153838Sdfr 133153838Sdfr /* 134153838Sdfr * Now we make a new name and mark it as an MN. 135153838Sdfr */ 136153838Sdfr name = _gss_make_name(m, new_canonical_name); 137153838Sdfr if (!name) { 138153838Sdfr m->gm_release_name(minor_status, &new_canonical_name); 139153838Sdfr return (GSS_S_FAILURE); 140153838Sdfr } 141153838Sdfr 142153838Sdfr *output_name = (gss_name_t) name; 143153838Sdfr 144153838Sdfr *minor_status = 0; 145153838Sdfr return (GSS_S_COMPLETE); 146153838Sdfr} 147153838Sdfr 148153838SdfrOM_uint32 149153838Sdfrgss_import_name(OM_uint32 *minor_status, 150153838Sdfr const gss_buffer_t input_name_buffer, 151153838Sdfr const gss_OID input_name_type, 152153838Sdfr gss_name_t *output_name) 153153838Sdfr{ 154153838Sdfr gss_OID name_type = input_name_type; 155153838Sdfr OM_uint32 major_status; 156153838Sdfr struct _gss_name *name; 157153838Sdfr 158178828Sdfr *output_name = GSS_C_NO_NAME; 159178828Sdfr 160153838Sdfr if (input_name_buffer->length == 0) { 161153838Sdfr *minor_status = 0; 162153838Sdfr return (GSS_S_BAD_NAME); 163153838Sdfr } 164153838Sdfr 165153838Sdfr /* 166153838Sdfr * Use GSS_NT_USER_NAME as default name type. 167153838Sdfr */ 168153838Sdfr if (name_type == GSS_C_NO_OID) 169153838Sdfr name_type = GSS_C_NT_USER_NAME; 170153838Sdfr 171153838Sdfr /* 172153838Sdfr * If this is an exported name, we need to parse it to find 173153838Sdfr * the mechanism and then import it as an MN. See RFC 2743 174153838Sdfr * section 3.2 for a description of the format. 175153838Sdfr */ 176178828Sdfr if (gss_oid_equal(name_type, GSS_C_NT_EXPORT_NAME)) { 177153838Sdfr return _gss_import_export_name(minor_status, 178153838Sdfr input_name_buffer, output_name); 179153838Sdfr } 180153838Sdfr 181153838Sdfr /* 182153838Sdfr * Only allow certain name types. This is pretty bogus - we 183153838Sdfr * should figure out the list of supported name types using 184153838Sdfr * gss_inquire_names_for_mech. 185153838Sdfr */ 186178828Sdfr if (!gss_oid_equal(name_type, GSS_C_NT_USER_NAME) 187178828Sdfr && !gss_oid_equal(name_type, GSS_C_NT_MACHINE_UID_NAME) 188178828Sdfr && !gss_oid_equal(name_type, GSS_C_NT_STRING_UID_NAME) 189178828Sdfr && !gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE_X) 190178828Sdfr && !gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE) 191178828Sdfr && !gss_oid_equal(name_type, GSS_C_NT_ANONYMOUS) 192178828Sdfr && !gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) { 193153838Sdfr *minor_status = 0; 194153838Sdfr return (GSS_S_BAD_NAMETYPE); 195153838Sdfr } 196153838Sdfr 197153838Sdfr *minor_status = 0; 198153838Sdfr name = malloc(sizeof(struct _gss_name)); 199153838Sdfr if (!name) { 200153838Sdfr *minor_status = ENOMEM; 201153838Sdfr return (GSS_S_FAILURE); 202153838Sdfr } 203153838Sdfr memset(name, 0, sizeof(struct _gss_name)); 204153838Sdfr 205153838Sdfr major_status = _gss_copy_oid(minor_status, 206153838Sdfr name_type, &name->gn_type); 207153838Sdfr if (major_status) { 208153838Sdfr free(name); 209153838Sdfr return (GSS_S_FAILURE); 210153838Sdfr } 211153838Sdfr 212153838Sdfr major_status = _gss_copy_buffer(minor_status, 213153838Sdfr input_name_buffer, &name->gn_value); 214153838Sdfr if (major_status) { 215178828Sdfr gss_name_t rname = (gss_name_t)name; 216178828Sdfr gss_release_name(minor_status, &rname); 217153838Sdfr return (GSS_S_FAILURE); 218153838Sdfr } 219153838Sdfr 220153838Sdfr SLIST_INIT(&name->gn_mn); 221153838Sdfr 222153838Sdfr *output_name = (gss_name_t) name; 223153838Sdfr return (GSS_S_COMPLETE); 224153838Sdfr} 225