diff --git a/lib/libgssapi/gss_accept_sec_context.c b/lib/libgssapi/gss_accept_sec_context.c index afb502d84385..74da9791d678 100644 --- a/lib/libgssapi/gss_accept_sec_context.c +++ b/lib/libgssapi/gss_accept_sec_context.c @@ -1,294 +1,294 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include #include "mech_switch.h" #include "context.h" #include "cred.h" #include "name.h" #include "utils.h" static OM_uint32 parse_header(const gss_buffer_t input_token, gss_OID mech_oid) { unsigned char *p = input_token->value; size_t len = input_token->length; size_t a, b; - + /* * Token must start with [APPLICATION 0] SEQUENCE. * But if it doesn't assume it is DCE-STYLE Kerberos! */ if (len == 0) return (GSS_S_DEFECTIVE_TOKEN); - + p++; len--; - + /* * Decode the length and make sure it agrees with the * token length. */ if (len == 0) return (GSS_S_DEFECTIVE_TOKEN); if ((*p & 0x80) == 0) { a = *p; p++; len--; } else { b = *p & 0x7f; p++; len--; if (len < b) return (GSS_S_DEFECTIVE_TOKEN); a = 0; while (b) { a = (a << 8) | *p; p++; len--; b--; } } if (a != len) return (GSS_S_DEFECTIVE_TOKEN); - + /* * Decode the OID for the mechanism. Simplify life by * assuming that the OID length is less than 128 bytes. */ if (len < 2 || *p != 0x06) return (GSS_S_DEFECTIVE_TOKEN); if ((p[1] & 0x80) || p[1] > (len - 2)) return (GSS_S_DEFECTIVE_TOKEN); mech_oid->length = p[1]; p += 2; len -= 2; mech_oid->elements = p; - + return (GSS_S_COMPLETE); -} +} static gss_OID_desc krb5_mechanism = {9, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")}; static gss_OID_desc ntlm_mechanism = {10, __DECONST(void *, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a")}; static gss_OID_desc spnego_mechanism = {6, __DECONST(void *, "\x2b\x06\x01\x05\x05\x02")}; static OM_uint32 choose_mech(const gss_buffer_t input, gss_OID mech_oid) { OM_uint32 status; /* * First try to parse the gssapi token header and see if it's a * correct header, use that in the first hand. */ status = parse_header(input, mech_oid); if (status == GSS_S_COMPLETE) return (GSS_S_COMPLETE); - + /* * Lets guess what mech is really is, callback function to mech ?? */ - if (input->length > 8 && + if (input->length > 8 && memcmp((const char *)input->value, "NTLMSSP\x00", 8) == 0) { *mech_oid = ntlm_mechanism; return (GSS_S_COMPLETE); } else if (input->length != 0 && ((const char *)input->value)[0] == 0x6E) { /* Could be a raw AP-REQ (check for APPLICATION tag) */ *mech_oid = krb5_mechanism; return (GSS_S_COMPLETE); } else if (input->length == 0) { - /* + /* * There is the a weird mode of SPNEGO (in CIFS and * SASL GSS-SPENGO where the first token is zero * length and the acceptor returns a mech_list, lets * hope that is what is happening now. */ *mech_oid = spnego_mechanism; return (GSS_S_COMPLETE); } return (status); } OM_uint32 gss_accept_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, const gss_cred_id_t acceptor_cred_handle, const gss_buffer_t input_token, const gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, gss_OID *mech_type, gss_buffer_t output_token, OM_uint32 *ret_flags, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle) { OM_uint32 major_status, mech_ret_flags; struct _gss_mech_switch *m; struct _gss_context *ctx = (struct _gss_context *) *context_handle; struct _gss_cred *cred = (struct _gss_cred *) acceptor_cred_handle; struct _gss_mechanism_cred *mc; gss_cred_id_t acceptor_mc, delegated_mc; gss_name_t src_mn; *minor_status = 0; if (src_name) *src_name = GSS_C_NO_NAME; if (mech_type) *mech_type = GSS_C_NO_OID; if (ret_flags) *ret_flags = 0; if (time_rec) *time_rec = 0; if (delegated_cred_handle) *delegated_cred_handle = GSS_C_NO_CREDENTIAL; _gss_buffer_zero(output_token); /* * If this is the first call (*context_handle is NULL), we must * parse the input token to figure out the mechanism to use. */ if (*context_handle == GSS_C_NO_CONTEXT) { gss_OID_desc mech_oid; major_status = choose_mech(input_token, &mech_oid); if (major_status != GSS_S_COMPLETE) return (major_status); /* * Now that we have a mechanism, we can find the * implementation. */ ctx = malloc(sizeof(struct _gss_context)); if (!ctx) { *minor_status = ENOMEM; return (GSS_S_DEFECTIVE_TOKEN); } memset(ctx, 0, sizeof(struct _gss_context)); m = ctx->gc_mech = _gss_find_mech_switch(&mech_oid); if (!m) { free(ctx); return (GSS_S_BAD_MECH); } } else m = ctx->gc_mech; if (cred) { SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) if (mc->gmc_mech == m) break; if (!mc) return (GSS_S_BAD_MECH); acceptor_mc = mc->gmc_cred; } else { acceptor_mc = GSS_C_NO_CREDENTIAL; } delegated_mc = GSS_C_NO_CREDENTIAL; - + mech_ret_flags = 0; major_status = m->gm_accept_sec_context(minor_status, &ctx->gc_ctx, acceptor_mc, input_token, input_chan_bindings, &src_mn, mech_type, output_token, &mech_ret_flags, time_rec, &delegated_mc); if (major_status != GSS_S_COMPLETE && major_status != GSS_S_CONTINUE_NEEDED) { _gss_mg_error(m, major_status, *minor_status); return (major_status); } if (src_name && src_mn) { /* * Make a new name and mark it as an MN. */ struct _gss_name *name = _gss_make_name(m, src_mn); if (!name) { m->gm_release_name(minor_status, &src_mn); return (GSS_S_FAILURE); } *src_name = (gss_name_t) name; } else if (src_mn) { m->gm_release_name(minor_status, &src_mn); } if (delegated_mc == GSS_C_NO_CREDENTIAL) mech_ret_flags &= ~GSS_C_DELEG_FLAG; if (mech_ret_flags & GSS_C_DELEG_FLAG) { if (!delegated_cred_handle) { m->gm_release_cred(minor_status, &delegated_mc); mech_ret_flags &= ~GSS_C_DELEG_FLAG; } else { struct _gss_cred *dcred; struct _gss_mechanism_cred *dmc; dcred = malloc(sizeof(struct _gss_cred)); if (!dcred) { *minor_status = ENOMEM; return (GSS_S_FAILURE); } SLIST_INIT(&dcred->gc_mc); dmc = malloc(sizeof(struct _gss_mechanism_cred)); if (!dmc) { free(dcred); *minor_status = ENOMEM; return (GSS_S_FAILURE); } dmc->gmc_mech = m; dmc->gmc_mech_oid = &m->gm_mech_oid; dmc->gmc_cred = delegated_mc; SLIST_INSERT_HEAD(&dcred->gc_mc, dmc, gmc_link); *delegated_cred_handle = (gss_cred_id_t) dcred; } } if (ret_flags) *ret_flags = mech_ret_flags; *context_handle = (gss_ctx_id_t) ctx; return (major_status); } diff --git a/lib/libgssapi/gss_buffer_set.c b/lib/libgssapi/gss_buffer_set.c index fa084573f1b1..7105f33e9539 100644 --- a/lib/libgssapi/gss_buffer_set.c +++ b/lib/libgssapi/gss_buffer_set.c @@ -1,128 +1,128 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2004, PADL Software Pty Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of PADL Software nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $FreeBSD$ */ #include #include #include #include /* RCSID("$Id: gss_buffer_set.c 18885 2006-10-24 21:53:02Z lha $"); */ -OM_uint32 +OM_uint32 gss_create_empty_buffer_set(OM_uint32 * minor_status, gss_buffer_set_t *buffer_set) { gss_buffer_set_t set; set = (gss_buffer_set_desc *) malloc(sizeof(*set)); if (set == GSS_C_NO_BUFFER_SET) { *minor_status = ENOMEM; return (GSS_S_FAILURE); } set->count = 0; set->elements = NULL; *buffer_set = set; *minor_status = 0; return (GSS_S_COMPLETE); } OM_uint32 gss_add_buffer_set_member(OM_uint32 * minor_status, const gss_buffer_t member_buffer, gss_buffer_set_t *buffer_set) { gss_buffer_set_t set; gss_buffer_t p; OM_uint32 ret; if (*buffer_set == GSS_C_NO_BUFFER_SET) { ret = gss_create_empty_buffer_set(minor_status, buffer_set); if (ret) { return (ret); } } set = *buffer_set; set->elements = reallocarray(set->elements, set->count + 1, sizeof(set->elements[0])); if (set->elements == NULL) { *minor_status = ENOMEM; return (GSS_S_FAILURE); } p = &set->elements[set->count]; p->value = malloc(member_buffer->length); if (p->value == NULL) { *minor_status = ENOMEM; return (GSS_S_FAILURE); } memcpy(p->value, member_buffer->value, member_buffer->length); p->length = member_buffer->length; set->count++; *minor_status = 0; return (GSS_S_COMPLETE); } OM_uint32 gss_release_buffer_set(OM_uint32 * minor_status, gss_buffer_set_t *buffer_set) { size_t i; OM_uint32 minor; *minor_status = 0; if (*buffer_set == GSS_C_NO_BUFFER_SET) return (GSS_S_COMPLETE); for (i = 0; i < (*buffer_set)->count; i++) gss_release_buffer(&minor, &((*buffer_set)->elements[i])); free((*buffer_set)->elements); (*buffer_set)->elements = NULL; (*buffer_set)->count = 0; free(*buffer_set); *buffer_set = GSS_C_NO_BUFFER_SET; return (GSS_S_COMPLETE); } diff --git a/lib/libgssapi/gss_display_status.c b/lib/libgssapi/gss_display_status.c index 55ca83ce9aa8..e8e4058fdf9a 100644 --- a/lib/libgssapi/gss_display_status.c +++ b/lib/libgssapi/gss_display_status.c @@ -1,351 +1,351 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ /* * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* * Copyright (c) 1998 - 2005 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ #include #include #include #include #include #include #include "mech_switch.h" #include "utils.h" static const char * calling_error(OM_uint32 v) { static const char *msgs[] = { [0] = "", [1] = "A required input parameter could not be read.", [2] = "A required output parameter could not be written.", [3] = "A parameter was malformed", }; v >>= GSS_C_CALLING_ERROR_OFFSET; if (v >= nitems(msgs)) return "unknown calling error"; else return msgs[v]; } static const char * routine_error(OM_uint32 v) { static const char *msgs[] = { [0] = "Function completed successfully", [1] = "An unsupported mechanism was requested", [2] = "An invalid name was supplied", [3] = "A supplied name was of an unsupported type", [4] = "Incorrect channel bindings were supplied", [5] = "An invalid status code was supplied", [6] = "A token had an invalid MIC", [7] = ("No credentials were supplied, " "or the credentials were unavailable or inaccessible."), [8] = "No context has been established", [9] = "A token was invalid", [10] = "A credential was invalid", [11] = "The referenced credentials have expired", [12] = "The context has expired", [13] = "Miscellaneous failure (see text)", [14] = "The quality-of-protection requested could not be provide", [15] = "The operation is forbidden by local security policy", [16] = "The operation or option is not available", [17] = "The requested credential element already exists", [18] = "The provided name was not a mechanism name.", }; v >>= GSS_C_ROUTINE_ERROR_OFFSET; if (v >= nitems(msgs)) return "unknown routine error"; else return msgs[v]; } static const char * supplementary_error(OM_uint32 v) { static const char *msgs[] = { [0] = "normal completion", [1] = "continuation call to routine required", [2] = "duplicate per-message token detected", [3] = "timed-out per-message token detected", [4] = "reordered (early) per-message token detected", [5] = "skipped predecessor token(s) detected", }; v >>= GSS_C_SUPPLEMENTARY_OFFSET; if (v >= nitems(msgs)) return "unknown routine error"; else return msgs[v]; } #if defined(__NO_TLS) /* * These platforms don't support TLS on FreeBSD - threads will just * have to step on each other's error values for now. */ #define __thread #endif struct mg_thread_ctx { gss_OID mech; OM_uint32 maj_stat; OM_uint32 min_stat; gss_buffer_desc maj_error; gss_buffer_desc min_error; }; static __thread struct mg_thread_ctx last_error_context; static OM_uint32 _gss_mg_get_error(const gss_OID mech, OM_uint32 type, OM_uint32 value, gss_buffer_t string) { struct mg_thread_ctx *mg; mg = &last_error_context; if (mech != NULL && gss_oid_equal(mg->mech, mech) == 0) return (GSS_S_BAD_STATUS); switch (type) { case GSS_C_GSS_CODE: { if (value != mg->maj_stat || mg->maj_error.length == 0) break; string->value = malloc(mg->maj_error.length); string->length = mg->maj_error.length; memcpy(string->value, mg->maj_error.value, mg->maj_error.length); return (GSS_S_COMPLETE); } case GSS_C_MECH_CODE: { if (value != mg->min_stat || mg->min_error.length == 0) break; string->value = malloc(mg->min_error.length); string->length = mg->min_error.length; memcpy(string->value, mg->min_error.value, mg->min_error.length); return (GSS_S_COMPLETE); } } string->value = NULL; string->length = 0; return (GSS_S_BAD_STATUS); } void _gss_mg_error(struct _gss_mech_switch *m, OM_uint32 maj, OM_uint32 min) { OM_uint32 major_status, minor_status; OM_uint32 message_content; struct mg_thread_ctx *mg; mg = &last_error_context; gss_release_buffer(&minor_status, &mg->maj_error); gss_release_buffer(&minor_status, &mg->min_error); mg->mech = &m->gm_mech_oid; mg->maj_stat = maj; mg->min_stat = min; major_status = m->gm_display_status(&minor_status, - maj, + maj, GSS_C_GSS_CODE, &m->gm_mech_oid, &message_content, &mg->maj_error); if (GSS_ERROR(major_status)) { mg->maj_error.value = NULL; mg->maj_error.length = 0; } major_status = m->gm_display_status(&minor_status, - min, + min, GSS_C_MECH_CODE, &m->gm_mech_oid, &message_content, &mg->min_error); if (GSS_ERROR(major_status)) { mg->min_error.value = NULL; mg->min_error.length = 0; } } OM_uint32 gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value, int status_type, const gss_OID mech_type, OM_uint32 *message_content, gss_buffer_t status_string) { OM_uint32 major_status; _gss_buffer_zero(status_string); *message_content = 0; major_status = _gss_mg_get_error(mech_type, status_type, status_value, status_string); if (major_status == GSS_S_COMPLETE) { *message_content = 0; *minor_status = 0; return (GSS_S_COMPLETE); } *minor_status = 0; switch (status_type) { case GSS_C_GSS_CODE: { char *buf; if (GSS_SUPPLEMENTARY_INFO(status_value)) asprintf(&buf, "%s", supplementary_error( GSS_SUPPLEMENTARY_INFO(status_value))); else asprintf (&buf, "%s %s", calling_error(GSS_CALLING_ERROR(status_value)), routine_error(GSS_ROUTINE_ERROR(status_value))); if (buf == NULL) break; status_string->length = strlen(buf); status_string->value = buf; return (GSS_S_COMPLETE); } case GSS_C_MECH_CODE: { OM_uint32 maj_junk, min_junk; gss_buffer_desc oid; char *buf; maj_junk = gss_oid_to_str(&min_junk, mech_type, &oid); if (maj_junk != GSS_S_COMPLETE) { oid.value = strdup("unknown"); oid.length = 7; } asprintf (&buf, "unknown mech-code %lu for mech %.*s", (unsigned long)status_value, (int)oid.length, (char *)oid.value); if (maj_junk == GSS_S_COMPLETE) gss_release_buffer(&min_junk, &oid); if (buf == NULL) break; status_string->length = strlen(buf); status_string->value = buf; return (GSS_S_COMPLETE); } } _gss_buffer_zero(status_string); return (GSS_S_BAD_STATUS); } void _gss_mg_collect_error(gss_OID mech, OM_uint32 maj, OM_uint32 min) { struct _gss_mech_switch *m; m = _gss_find_mech_switch(mech); if (m != NULL) _gss_mg_error(m, maj, min); } diff --git a/lib/libgssapi/gss_duplicate_name.c b/lib/libgssapi/gss_duplicate_name.c index 02aa2ccf6f8b..579d77e3bd97 100644 --- a/lib/libgssapi/gss_duplicate_name.c +++ b/lib/libgssapi/gss_duplicate_name.c @@ -1,102 +1,102 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include #include "mech_switch.h" #include "name.h" OM_uint32 gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t src_name, gss_name_t *dest_name) { OM_uint32 major_status; struct _gss_name *name = (struct _gss_name *) src_name; struct _gss_name *new_name; struct _gss_mechanism_name *mn; *minor_status = 0; *dest_name = GSS_C_NO_NAME; /* * If this name has a value (i.e. it didn't come from * gss_canonicalize_name(), we re-import the thing. Otherwise, * we make a copy of the mechanism names. */ if (name->gn_value.value) { major_status = gss_import_name(minor_status, &name->gn_value, &name->gn_type, dest_name); if (major_status != GSS_S_COMPLETE) return (major_status); new_name = (struct _gss_name *) *dest_name; SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { struct _gss_mechanism_name *mn2; - _gss_find_mn(minor_status, new_name, + _gss_find_mn(minor_status, new_name, mn->gmn_mech_oid, &mn2); } } else { new_name = malloc(sizeof(struct _gss_name)); if (!new_name) { *minor_status = ENOMEM; return (GSS_S_FAILURE); } memset(new_name, 0, sizeof(struct _gss_name)); SLIST_INIT(&new_name->gn_mn); *dest_name = (gss_name_t) new_name; SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { struct _gss_mechanism_name *new_mn; - + new_mn = malloc(sizeof(*new_mn)); if (!new_mn) { *minor_status = ENOMEM; return (GSS_S_FAILURE); } new_mn->gmn_mech = mn->gmn_mech; new_mn->gmn_mech_oid = mn->gmn_mech_oid; - - major_status = + + major_status = mn->gmn_mech->gm_duplicate_name(minor_status, mn->gmn_name, &new_mn->gmn_name); if (major_status != GSS_S_COMPLETE) { free(new_mn); continue; } SLIST_INSERT_HEAD(&new_name->gn_mn, new_mn, gmn_link); } } return (GSS_S_COMPLETE); } diff --git a/lib/libgssapi/gss_export_sec_context.c b/lib/libgssapi/gss_export_sec_context.c index c94e81a9a844..d5963231dbfb 100644 --- a/lib/libgssapi/gss_export_sec_context.c +++ b/lib/libgssapi/gss_export_sec_context.c @@ -1,86 +1,86 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include #include "mech_switch.h" #include "context.h" #include "utils.h" OM_uint32 gss_export_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t interprocess_token) { OM_uint32 major_status; struct _gss_context *ctx = (struct _gss_context *) *context_handle; struct _gss_mech_switch *m = ctx->gc_mech; gss_buffer_desc buf; _gss_buffer_zero(interprocess_token); major_status = m->gm_export_sec_context(minor_status, &ctx->gc_ctx, &buf); - + if (major_status == GSS_S_COMPLETE) { unsigned char *p; free(ctx); *context_handle = GSS_C_NO_CONTEXT; interprocess_token->length = buf.length + 2 + m->gm_mech_oid.length; interprocess_token->value = malloc(interprocess_token->length); if (!interprocess_token->value) { /* * We are in trouble here - the context is * already gone. This is allowed as long as we * set the caller's context_handle to * GSS_C_NO_CONTEXT, which we did above. * Return GSS_S_FAILURE. */ _gss_buffer_zero(interprocess_token); *minor_status = ENOMEM; return (GSS_S_FAILURE); } p = interprocess_token->value; p[0] = m->gm_mech_oid.length >> 8; p[1] = m->gm_mech_oid.length; memcpy(p + 2, m->gm_mech_oid.elements, m->gm_mech_oid.length); memcpy(p + 2 + m->gm_mech_oid.length, buf.value, buf.length); gss_release_buffer(minor_status, &buf); } else { _gss_mg_error(m, major_status, *minor_status); } return (major_status); } diff --git a/lib/libgssapi/gss_import_sec_context.c b/lib/libgssapi/gss_import_sec_context.c index f3c59b0e877b..ad11a0b4dac5 100644 --- a/lib/libgssapi/gss_import_sec_context.c +++ b/lib/libgssapi/gss_import_sec_context.c @@ -1,89 +1,89 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include "mech_switch.h" #include "context.h" OM_uint32 gss_import_sec_context(OM_uint32 *minor_status, const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle) { OM_uint32 major_status; struct _gss_mech_switch *m; struct _gss_context *ctx; gss_OID_desc mech_oid; gss_buffer_desc buf; unsigned char *p; size_t len; *minor_status = 0; *context_handle = GSS_C_NO_CONTEXT; /* * We added an oid to the front of the token in * gss_export_sec_context. */ p = interprocess_token->value; len = interprocess_token->length; if (len < 2) return (GSS_S_DEFECTIVE_TOKEN); mech_oid.length = (p[0] << 8) | p[1]; if (len < mech_oid.length + 2) return (GSS_S_DEFECTIVE_TOKEN); mech_oid.elements = p + 2; buf.length = len - 2 - mech_oid.length; buf.value = p + 2 + mech_oid.length; - + m = _gss_find_mech_switch(&mech_oid); if (!m) return (GSS_S_DEFECTIVE_TOKEN); ctx = malloc(sizeof(struct _gss_context)); if (!ctx) { *minor_status = ENOMEM; return (GSS_S_FAILURE); } ctx->gc_mech = m; major_status = m->gm_import_sec_context(minor_status, &buf, &ctx->gc_ctx); if (major_status != GSS_S_COMPLETE) { _gss_mg_error(m, major_status, *minor_status); free(ctx); } else { *context_handle = (gss_ctx_id_t) ctx; } return (major_status); } diff --git a/lib/libgssapi/gss_indicate_mechs.c b/lib/libgssapi/gss_indicate_mechs.c index aab3ff4e32ce..ac5b77ee3bfd 100644 --- a/lib/libgssapi/gss_indicate_mechs.c +++ b/lib/libgssapi/gss_indicate_mechs.c @@ -1,73 +1,73 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include "mech_switch.h" OM_uint32 gss_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set) { struct _gss_mech_switch *m; OM_uint32 major_status; gss_OID_set set; size_t i; _gss_load_mech(); major_status = gss_create_empty_oid_set(minor_status, mech_set); if (major_status) return (major_status); - + SLIST_FOREACH(m, &_gss_mechs, gm_link) { if (m->gm_indicate_mechs) { major_status = m->gm_indicate_mechs(minor_status, &set); if (major_status) continue; if (set == GSS_C_NO_OID_SET) { major_status = gss_add_oid_set_member( minor_status, &m->gm_mech_oid, mech_set); continue; } for (i = 0; i < set->count; i++) major_status = gss_add_oid_set_member(minor_status, &set->elements[i], mech_set); gss_release_oid_set(minor_status, &set); } else { major_status = gss_add_oid_set_member( minor_status, &m->gm_mech_oid, mech_set); } } *minor_status = 0; return (GSS_S_COMPLETE); } diff --git a/lib/libgssapi/gss_inquire_cred_by_oid.c b/lib/libgssapi/gss_inquire_cred_by_oid.c index f564f3636338..b3df65297446 100644 --- a/lib/libgssapi/gss_inquire_cred_by_oid.c +++ b/lib/libgssapi/gss_inquire_cred_by_oid.c @@ -1,95 +1,95 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2004, PADL Software Pty Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of PADL Software nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $FreeBSD$ */ #include #include "mech_switch.h" #include "cred.h" #include "name.h" /* RCSID("$Id: gss_inquire_cred_by_oid.c 19960 2007-01-17 15:09:24Z lha $"); */ OM_uint32 gss_inquire_cred_by_oid (OM_uint32 *minor_status, const gss_cred_id_t cred_handle, const gss_OID desired_object, gss_buffer_set_t *data_set) { struct _gss_cred *cred = (struct _gss_cred *) cred_handle; OM_uint32 status = GSS_S_COMPLETE; struct _gss_mechanism_cred *mc; struct _gss_mech_switch *m; gss_buffer_set_t set = GSS_C_NO_BUFFER_SET; *minor_status = 0; *data_set = GSS_C_NO_BUFFER_SET; if (cred == NULL) return GSS_S_NO_CRED; SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET; size_t i; m = mc->gmc_mech; if (m == NULL) { gss_release_buffer_set(minor_status, &set); *minor_status = 0; return GSS_S_BAD_MECH; } if (m->gm_inquire_cred_by_oid == NULL) continue; status = m->gm_inquire_cred_by_oid(minor_status, mc->gmc_cred, desired_object, &rset); if (status != GSS_S_COMPLETE) continue; - for (i = 0; i < rset->count; i++) { + for (i = 0; i < rset->count; i++) { status = gss_add_buffer_set_member(minor_status, &rset->elements[i], &set); if (status != GSS_S_COMPLETE) break; } gss_release_buffer_set(minor_status, &rset); } if (set == GSS_C_NO_BUFFER_SET) status = GSS_S_FAILURE; *data_set = set; *minor_status = 0; return status; } diff --git a/lib/libgssapi/gss_inquire_mechs_for_name.c b/lib/libgssapi/gss_inquire_mechs_for_name.c index d171ef2b5bd8..1ff1c30cf249 100644 --- a/lib/libgssapi/gss_inquire_mechs_for_name.c +++ b/lib/libgssapi/gss_inquire_mechs_for_name.c @@ -1,81 +1,81 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include "mech_switch.h" #include "name.h" OM_uint32 gss_inquire_mechs_for_name(OM_uint32 *minor_status, const gss_name_t input_name, gss_OID_set *mech_types) { OM_uint32 major_status; struct _gss_name *name = (struct _gss_name *) input_name; struct _gss_mech_switch *m; gss_OID_set name_types; int present; *minor_status = 0; _gss_load_mech(); major_status = gss_create_empty_oid_set(minor_status, mech_types); if (major_status) return (major_status); - + /* * We go through all the loaded mechanisms and see if this * name's type is supported by the mechanism. If it is, add * the mechanism to the set. */ SLIST_FOREACH(m, &_gss_mechs, gm_link) { major_status = gss_inquire_names_for_mech(minor_status, &m->gm_mech_oid, &name_types); if (major_status) { gss_release_oid_set(minor_status, mech_types); return (major_status); } gss_test_oid_set_member(minor_status, &name->gn_type, name_types, &present); gss_release_oid_set(minor_status, &name_types); if (present) { major_status = gss_add_oid_set_member(minor_status, &m->gm_mech_oid, mech_types); if (major_status) { gss_release_oid_set(minor_status, mech_types); return (major_status); } } } return (GSS_S_COMPLETE); } diff --git a/lib/libgssapi/gss_mech_switch.c b/lib/libgssapi/gss_mech_switch.c index 4ef6e50182ca..56a23b372759 100644 --- a/lib/libgssapi/gss_mech_switch.c +++ b/lib/libgssapi/gss_mech_switch.c @@ -1,316 +1,316 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include #include #include #include #include "mech_switch.h" #include "utils.h" #ifndef _PATH_GSS_MECH #define _PATH_GSS_MECH "/etc/gss/mech" #endif struct _gss_mech_switch_list _gss_mechs = SLIST_HEAD_INITIALIZER(_gss_mechs); gss_OID_set _gss_mech_oids; /* * Convert a string containing an OID in 'dot' form * (e.g. 1.2.840.113554.1.2.2) to a gss_OID. */ static int _gss_string_to_oid(const char* s, gss_OID oid) { int number_count, i, j; int byte_count; const char *p, *q; char *res; oid->length = 0; oid->elements = NULL; /* * First figure out how many numbers in the oid, then * calculate the compiled oid size. */ number_count = 0; for (p = s; p; p = q) { q = strchr(p, '.'); if (q) q = q + 1; number_count++; } - + /* * The first two numbers are in the first byte and each * subsequent number is encoded in a variable byte sequence. */ if (number_count < 2) return (EINVAL); /* * We do this in two passes. The first pass, we just figure * out the size. Second time around, we actually encode the * number. */ res = NULL; for (i = 0; i < 2; i++) { byte_count = 0; for (p = s, j = 0; p; p = q, j++) { unsigned int number = 0; /* * Find the end of this number. */ q = strchr(p, '.'); if (q) q = q + 1; /* * Read the number of of the string. Don't * bother with anything except base ten. */ while (*p && *p != '.') { number = 10 * number + (*p - '0'); p++; } /* * Encode the number. The first two numbers * are packed into the first byte. Subsequent * numbers are encoded in bytes seven bits at * a time with the last byte having the high * bit set. */ if (j == 0) { if (res) *res = number * 40; } else if (j == 1) { if (res) { *res += number; res++; } byte_count++; } else if (j >= 2) { /* * The number is encoded in seven bit chunks. */ unsigned int t; int bytes; bytes = 0; for (t = number; t; t >>= 7) bytes++; if (bytes == 0) bytes = 1; while (bytes) { if (res) { int bit = 7*(bytes-1); - + *res = (number >> bit) & 0x7f; if (bytes != 1) *res |= 0x80; res++; } byte_count++; bytes--; } } } if (!res) { res = malloc(byte_count); if (!res) return (ENOMEM); oid->length = byte_count; oid->elements = res; } } return (0); } #define SYM(name) \ do { \ snprintf(buf, sizeof(buf), "%s_%s", \ m->gm_name_prefix, #name); \ m->gm_ ## name = dlsym(so, buf); \ if (!m->gm_ ## name) { \ fprintf(stderr, "can't find symbol %s\n", buf); \ goto bad; \ } \ } while (0) #define OPTSYM(name) \ do { \ snprintf(buf, sizeof(buf), "%s_%s", \ m->gm_name_prefix, #name); \ m->gm_ ## name = dlsym(so, buf); \ } while (0) /* * Load the mechanisms file (/etc/gss/mech). */ void _gss_load_mech(void) { OM_uint32 major_status, minor_status; FILE *fp; char buf[256]; char *p; char *name, *oid, *lib, *kobj; struct _gss_mech_switch *m; int count; void *so; const char *(*prefix_fn)(void); if (SLIST_FIRST(&_gss_mechs)) return; major_status = gss_create_empty_oid_set(&minor_status, &_gss_mech_oids); if (major_status) return; fp = fopen(_PATH_GSS_MECH, "r"); if (!fp) { perror(_PATH_GSS_MECH); return; } count = 0; while (fgets(buf, sizeof(buf), fp)) { if (*buf == '#') continue; p = buf; name = strsep(&p, "\t\n "); if (p) while (isspace(*p)) p++; oid = strsep(&p, "\t\n "); if (p) while (isspace(*p)) p++; lib = strsep(&p, "\t\n "); if (p) while (isspace(*p)) p++; kobj = strsep(&p, "\t\n "); if (!name || !oid || !lib || !kobj) continue; so = dlopen(lib, RTLD_LOCAL); if (!so) { fprintf(stderr, "dlopen: %s\n", dlerror()); continue; } m = malloc(sizeof(struct _gss_mech_switch)); if (!m) break; m->gm_so = so; if (_gss_string_to_oid(oid, &m->gm_mech_oid)) { free(m); continue; } - + prefix_fn = (const char *(*)(void)) dlsym(so, "_gss_name_prefix"); if (prefix_fn) m->gm_name_prefix = prefix_fn(); else m->gm_name_prefix = "gss"; major_status = gss_add_oid_set_member(&minor_status, &m->gm_mech_oid, &_gss_mech_oids); if (major_status) { free(m->gm_mech_oid.elements); free(m); continue; } SYM(acquire_cred); SYM(release_cred); SYM(init_sec_context); SYM(accept_sec_context); SYM(process_context_token); SYM(delete_sec_context); SYM(context_time); SYM(get_mic); SYM(verify_mic); SYM(wrap); SYM(unwrap); SYM(display_status); OPTSYM(indicate_mechs); SYM(compare_name); SYM(display_name); SYM(import_name); SYM(export_name); SYM(release_name); SYM(inquire_cred); SYM(inquire_context); SYM(wrap_size_limit); SYM(add_cred); SYM(inquire_cred_by_mech); SYM(export_sec_context); SYM(import_sec_context); SYM(inquire_names_for_mech); SYM(inquire_mechs_for_name); SYM(canonicalize_name); SYM(duplicate_name); OPTSYM(inquire_sec_context_by_oid); OPTSYM(inquire_cred_by_oid); OPTSYM(set_sec_context_option); OPTSYM(set_cred_option); OPTSYM(pseudo_random); OPTSYM(pname_to_uid); SLIST_INSERT_HEAD(&_gss_mechs, m, gm_link); count++; continue; bad: free(m->gm_mech_oid.elements); free(m); dlclose(so); continue; } fclose(fp); } struct _gss_mech_switch * _gss_find_mech_switch(gss_OID mech) { struct _gss_mech_switch *m; _gss_load_mech(); SLIST_FOREACH(m, &_gss_mechs, gm_link) { if (gss_oid_equal(&m->gm_mech_oid, mech)) return m; } return (0); } diff --git a/lib/libgssapi/gss_names.c b/lib/libgssapi/gss_names.c index be004985af1f..075556451dc5 100644 --- a/lib/libgssapi/gss_names.c +++ b/lib/libgssapi/gss_names.c @@ -1,262 +1,262 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include #include #include #include #include "mech_switch.h" #include "name.h" #include "utils.h" /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" * "\x01\x02\x01\x01"}, * corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant * GSS_C_NT_USER_NAME should be initialized to point * to that gss_OID_desc. */ static gss_OID_desc GSS_C_NT_USER_NAME_storage = {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01")}; gss_OID GSS_C_NT_USER_NAME = &GSS_C_NT_USER_NAME_storage; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" * "\x01\x02\x01\x02"}, * corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. * The constant GSS_C_NT_MACHINE_UID_NAME should be * initialized to point to that gss_OID_desc. */ static gss_OID_desc GSS_C_NT_MACHINE_UID_NAME_storage = {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02")}; gss_OID GSS_C_NT_MACHINE_UID_NAME = &GSS_C_NT_MACHINE_UID_NAME_storage; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" * "\x01\x02\x01\x03"}, * corresponding to an object-identifier value of * {iso(1) member-body(2) United States(840) mit(113554) * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. * The constant GSS_C_NT_STRING_UID_NAME should be * initialized to point to that gss_OID_desc. */ static gss_OID_desc GSS_C_NT_STRING_UID_NAME_storage = {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03")}; gss_OID GSS_C_NT_STRING_UID_NAME = &GSS_C_NT_STRING_UID_NAME_storage; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {6, (void *)"\x2b\x06\x01\x05\x06\x02"}, * corresponding to an object-identifier value of * {iso(1) org(3) dod(6) internet(1) security(5) * nametypes(6) gss-host-based-services(2)). The constant * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point * to that gss_OID_desc. This is a deprecated OID value, and * implementations wishing to support hostbased-service names * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID, * defined below, to identify such names; * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input * parameter, but should not be emitted by GSS-API * implementations */ static gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_X_storage = {6, __DECONST(void *, "\x2b\x06\x01\x05\x06\x02")}; gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = &GSS_C_NT_HOSTBASED_SERVICE_X_storage; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {10, (void *)"\x2a\x86\x48\x86\xf7\x12" * "\x01\x02\x01\x04"}, corresponding to an * object-identifier value of {iso(1) member-body(2) * Unites States(840) mit(113554) infosys(1) gssapi(2) * generic(1) service_name(4)}. The constant * GSS_C_NT_HOSTBASED_SERVICE should be initialized * to point to that gss_OID_desc. */ static gss_OID_desc GSS_C_NT_HOSTBASED_SERVICE_storage = {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")}; gss_OID GSS_C_NT_HOSTBASED_SERVICE = &GSS_C_NT_HOSTBASED_SERVICE_storage; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {6, (void *)"\x2b\x06\01\x05\x06\x03"}, * corresponding to an object identifier value of * {1(iso), 3(org), 6(dod), 1(internet), 5(security), * 6(nametypes), 3(gss-anonymous-name)}. The constant * and GSS_C_NT_ANONYMOUS should be initialized to point * to that gss_OID_desc. */ static gss_OID_desc GSS_C_NT_ANONYMOUS_storage = {6, __DECONST(void *, "\x2b\x06\01\x05\x06\x03")}; gss_OID GSS_C_NT_ANONYMOUS = &GSS_C_NT_ANONYMOUS_storage; /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value * {6, (void *)"\x2b\x06\x01\x05\x06\x04"}, * corresponding to an object-identifier value of * {1(iso), 3(org), 6(dod), 1(internet), 5(security), * 6(nametypes), 4(gss-api-exported-name)}. The constant * GSS_C_NT_EXPORT_NAME should be initialized to point * to that gss_OID_desc. */ static gss_OID_desc GSS_C_NT_EXPORT_NAME_storage = {6, __DECONST(void *, "\x2b\x06\x01\x05\x06\x04")}; gss_OID GSS_C_NT_EXPORT_NAME = &GSS_C_NT_EXPORT_NAME_storage; /* * This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * krb5(2) krb5_name(1)}. The recommended symbolic name for this type * is "GSS_KRB5_NT_PRINCIPAL_NAME". */ static gss_OID_desc GSS_KRB5_NT_PRINCIPAL_NAME_storage = {10, __DECONST(void *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01")}; gss_OID GSS_KRB5_NT_PRINCIPAL_NAME = &GSS_KRB5_NT_PRINCIPAL_NAME_storage; /* * This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) user_name(1)}. The recommended symbolic name for this * type is "GSS_KRB5_NT_USER_NAME". */ gss_OID GSS_KRB5_NT_USER_NAME = &GSS_C_NT_USER_NAME_storage; /* * This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) machine_uid_name(2)}. The recommended symbolic name for * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */ gss_OID GSS_KRB5_NT_MACHINE_UID_NAME = &GSS_C_NT_MACHINE_UID_NAME_storage; /* * This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) string_uid_name(3)}. The recommended symbolic name for * this type is "GSS_KRB5_NT_STRING_UID_NAME". */ gss_OID GSS_KRB5_NT_STRING_UID_NAME = &GSS_C_NT_STRING_UID_NAME_storage; OM_uint32 -_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech, +_gss_find_mn(OM_uint32 *minor_status, struct _gss_name *name, gss_OID mech, struct _gss_mechanism_name **output_mn) { OM_uint32 major_status; struct _gss_mech_switch *m; struct _gss_mechanism_name *mn; *output_mn = NULL; SLIST_FOREACH(mn, &name->gn_mn, gmn_link) { if (gss_oid_equal(mech, mn->gmn_mech_oid)) break; } if (!mn) { /* * If this name is canonical (i.e. there is only an * MN but it is from a different mech), give up now. */ if (!name->gn_value.value) return (GSS_S_BAD_NAME); m = _gss_find_mech_switch(mech); if (!m) return (GSS_S_BAD_MECH); mn = malloc(sizeof(struct _gss_mechanism_name)); if (!mn) return (GSS_S_FAILURE); - + major_status = m->gm_import_name(minor_status, &name->gn_value, (name->gn_type.elements ? &name->gn_type : GSS_C_NO_OID), &mn->gmn_name); if (major_status != GSS_S_COMPLETE) { _gss_mg_error(m, major_status, *minor_status); free(mn); return (major_status); } mn->gmn_mech = m; mn->gmn_mech_oid = &m->gm_mech_oid; SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); } *output_mn = mn; return (GSS_S_COMPLETE); } /* * Make a name from an MN. */ struct _gss_name * _gss_make_name(struct _gss_mech_switch *m, gss_name_t new_mn) { struct _gss_name *name; struct _gss_mechanism_name *mn; name = malloc(sizeof(struct _gss_name)); if (!name) return (0); memset(name, 0, sizeof(struct _gss_name)); mn = malloc(sizeof(struct _gss_mechanism_name)); if (!mn) { free(name); return (0); } SLIST_INIT(&name->gn_mn); mn->gmn_mech = m; mn->gmn_mech_oid = &m->gm_mech_oid; mn->gmn_name = new_mn; SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link); return (name); } diff --git a/lib/libgssapi/gss_pname_to_uid.c b/lib/libgssapi/gss_pname_to_uid.c index 9ee23a17c345..ec2a3bd91e54 100644 --- a/lib/libgssapi/gss_pname_to_uid.c +++ b/lib/libgssapi/gss_pname_to_uid.c @@ -1,71 +1,71 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2008 Isilon Inc http://www.isilon.com/ * Authors: Doug Rabson * Developed with Red Inc: Alfred Perlstein * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $FreeBSD$ */ #include #include #include "mech_switch.h" #include "name.h" #include "utils.h" OM_uint32 gss_pname_to_uid(OM_uint32 *minor_status, const gss_name_t pname, const gss_OID mech, uid_t *uidp) { struct _gss_name *name = (struct _gss_name *) pname; struct _gss_mech_switch *m; struct _gss_mechanism_name *mn; OM_uint32 major_status; *minor_status = 0; if (pname == GSS_C_NO_NAME) return (GSS_S_BAD_NAME); m = _gss_find_mech_switch(mech); if (!m) return (GSS_S_BAD_MECH); if (m->gm_pname_to_uid == NULL) return (GSS_S_UNAVAILABLE); - + major_status = _gss_find_mn(minor_status, name, mech, &mn); if (major_status != GSS_S_COMPLETE) { _gss_mg_error(m, major_status, *minor_status); return (major_status); } major_status = (*m->gm_pname_to_uid)(minor_status, mn->gmn_name, mech, uidp); if (major_status != GSS_S_COMPLETE) _gss_mg_error(m, major_status, *minor_status); return (major_status); } diff --git a/lib/libgssapi/gss_pseudo_random.c b/lib/libgssapi/gss_pseudo_random.c index 423da4f57e08..55c7d4905012 100644 --- a/lib/libgssapi/gss_pseudo_random.c +++ b/lib/libgssapi/gss_pseudo_random.c @@ -1,75 +1,75 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2007 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $FreeBSD$ */ /* $Id: gss_pseudo_random.c 20053 2007-01-24 01:31:35Z lha $ */ #include #include "mech_switch.h" #include "context.h" #include "utils.h" OM_uint32 gss_pseudo_random(OM_uint32 *minor_status, gss_ctx_id_t context, int prf_key, const gss_buffer_t prf_in, ssize_t desired_output_len, gss_buffer_t prf_out) { struct _gss_context *ctx = (struct _gss_context *) context; struct _gss_mech_switch *m; OM_uint32 major_status; _gss_buffer_zero(prf_out); *minor_status = 0; if (ctx == NULL) { *minor_status = 0; return GSS_S_NO_CONTEXT; } m = ctx->gc_mech; if (m->gm_pseudo_random == NULL) return GSS_S_UNAVAILABLE; - + major_status = (*m->gm_pseudo_random)(minor_status, ctx->gc_ctx, prf_key, prf_in, desired_output_len, prf_out); if (major_status != GSS_S_COMPLETE) _gss_mg_error(m, major_status, *minor_status); return major_status; } diff --git a/lib/libgssapi/gss_release_oid.c b/lib/libgssapi/gss_release_oid.c index 19e3b262456c..41b44d2e6f4f 100644 --- a/lib/libgssapi/gss_release_oid.c +++ b/lib/libgssapi/gss_release_oid.c @@ -1,63 +1,63 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2006 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* $FreeBSD$ */ #include #include /* RCSID("$Id: gss_release_oid.c 17747 2006-06-30 09:34:54Z lha $"); */ OM_uint32 gss_release_oid(OM_uint32 *minor_status, gss_OID *oid) { gss_OID o = *oid; *oid = GSS_C_NO_OID; if (minor_status != NULL) *minor_status = 0; if (o == GSS_C_NO_OID) return (GSS_S_COMPLETE); if (o->elements != NULL) { free(o->elements); o->elements = NULL; } o->length = 0; free(o); return (GSS_S_COMPLETE); } diff --git a/lib/libgssapi/gss_set_cred_option.c b/lib/libgssapi/gss_set_cred_option.c index e645e7799d1e..afb160c92c86 100644 --- a/lib/libgssapi/gss_set_cred_option.c +++ b/lib/libgssapi/gss_set_cred_option.c @@ -1,127 +1,127 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2004, PADL Software Pty Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of PADL Software nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* $FreeBSD$ */ /* RCSID("$Id: gss_set_cred_option.c 21126 2007-06-18 20:19:59Z lha $"); */ #include #include #include #include "mech_switch.h" #include "cred.h" OM_uint32 gss_set_cred_option (OM_uint32 *minor_status, gss_cred_id_t *cred_handle, const gss_OID object, const gss_buffer_t value) { struct _gss_cred *cred = (struct _gss_cred *) *cred_handle; OM_uint32 major_status = GSS_S_COMPLETE; struct _gss_mechanism_cred *mc; int one_ok = 0; *minor_status = 0; _gss_load_mech(); if (cred == NULL) { struct _gss_mech_switch *m; cred = malloc(sizeof(*cred)); if (cred == NULL) return GSS_S_FAILURE; SLIST_INIT(&cred->gc_mc); SLIST_FOREACH(m, &_gss_mechs, gm_link) { if (m->gm_set_cred_option == NULL) continue; mc = malloc(sizeof(*mc)); if (mc == NULL) { *cred_handle = (gss_cred_id_t)cred; gss_release_cred(minor_status, cred_handle); *minor_status = ENOMEM; return GSS_S_FAILURE; } mc->gmc_mech = m; mc->gmc_mech_oid = &m->gm_mech_oid; mc->gmc_cred = GSS_C_NO_CREDENTIAL; major_status = m->gm_set_cred_option( minor_status, &mc->gmc_cred, object, value); if (major_status) { free(mc); continue; } one_ok = 1; SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); } *cred_handle = (gss_cred_id_t)cred; if (!one_ok) { OM_uint32 junk; gss_release_cred(&junk, cred_handle); } } else { struct _gss_mech_switch *m; SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { m = mc->gmc_mech; - + if (m == NULL) return GSS_S_BAD_MECH; - + if (m->gm_set_cred_option == NULL) continue; - + major_status = m->gm_set_cred_option(minor_status, &mc->gmc_cred, object, value); if (major_status == GSS_S_COMPLETE) one_ok = 1; else _gss_mg_error(m, major_status, *minor_status); } } if (one_ok) { *minor_status = 0; return (GSS_S_COMPLETE); } return (major_status); } diff --git a/lib/libgssapi/name.h b/lib/libgssapi/name.h index 8702fd88df67..803d915a521e 100644 --- a/lib/libgssapi/name.h +++ b/lib/libgssapi/name.h @@ -1,51 +1,51 @@ /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 2005 Doug Rabson * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #include struct _gss_mechanism_name { SLIST_ENTRY(_gss_mechanism_name) gmn_link; struct _gss_mech_switch *gmn_mech; /* mechanism ops for MN */ gss_OID gmn_mech_oid; /* mechanism oid for MN */ gss_name_t gmn_name; /* underlying MN */ }; SLIST_HEAD(_gss_mechanism_name_list, _gss_mechanism_name); struct _gss_name { gss_OID_desc gn_type; /* type of name */ gss_buffer_desc gn_value; /* value (as imported) */ struct _gss_mechanism_name_list gn_mn; /* list of MNs */ }; extern OM_uint32 - _gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID, + _gss_find_mn(OM_uint32 *, struct _gss_name *, gss_OID, struct _gss_mechanism_name **); extern struct _gss_name * _gss_make_name(struct _gss_mech_switch *m, gss_name_t new_mn);