2 * Copyright (c) 2019-2020, AuriStor, Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * - Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * - Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
20 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
28 * OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include "sanon_locl.h"
35 is_anonymous_identity_p(gss_buffer_t name_string, gss_OID name_type)
37 if (gss_oid_equal(name_type, GSS_C_NT_ANONYMOUS))
39 else if ((gss_oid_equal(name_type, GSS_C_NT_USER_NAME) ||
40 gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) &&
41 buffer_equal_p(name_string, _gss_sanon_wellknown_user_name))
43 else if (gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE) &&
44 buffer_equal_p(name_string, _gss_sanon_wellknown_service_name))
50 static krb5_error_code
51 storage_ret_der_oid(krb5_storage *sp, gss_OID_desc *oid)
60 ret = krb5_ret_uint16(sp, &der_oid_len);
64 ret = krb5_ret_uint8(sp, &tag);
68 ret = krb5_ret_uint8(sp, &oid_len);
72 if (der_oid_len != 2 + oid_len)
75 oid->elements = malloc(oid_len);
76 if (oid->elements == NULL)
79 if (krb5_storage_read(sp, oid->elements, oid_len) != oid_len) {
86 oid->length = oid_len;
92 import_export_name(OM_uint32 *minor,
93 const gss_buffer_t input_name_buffer,
94 gss_name_t *output_name)
99 uint32_t name_len = 0;
101 gss_OID_desc oid_buf = { 0, NULL };
102 uint8_t is_anonymous;
104 sp = krb5_storage_from_readonly_mem(input_name_buffer->value,
105 input_name_buffer->length);
108 return GSS_S_FAILURE;
111 krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE);
113 major = GSS_S_BAD_NAME;
116 ret = krb5_ret_uint16(sp, &tok_id);
117 if (ret == 0 && tok_id != 0x0401)
120 ret = storage_ret_der_oid(sp, &oid_buf);
122 if (!gss_oid_equal(&oid_buf, GSS_SANON_X25519_MECHANISM))
124 free(oid_buf.elements);
127 ret = krb5_ret_uint32(sp, &name_len);
130 ret = krb5_ret_uint8(sp, &is_anonymous);
132 if (is_anonymous == 1) {
133 *output_name = _gss_sanon_anonymous_identity;
134 major = GSS_S_COMPLETE;
136 major = GSS_S_BAD_NAME;
140 krb5_storage_free(sp);
148 OM_uint32 GSSAPI_CALLCONV
149 _gss_sanon_import_name(OM_uint32 *minor,
150 const gss_buffer_t input_name_buffer,
151 const gss_OID input_name_type,
152 gss_name_t *output_name)
154 heim_assert(input_name_type != GSS_C_NO_OID,
155 "Mechglue passed null OID to _gss_sanon_import_name");
157 if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME))
158 return import_export_name(minor, input_name_buffer, output_name);
162 is_anonymous_identity_p(input_name_buffer, input_name_type) ?
163 _gss_sanon_anonymous_identity : _gss_sanon_non_anonymous_identity;
165 return GSS_S_COMPLETE;