2 * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5/gsskrb5_locl.h"
35 #include <gssapi_mech.h>
40 * The implementation must reserve static storage for a
41 * gss_OID_desc object containing the value
42 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
43 * "\x01\x02\x01\x01"},
44 * corresponding to an object-identifier value of
45 * {iso(1) member-body(2) United States(840) mit(113554)
46 * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant
47 * GSS_C_NT_USER_NAME should be initialized to point
48 * to that gss_OID_desc.
51 static gss_OID_desc gss_c_nt_user_name_oid_desc =
52 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x01")};
54 gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_USER_NAME =
55 &gss_c_nt_user_name_oid_desc;
58 * The implementation must reserve static storage for a
59 * gss_OID_desc object containing the value
60 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
61 * "\x01\x02\x01\x02"},
62 * corresponding to an object-identifier value of
63 * {iso(1) member-body(2) United States(840) mit(113554)
64 * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}.
65 * The constant GSS_C_NT_MACHINE_UID_NAME should be
66 * initialized to point to that gss_OID_desc.
69 static gss_OID_desc gss_c_nt_machine_uid_name_oid_desc =
70 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x02")};
72 gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_MACHINE_UID_NAME =
73 &gss_c_nt_machine_uid_name_oid_desc;
76 * The implementation must reserve static storage for a
77 * gss_OID_desc object containing the value
78 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
79 * "\x01\x02\x01\x03"},
80 * corresponding to an object-identifier value of
81 * {iso(1) member-body(2) United States(840) mit(113554)
82 * infosys(1) gssapi(2) generic(1) string_uid_name(3)}.
83 * The constant GSS_C_NT_STRING_UID_NAME should be
84 * initialized to point to that gss_OID_desc.
87 static gss_OID_desc gss_c_nt_string_uid_name_oid_desc =
88 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x03")};
90 gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_STRING_UID_NAME =
91 &gss_c_nt_string_uid_name_oid_desc;
94 * The implementation must reserve static storage for a
95 * gss_OID_desc object containing the value
96 * {6, (void *)"\x2b\x06\x01\x05\x06\x02"},
97 * corresponding to an object-identifier value of
98 * {iso(1) org(3) dod(6) internet(1) security(5)
99 * nametypes(6) gss-host-based-services(2)). The constant
100 * GSS_C_NT_HOSTBASED_SERVICE_X should be initialized to point
101 * to that gss_OID_desc. This is a deprecated OID value, and
102 * implementations wishing to support hostbased-service names
103 * should instead use the GSS_C_NT_HOSTBASED_SERVICE OID,
104 * defined below, to identify such names;
105 * GSS_C_NT_HOSTBASED_SERVICE_X should be accepted a synonym
106 * for GSS_C_NT_HOSTBASED_SERVICE when presented as an input
107 * parameter, but should not be emitted by GSS-API
111 static gss_OID_desc gss_c_nt_hostbased_service_x_oid_desc =
112 {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x02")};
114 gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE_X =
115 &gss_c_nt_hostbased_service_x_oid_desc;
118 * The implementation must reserve static storage for a
119 * gss_OID_desc object containing the value
120 * {10, (void *)"\x2a\x86\x48\x86\xf7\x12"
121 * "\x01\x02\x01\x04"}, corresponding to an
122 * object-identifier value of {iso(1) member-body(2)
123 * Unites States(840) mit(113554) infosys(1) gssapi(2)
124 * generic(1) service_name(4)}. The constant
125 * GSS_C_NT_HOSTBASED_SERVICE should be initialized
126 * to point to that gss_OID_desc.
128 static gss_OID_desc gss_c_nt_hostbased_service_oid_desc =
129 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12" "\x01\x02\x01\x04")};
131 gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_HOSTBASED_SERVICE =
132 &gss_c_nt_hostbased_service_oid_desc;
135 * The implementation must reserve static storage for a
136 * gss_OID_desc object containing the value
137 * {6, (void *)"\x2b\x06\01\x05\x06\x03"},
138 * corresponding to an object identifier value of
139 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
140 * 6(nametypes), 3(gss-anonymous-name)}. The constant
141 * and GSS_C_NT_ANONYMOUS should be initialized to point
142 * to that gss_OID_desc.
145 static gss_OID_desc gss_c_nt_anonymous_oid_desc =
146 {6, rk_UNCONST("\x2b\x06\01\x05\x06\x03")};
148 gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_ANONYMOUS =
149 &gss_c_nt_anonymous_oid_desc;
152 * The implementation must reserve static storage for a
153 * gss_OID_desc object containing the value
154 * {6, (void *)"\x2b\x06\x01\x05\x06\x04"},
155 * corresponding to an object-identifier value of
156 * {1(iso), 3(org), 6(dod), 1(internet), 5(security),
157 * 6(nametypes), 4(gss-api-exported-name)}. The constant
158 * GSS_C_NT_EXPORT_NAME should be initialized to point
159 * to that gss_OID_desc.
162 static gss_OID_desc gss_c_nt_export_name_oid_desc =
163 {6, rk_UNCONST("\x2b\x06\x01\x05\x06\x04") };
165 gss_OID GSSAPI_LIB_VARIABLE GSS_C_NT_EXPORT_NAME =
166 &gss_c_nt_export_name_oid_desc;
169 * This name form shall be represented by the Object Identifier {iso(1)
170 * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
171 * krb5(2) krb5_name(1)}. The recommended symbolic name for this type
172 * is "GSS_KRB5_NT_PRINCIPAL_NAME".
175 static gss_OID_desc gss_krb5_nt_principal_name_oid_desc =
176 {10, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01") };
178 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_PRINCIPAL_NAME =
179 &gss_krb5_nt_principal_name_oid_desc;
182 * This name form shall be represented by the Object Identifier {iso(1)
183 * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
184 * generic(1) user_name(1)}. The recommended symbolic name for this
185 * type is "GSS_KRB5_NT_USER_NAME".
188 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_USER_NAME =
189 &gss_c_nt_user_name_oid_desc;
192 * This name form shall be represented by the Object Identifier {iso(1)
193 * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
194 * generic(1) machine_uid_name(2)}. The recommended symbolic name for
195 * this type is "GSS_KRB5_NT_MACHINE_UID_NAME".
198 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_MACHINE_UID_NAME =
199 &gss_c_nt_machine_uid_name_oid_desc;
202 * This name form shall be represented by the Object Identifier {iso(1)
203 * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
204 * generic(1) string_uid_name(3)}. The recommended symbolic name for
205 * this type is "GSS_KRB5_NT_STRING_UID_NAME".
208 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_NT_STRING_UID_NAME =
209 &gss_c_nt_string_uid_name_oid_desc;
212 * To support ongoing experimentation, testing, and evolution of the
213 * specification, the Kerberos V5 GSS-API mechanism as defined in this
214 * and any successor memos will be identified with the following Object
215 * Identifier, as defined in RFC-1510, until the specification is
216 * advanced to the level of Proposed Standard RFC:
218 * {iso(1), org(3), dod(5), internet(1), security(5), kerberosv5(2)}
220 * Upon advancement to the level of Proposed Standard RFC, the Kerberos
221 * V5 GSS-API mechanism will be identified by an Object Identifier
224 * {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
228 #if 0 /* This is the old OID */
230 static gss_OID_desc gss_krb5_mechanism_oid_desc =
231 {5, rk_UNCONST("\x2b\x05\x01\x05\x02")};
235 static gss_OID_desc gss_krb5_mechanism_oid_desc =
236 {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
238 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_MECHANISM =
239 &gss_krb5_mechanism_oid_desc;
242 * draft-ietf-cat-iakerb-09, IAKERB:
243 * The mechanism ID for IAKERB proxy GSS-API Kerberos, in accordance
244 * with the mechanism proposed by SPNEGO [7] for negotiating protocol
245 * variations, is: {iso(1) org(3) dod(6) internet(1) security(5)
246 * mechanisms(5) iakerb(10) iakerbProxyProtocol(1)}. The proposed
247 * mechanism ID for IAKERB minimum messages GSS-API Kerberos, in
248 * accordance with the mechanism proposed by SPNEGO for negotiating
249 * protocol variations, is: {iso(1) org(3) dod(6) internet(1)
250 * security(5) mechanisms(5) iakerb(10)
251 * iakerbMinimumMessagesProtocol(2)}.
254 static gss_OID_desc gss_iakerb_proxy_mechanism_oid_desc =
255 {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x01")};
257 gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_PROXY_MECHANISM =
258 &gss_iakerb_proxy_mechanism_oid_desc;
260 static gss_OID_desc gss_iakerb_min_msg_mechanism_oid_desc =
261 {7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0a\x02") };
263 gss_OID GSSAPI_LIB_VARIABLE GSS_IAKERB_MIN_MSG_MECHANISM =
264 &gss_iakerb_min_msg_mechanism_oid_desc;
270 static gss_OID_desc gss_c_peer_has_updated_spnego_oid_desc =
271 {9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x05"};
273 gss_OID GSSAPI_LIB_VARIABLE GSS_C_PEER_HAS_UPDATED_SPNEGO =
274 &gss_c_peer_has_updated_spnego_oid_desc;
277 * 1.2.752.43.13 Heimdal GSS-API Extentions
280 /* 1.2.752.43.13.1 */
281 static gss_OID_desc gss_krb5_copy_ccache_x_oid_desc =
282 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01")};
284 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COPY_CCACHE_X =
285 &gss_krb5_copy_ccache_x_oid_desc;
287 /* 1.2.752.43.13.2 */
288 static gss_OID_desc gss_krb5_get_tkt_flags_x_oid_desc =
289 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02")};
291 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TKT_FLAGS_X =
292 &gss_krb5_get_tkt_flags_x_oid_desc;
294 /* 1.2.752.43.13.3 */
295 static gss_OID_desc gss_krb5_extract_authz_data_from_sec_context_x_oid_desc =
296 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03")};
298 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X =
299 &gss_krb5_extract_authz_data_from_sec_context_x_oid_desc;
301 /* 1.2.752.43.13.4 */
302 static gss_OID_desc gss_krb5_compat_des3_mic_x_oid_desc =
303 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04")};
305 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_COMPAT_DES3_MIC_X =
306 &gss_krb5_compat_des3_mic_x_oid_desc;
308 /* 1.2.752.43.13.5 */
309 static gss_OID_desc gss_krb5_register_acceptor_identity_x_desc =
310 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05")};
312 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X =
313 &gss_krb5_register_acceptor_identity_x_desc;
315 /* 1.2.752.43.13.6 */
316 static gss_OID_desc gss_krb5_export_lucid_context_x_desc =
317 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06")};
319 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_X =
320 &gss_krb5_export_lucid_context_x_desc;
322 /* 1.2.752.43.13.6.1 */
323 static gss_OID_desc gss_krb5_export_lucid_context_v1_x_desc =
324 {7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01")};
326 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X =
327 &gss_krb5_export_lucid_context_v1_x_desc;
329 /* 1.2.752.43.13.7 */
330 static gss_OID_desc gss_krb5_set_dns_canonicalize_x_desc =
331 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07")};
333 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DNS_CANONICALIZE_X =
334 &gss_krb5_set_dns_canonicalize_x_desc;
336 /* 1.2.752.43.13.8 */
337 static gss_OID_desc gss_krb5_get_subkey_x_desc =
338 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08")};
340 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SUBKEY_X =
341 &gss_krb5_get_subkey_x_desc;
343 /* 1.2.752.43.13.9 */
344 static gss_OID_desc gss_krb5_get_initiator_subkey_x_desc =
345 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09")};
347 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_INITIATOR_SUBKEY_X =
348 &gss_krb5_get_initiator_subkey_x_desc;
350 /* 1.2.752.43.13.10 */
351 static gss_OID_desc gss_krb5_get_acceptor_subkey_x_desc =
352 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a")};
354 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_ACCEPTOR_SUBKEY_X =
355 &gss_krb5_get_acceptor_subkey_x_desc;
357 /* 1.2.752.43.13.11 */
358 static gss_OID_desc gss_krb5_send_to_kdc_x_desc =
359 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b")};
361 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SEND_TO_KDC_X =
362 &gss_krb5_send_to_kdc_x_desc;
364 /* 1.2.752.43.13.12 */
365 static gss_OID_desc gss_krb5_get_authtime_x_desc =
366 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c")};
368 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_AUTHTIME_X =
369 &gss_krb5_get_authtime_x_desc;
371 /* 1.2.752.43.13.13 */
372 static gss_OID_desc gss_krb5_get_service_keyblock_x_desc =
373 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d")};
375 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_SERVICE_KEYBLOCK_X =
376 &gss_krb5_get_service_keyblock_x_desc;
378 /* 1.2.752.43.13.14 */
379 static gss_OID_desc gss_krb5_set_allowable_enctypes_x_desc =
380 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e")};
382 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X =
383 &gss_krb5_set_allowable_enctypes_x_desc;
385 /* 1.2.752.43.13.15 */
386 static gss_OID_desc gss_krb5_set_default_realm_x_desc =
387 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f")};
389 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_DEFAULT_REALM_X =
390 &gss_krb5_set_default_realm_x_desc;
392 /* 1.2.752.43.13.16 */
393 static gss_OID_desc gss_krb5_ccache_name_x_desc =
394 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10")};
396 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_CCACHE_NAME_X =
397 &gss_krb5_ccache_name_x_desc;
399 /* 1.2.752.43.13.17 */
400 static gss_OID_desc gss_krb5_set_time_offset_x_desc =
401 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
403 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_SET_TIME_OFFSET_X =
404 &gss_krb5_set_time_offset_x_desc;
406 /* 1.2.752.43.13.18 */
407 static gss_OID_desc gss_krb5_get_time_offset_x_desc =
408 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
410 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TIME_OFFSET_X =
411 &gss_krb5_get_time_offset_x_desc;
413 /* 1.2.752.43.14.1 */
414 static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
415 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
417 gss_OID GSSAPI_LIB_VARIABLE GSS_SASL_DIGEST_MD5_MECHANISM =
418 &gss_sasl_digest_md5_mechanism_desc;
421 * Context for krb5 calls.
428 static gssapi_mech_interface_desc krb5_mech = {
431 {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
432 _gsskrb5_acquire_cred,
433 _gsskrb5_release_cred,
434 _gsskrb5_init_sec_context,
435 _gsskrb5_accept_sec_context,
436 _gsskrb5_process_context_token,
437 _gsskrb5_delete_sec_context,
438 _gsskrb5_context_time,
443 _gsskrb5_display_status,
444 _gsskrb5_indicate_mechs,
445 _gsskrb5_compare_name,
446 _gsskrb5_display_name,
447 _gsskrb5_import_name,
448 _gsskrb5_export_name,
449 _gsskrb5_release_name,
450 _gsskrb5_inquire_cred,
451 _gsskrb5_inquire_context,
452 _gsskrb5_wrap_size_limit,
454 _gsskrb5_inquire_cred_by_mech,
455 _gsskrb5_export_sec_context,
456 _gsskrb5_import_sec_context,
457 _gsskrb5_inquire_names_for_mech,
458 _gsskrb5_inquire_mechs_for_name,
459 _gsskrb5_canonicalize_name,
460 _gsskrb5_duplicate_name,
461 _gsskrb5_inquire_sec_context_by_oid,
462 _gsskrb5_inquire_cred_by_oid,
463 _gsskrb5_set_sec_context_option,
464 _gsskrb5_set_cred_option,
465 _gsskrb5_pseudo_random
468 gssapi_mech_interface
469 __gss_krb5_initialize(void)
git.samba.org / sfrench / samba-autobuild / .git / blob