1 /*- 2 * Copyright (c) 2005 Doug Rabson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #include <gssapi/gssapi.h> 30 #include <stdlib.h> 31 #include <errno.h> 32 33 #include "mech_switch.h" 34 #include "utils.h" 35 #include "name.h" 36 37 static OM_uint32 38 _gss_import_export_name(OM_uint32 *minor_status, 39 const gss_buffer_t input_name_buffer, 40 gss_name_t *output_name) 41 { 42 OM_uint32 major_status; 43 unsigned char *p = input_name_buffer->value; 44 size_t len = input_name_buffer->length; 45 size_t t; 46 gss_OID_desc mech_oid; 47 struct _gss_mech_switch *m; 48 struct _gss_name *name; 49 struct _gss_mechanism_name *mn; 50 gss_name_t new_canonical_name; 51 52 *minor_status = 0; 53 *output_name = 0; 54 55 /* 56 * Make sure that TOK_ID is {4, 1}. 57 */ 58 if (len < 2) 59 return (GSS_S_BAD_NAME); 60 if (p[0] != 4 || p[1] != 1) 61 return (GSS_S_BAD_NAME); 62 p += 2; 63 len -= 2; 64 65 /* 66 * Get the mech length and the name length and sanity 67 * check the size of of the buffer. 68 */ 69 if (len < 2) 70 return (GSS_S_BAD_NAME); 71 t = (p[0] << 8) + p[1]; 72 p += 2; 73 len -= 2; 74 75 /* 76 * Check the DER encoded OID to make sure it agrees with the 77 * length we just decoded. 78 */ 79 if (p[0] != 6) /* 6=OID */ 80 return (GSS_S_BAD_NAME); 81 p++; 82 len--; 83 t--; 84 if (p[0] & 0x80) { 85 int digits = p[0]; 86 p++; 87 len--; 88 t--; 89 mech_oid.length = 0; 90 while (digits--) { 91 mech_oid.length = (mech_oid.length << 8) | p[0]; 92 p++; 93 len--; 94 t--; 95 } 96 } else { 97 mech_oid.length = p[0]; 98 p++; 99 len--; 100 t--; 101 } 102 if (mech_oid.length != t) 103 return (GSS_S_BAD_NAME); 104 105 mech_oid.elements = p; 106 107 if (len < t + 4) 108 return (GSS_S_BAD_NAME); 109 p += t; 110 len -= t; 111 112 t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; 113 p += 4; 114 len -= 4; 115 116 if (len != t) 117 return (GSS_S_BAD_NAME); 118 119 m = _gss_find_mech_switch(&mech_oid); 120 if (!m) 121 return (GSS_S_BAD_MECH); 122 123 /* 124 * Ask the mechanism to import the name. 125 */ 126 major_status = m->gm_import_name(minor_status, 127 input_name_buffer, GSS_C_NT_EXPORT_NAME, &new_canonical_name); 128 129 /* 130 * Now we make a new name and mark it as an MN. 131 */ 132 name = _gss_make_name(m, new_canonical_name); 133 if (!name) { 134 m->gm_release_name(minor_status, &new_canonical_name); 135 return (GSS_S_FAILURE); 136 } 137 138 *output_name = (gss_name_t) name; 139 140 *minor_status = 0; 141 return (GSS_S_COMPLETE); 142 } 143 144 OM_uint32 145 gss_import_name(OM_uint32 *minor_status, 146 const gss_buffer_t input_name_buffer, 147 const gss_OID input_name_type, 148 gss_name_t *output_name) 149 { 150 gss_OID name_type = input_name_type; 151 OM_uint32 major_status; 152 struct _gss_name *name; 153 154 if (input_name_buffer->length == 0) { 155 *minor_status = 0; 156 *output_name = 0; 157 return (GSS_S_BAD_NAME); 158 } 159 160 /* 161 * Use GSS_NT_USER_NAME as default name type. 162 */ 163 if (name_type == GSS_C_NO_OID) 164 name_type = GSS_C_NT_USER_NAME; 165 166 /* 167 * If this is an exported name, we need to parse it to find 168 * the mechanism and then import it as an MN. See RFC 2743 169 * section 3.2 for a description of the format. 170 */ 171 if (_gss_oid_equal(name_type, GSS_C_NT_EXPORT_NAME)) { 172 return _gss_import_export_name(minor_status, 173 input_name_buffer, output_name); 174 } 175 176 /* 177 * Only allow certain name types. This is pretty bogus - we 178 * should figure out the list of supported name types using 179 * gss_inquire_names_for_mech. 180 */ 181 if (!_gss_oid_equal(name_type, GSS_C_NT_USER_NAME) 182 && !_gss_oid_equal(name_type, GSS_C_NT_MACHINE_UID_NAME) 183 && !_gss_oid_equal(name_type, GSS_C_NT_STRING_UID_NAME) 184 && !_gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE_X) 185 && !_gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE) 186 && !_gss_oid_equal(name_type, GSS_C_NT_ANONYMOUS) 187 && !_gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) { 188 *minor_status = 0; 189 *output_name = 0; 190 return (GSS_S_BAD_NAMETYPE); 191 } 192 193 *minor_status = 0; 194 name = malloc(sizeof(struct _gss_name)); 195 if (!name) { 196 *minor_status = ENOMEM; 197 return (GSS_S_FAILURE); 198 } 199 memset(name, 0, sizeof(struct _gss_name)); 200 201 major_status = _gss_copy_oid(minor_status, 202 name_type, &name->gn_type); 203 if (major_status) { 204 free(name); 205 return (GSS_S_FAILURE); 206 } 207 208 major_status = _gss_copy_buffer(minor_status, 209 input_name_buffer, &name->gn_value); 210 if (major_status) { 211 gss_release_name(minor_status, (gss_name_t*) &name); 212 return (GSS_S_FAILURE); 213 } 214 215 SLIST_INIT(&name->gn_mn); 216 217 *output_name = (gss_name_t) name; 218 return (GSS_S_COMPLETE); 219 } 220