2 * Copyright (c) 2010 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Portions Copyright (c) 2010 Apple Inc. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 #include <gssapi_spi.h>
40 _netlogon_acquire_cred(OM_uint32
* min_stat
,
41 gss_const_name_t desired_name
,
43 const gss_OID_set desired_mechs
,
44 gss_cred_usage_t cred_usage
,
45 gss_cred_id_t
* output_cred_handle
,
46 gss_OID_set
* actual_mechs
,
50 gssnetlogon_cred cred
;
52 /* only initiator support so far */
53 if (cred_usage
!= GSS_C_INITIATE
)
56 if (desired_name
== GSS_C_NO_NAME
)
57 return GSS_S_BAD_NAME
;
59 cred
= (gssnetlogon_cred
)calloc(1, sizeof(*cred
));
64 cred
->SignatureAlgorithm
= NL_SIGN_ALG_HMAC_MD5
;
65 cred
->SealAlgorithm
= NL_SEAL_ALG_RC4
;
67 ret
= _netlogon_duplicate_name(min_stat
, desired_name
,
68 (gss_name_t
*)&cred
->Name
);
74 *output_cred_handle
= (gss_cred_id_t
)cred
;
75 if (actual_mechs
!= NULL
)
76 *actual_mechs
= GSS_C_NO_OID_SET
;
78 *time_rec
= GSS_C_INDEFINITE
;
80 return GSS_S_COMPLETE
;
84 _netlogon_acquire_cred_ex(gss_status_id_t status
,
85 gss_const_name_t desired_name
,
88 gss_cred_usage_t cred_usage
,
89 gss_auth_identity_t identity
,
91 void (*complete
)(void *, OM_uint32
, gss_status_id_t
, gss_cred_id_t
, OM_uint32
))
93 return GSS_S_UNAVAILABLE
;
97 * value contains 16 byte session key
100 _netlogon_set_session_key(OM_uint32
*minor_status
,
101 gss_cred_id_t
*cred_handle
,
102 const gss_buffer_t value
)
104 gssnetlogon_cred cred
;
106 if (*cred_handle
== GSS_C_NO_CREDENTIAL
) {
107 *minor_status
= EINVAL
;
108 return GSS_S_FAILURE
;
111 cred
= (gssnetlogon_cred
)*cred_handle
;
113 if (value
->length
!= sizeof(cred
->SessionKey
)) {
114 *minor_status
= ERANGE
;
115 return GSS_S_FAILURE
;
118 memcpy(cred
->SessionKey
, value
->value
, value
->length
);
121 return GSS_S_COMPLETE
;
125 * value contains 16 bit little endian encoded seal algorithm
128 _netlogon_set_sign_algorithm(OM_uint32
*minor_status
,
129 gss_cred_id_t
*cred_handle
,
130 const gss_buffer_t value
)
132 gssnetlogon_cred cred
;
136 if (*cred_handle
== GSS_C_NO_CREDENTIAL
) {
137 *minor_status
= EINVAL
;
138 return GSS_S_FAILURE
;
141 cred
= (gssnetlogon_cred
)*cred_handle
;
143 if (value
->length
!= 2) {
144 *minor_status
= ERANGE
;
145 return GSS_S_FAILURE
;
148 p
= (const uint8_t *)value
->value
;
149 alg
= (p
[0] << 0) | (p
[1] << 8);
151 if (alg
!= NL_SIGN_ALG_HMAC_MD5
&& alg
!= NL_SIGN_ALG_SHA256
) {
152 *minor_status
= EINVAL
;
153 return GSS_S_FAILURE
;
156 cred
->SignatureAlgorithm
= alg
;
157 if (alg
== NL_SIGN_ALG_SHA256
)
158 cred
->SealAlgorithm
= NL_SEAL_ALG_AES128
;
160 cred
->SealAlgorithm
= NL_SEAL_ALG_RC4
;
163 return GSS_S_COMPLETE
;
167 _netlogon_set_cred_option
168 (OM_uint32
*minor_status
,
169 gss_cred_id_t
*cred_handle
,
170 const gss_OID desired_object
,
171 const gss_buffer_t value
)
173 if (value
== GSS_C_NO_BUFFER
) {
174 *minor_status
= EINVAL
;
175 return GSS_S_FAILURE
;
178 if (gss_oid_equal(desired_object
, GSS_NETLOGON_SET_SESSION_KEY_X
))
179 return _netlogon_set_session_key(minor_status
, cred_handle
, value
);
180 else if (gss_oid_equal(desired_object
, GSS_NETLOGON_SET_SIGN_ALGORITHM_X
))
181 return _netlogon_set_sign_algorithm(minor_status
, cred_handle
, value
);
183 *minor_status
= EINVAL
;
184 return GSS_S_FAILURE
;