lib/gssapi/krb5/import_name.c

   1 /*
   2  * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "krb5/gsskrb5_locl.h"
  35
  36 RCSID("$Id$");
  37
  38 static OM_uint32
  39 parse_krb5_name (OM_uint32 *minor_status,
  40                  krb5_context context,
  41                  const char *name,
  42                  gss_name_t *output_name)
  43 {
  44     krb5_principal princ;
  45     krb5_error_code kerr;
  46
  47     kerr = krb5_parse_name (context, name, &princ);
  48
  49     if (kerr == 0) {
  50         *output_name = (gss_name_t)princ;
  51         return GSS_S_COMPLETE;
  52     }
  53     *minor_status = kerr;
  54
  55     if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
  56         return GSS_S_BAD_NAME;
  57
  58     return GSS_S_FAILURE;
  59 }
  60
  61 static OM_uint32
  62 import_krb5_name (OM_uint32 *minor_status,
  63                   krb5_context context,
  64                   const gss_buffer_t input_name_buffer,
  65                   gss_name_t *output_name)
  66 {
  67     OM_uint32 ret;
  68     char *tmp;
  69
  70     tmp = malloc (input_name_buffer->length + 1);
  71     if (tmp == NULL) {
  72         *minor_status = ENOMEM;
  73         return GSS_S_FAILURE;
  74     }
  75     memcpy (tmp,
  76             input_name_buffer->value,
  77             input_name_buffer->length);
  78     tmp[input_name_buffer->length] = '\0';
  79
  80     ret = parse_krb5_name(minor_status, context, tmp, output_name);
  81     free(tmp);
  82
  83     return ret;
  84 }
  85
  86 static OM_uint32
  87 import_hostbased_name (OM_uint32 *minor_status,
  88                        krb5_context context,
  89                        const gss_buffer_t input_name_buffer,
  90                        gss_name_t *output_name)
  91 {
  92     krb5_error_code kerr;
  93     char *tmp;
  94     char *p;
  95     char *host;
  96     char local_hostname[MAXHOSTNAMELEN];
  97     krb5_principal princ = NULL;
  98
  99     tmp = malloc (input_name_buffer->length + 1);
 100     if (tmp == NULL) {
 101         *minor_status = ENOMEM;
 102         return GSS_S_FAILURE;
 103     }
 104     memcpy (tmp,
 105             input_name_buffer->value,
 106             input_name_buffer->length);
 107     tmp[input_name_buffer->length] = '\0';
 108
 109     p = strchr (tmp, '@');
 110     if (p != NULL) {
 111         *p = '\0';
 112         host = p + 1;
 113     } else {
 114         if (gethostname(local_hostname, sizeof(local_hostname)) < 0) {
 115             *minor_status = errno;
 116             free (tmp);
 117             return GSS_S_FAILURE;
 118         }
 119         host = local_hostname;
 120     }
 121
 122     kerr = krb5_sname_to_principal (context,
 123                                     host,
 124                                     tmp,
 125                                     KRB5_NT_SRV_HST,
 126                                     &princ);
 127     free (tmp);
 128     *minor_status = kerr;
 129     if (kerr == 0) {
 130         *output_name = (gss_name_t)princ;
 131         return GSS_S_COMPLETE;
 132     }
 133
 134     if (kerr == KRB5_PARSE_ILLCHAR || kerr == KRB5_PARSE_MALFORMED)
 135         return GSS_S_BAD_NAME;
 136
 137     return GSS_S_FAILURE;
 138 }
 139
 140 static OM_uint32
 141 import_export_name (OM_uint32 *minor_status,
 142                     krb5_context context,
 143                     const gss_buffer_t input_name_buffer,
 144                     gss_name_t *output_name)
 145 {
 146     unsigned char *p;
 147     uint32_t length;
 148     OM_uint32 ret;
 149     char *name;
 150
 151     if (input_name_buffer->length < 10 + GSS_KRB5_MECHANISM->length)
 152         return GSS_S_BAD_NAME;
 153
 154     /* TOK, MECH_OID_LEN, DER(MECH_OID), NAME_LEN, NAME */
 155
 156     p = input_name_buffer->value;
 157
 158     if (memcmp(&p[0], "\x04\x01\x00", 3) != 0 ||
 159         p[3] != GSS_KRB5_MECHANISM->length + 2 ||
 160         p[4] != 0x06 ||
 161         p[5] != GSS_KRB5_MECHANISM->length ||
 162         memcmp(&p[6], GSS_KRB5_MECHANISM->elements,
 163                GSS_KRB5_MECHANISM->length) != 0)
 164         return GSS_S_BAD_NAME;
 165
 166     p += 6 + GSS_KRB5_MECHANISM->length;
 167
 168     length = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
 169     p += 4;
 170
 171     if (length > input_name_buffer->length - 10 - GSS_KRB5_MECHANISM->length)
 172         return GSS_S_BAD_NAME;
 173
 174     name = malloc(length + 1);
 175     if (name == NULL) {
 176         *minor_status = ENOMEM;
 177         return GSS_S_FAILURE;
 178     }
 179     memcpy(name, p, length);
 180     name[length] = '\0';
 181
 182     ret = parse_krb5_name(minor_status, context, name, output_name);
 183     free(name);
 184
 185     return ret;
 186 }
 187
 188 OM_uint32 _gsskrb5_import_name
 189            (OM_uint32 * minor_status,
 190             const gss_buffer_t input_name_buffer,
 191             const gss_OID input_name_type,
 192             gss_name_t * output_name
 193            )
 194 {
 195     krb5_context context;
 196
 197     *minor_status = 0;
 198     *output_name = GSS_C_NO_NAME;
 199
 200     GSSAPI_KRB5_INIT (&context);
 201
 202     if (gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE) ||
 203         gss_oid_equal(input_name_type, GSS_C_NT_HOSTBASED_SERVICE_X))
 204         return import_hostbased_name (minor_status,
 205                                       context,
 206                                       input_name_buffer,
 207                                       output_name);
 208     else if (gss_oid_equal(input_name_type, GSS_C_NO_OID)
 209              || gss_oid_equal(input_name_type, GSS_C_NT_USER_NAME)
 210              || gss_oid_equal(input_name_type, GSS_KRB5_NT_PRINCIPAL_NAME))
 211         /* default printable syntax */
 212         return import_krb5_name (minor_status,
 213                                  context,
 214                                  input_name_buffer,
 215                                  output_name);
 216     else if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) {
 217         return import_export_name(minor_status,
 218                                   context,
 219                                   input_name_buffer,
 220                                   output_name);
 221     } else {
 222         *minor_status = 0;
 223         return GSS_S_BAD_NAMETYPE;
 224     }
 225 }