2 * Copyright (C) 2006-2015 Internet Systems Consortium, Inc. ("ISC")
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
19 * Portable SPNEGO implementation.
21 * This is part of a portable implementation of the SPNEGO protocol
22 * (RFCs 2478 and 4178). This implementation uses the RFC 4178 ASN.1
23 * module but is not a full implementation of the RFC 4178 protocol;
24 * at the moment, we only support GSS-TSIG with Kerberos
25 * authentication, so we only need enough of the SPNEGO protocol to
28 * The files that make up this portable SPNEGO implementation are:
29 * \li spnego.c (this file)
30 * \li spnego.h (API SPNEGO exports to the rest of lib/dns)
31 * \li spnego.asn1 (SPNEGO ASN.1 module)
32 * \li spnego_asn1.c (routines generated from spngo.asn1)
33 * \li spnego_asn1.pl (perl script to generate spnego_asn1.c)
35 * Everything but the functions exported in spnego.h is static, to
36 * avoid possible conflicts with other libraries (particularly Heimdal,
37 * since much of this code comes from Heimdal by way of mod_auth_kerb).
39 * spnego_asn1.c is shipped as part of lib/dns because generating it
40 * requires both Perl and the Heimdal ASN.1 compiler. See
41 * spnego_asn1.pl for further details. We've tried to eliminate all
42 * compiler warnings from the generated code, but you may see a few
43 * when using a compiler version we haven't tested yet.
47 * Portions of this code were derived from mod_auth_kerb and Heimdal.
48 * These packages are available from:
50 * http://modauthkerb.sourceforge.net/
51 * http://www.pdc.kth.se/heimdal/
53 * and were released under the following licenses:
55 * ----------------------------------------------------------------
57 * Copyright (c) 2004 Masarykova universita
58 * (Masaryk University, Brno, Czech Republic)
59 * All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions are met:
64 * 1. Redistributions of source code must retain the above copyright notice,
65 * this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in the
69 * documentation and/or other materials provided with the distribution.
71 * 3. Neither the name of the University nor the names of its contributors may
72 * be used to endorse or promote products derived from this software
73 * without specific prior written permission.
75 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
76 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
77 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
78 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
79 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
80 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
81 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
82 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
83 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
84 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
85 * POSSIBILITY OF SUCH DAMAGE.
87 * ----------------------------------------------------------------
89 * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
90 * (Royal Institute of Technology, Stockholm, Sweden).
91 * All rights reserved.
93 * Redistribution and use in source and binary forms, with or without
94 * modification, are permitted provided that the following conditions
97 * 1. Redistributions of source code must retain the above copyright
98 * notice, this list of conditions and the following disclaimer.
100 * 2. Redistributions in binary form must reproduce the above copyright
101 * notice, this list of conditions and the following disclaimer in the
102 * documentation and/or other materials provided with the distribution.
104 * 3. Neither the name of the Institute nor the names of its contributors
105 * may be used to endorse or promote products derived from this software
106 * without specific prior written permission.
108 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
109 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
110 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
111 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
112 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
113 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
114 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
115 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
116 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
117 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
122 * XXXSRA We should omit this file entirely in Makefile.in via autoconf,
123 * but this will keep it from generating errors until that's written.
129 * XXXSRA Some of the following files are almost certainly unnecessary,
130 * but using this list (borrowed from gssapictx.c) gets rid of some
131 * whacky compilation errors when building with MSVC and should be
132 * harmless in any case.
140 #include <isc/buffer.h>
142 #include <isc/entropy.h>
145 #include <isc/once.h>
146 #include <isc/random.h>
147 #include <isc/safe.h>
148 #include <isc/string.h>
149 #include <isc/time.h>
150 #include <isc/util.h>
152 #include <dns/fixedname.h>
153 #include <dns/name.h>
154 #include <dns/rdata.h>
155 #include <dns/rdataclass.h>
156 #include <dns/result.h>
157 #include <dns/types.h>
158 #include <dns/keyvalues.h>
161 #include <dst/gssapi.h>
162 #include <dst/result.h>
164 #include "dst_internal.h"
172 /* Generated from ../../../lib/asn1/asn1_err.et */
174 #ifndef ERROR_TABLE_BASE_asn1
175 /* these may be brought in already via gssapi_krb5.h */
176 typedef enum asn1_error_number {
177 ASN1_BAD_TIMEFORMAT = 1859794432,
178 ASN1_MISSING_FIELD = 1859794433,
179 ASN1_MISPLACED_FIELD = 1859794434,
180 ASN1_TYPE_MISMATCH = 1859794435,
181 ASN1_OVERFLOW = 1859794436,
182 ASN1_OVERRUN = 1859794437,
183 ASN1_BAD_ID = 1859794438,
184 ASN1_BAD_LENGTH = 1859794439,
185 ASN1_BAD_FORMAT = 1859794440,
186 ASN1_PARSE_ERROR = 1859794441
189 #define ERROR_TABLE_BASE_asn1 1859794432
192 #define __asn1_common_definitions__
194 typedef struct octet_string {
199 typedef char *general_string;
201 typedef char *utf8_string;
205 unsigned *components;
211 ASN1_C_UNIV = 0, ASN1_C_APPL = 1,
212 ASN1_C_CONTEXT = 2, ASN1_C_PRIVATE = 3
231 UT_PrintableString = 19,
234 UT_GeneralizedTime = 24,
235 UT_VisibleString = 26,
236 UT_GeneralString = 27
239 #define ASN1_INDEFINITE 0xdce0deed
242 der_get_length(const unsigned char *p, size_t len,
243 size_t * val, size_t * size);
246 der_get_octet_string(const unsigned char *p, size_t len,
247 octet_string * data, size_t * size);
249 der_get_oid(const unsigned char *p, size_t len,
250 oid * data, size_t * size);
252 der_get_tag(const unsigned char *p, size_t len,
253 Der_class * class, Der_type * type,
254 int *tag, size_t * size);
257 der_match_tag(const unsigned char *p, size_t len,
258 Der_class class, Der_type type,
259 int tag, size_t * size);
261 der_match_tag_and_length(const unsigned char *p, size_t len,
262 Der_class class, Der_type type, int tag,
263 size_t * length_ret, size_t * size);
266 decode_oid(const unsigned char *p, size_t len,
267 oid * k, size_t * size);
270 decode_enumerated(const unsigned char *p, size_t len, void *num, size_t *size);
273 decode_octet_string(const unsigned char *, size_t, octet_string *, size_t *);
276 der_put_int(unsigned char *p, size_t len, int val, size_t *);
279 der_put_length(unsigned char *p, size_t len, size_t val, size_t *);
282 der_put_octet_string(unsigned char *p, size_t len,
283 const octet_string * data, size_t *);
285 der_put_oid(unsigned char *p, size_t len,
286 const oid * data, size_t * size);
288 der_put_tag(unsigned char *p, size_t len, Der_class class, Der_type type,
291 der_put_length_and_tag(unsigned char *, size_t, size_t,
292 Der_class, Der_type, int, size_t *);
295 encode_enumerated(unsigned char *p, size_t len, const void *data, size_t *);
298 encode_octet_string(unsigned char *p, size_t len,
299 const octet_string * k, size_t *);
301 encode_oid(unsigned char *p, size_t len,
302 const oid * k, size_t *);
305 free_octet_string(octet_string * k);
311 length_len(size_t len);
314 fix_dce(size_t reallen, size_t * len);
317 * Include stuff generated by the ASN.1 compiler.
320 #include "spnego_asn1.c"
322 static unsigned char gss_krb5_mech_oid_bytes[] = {
323 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02
326 static gss_OID_desc gss_krb5_mech_oid_desc = {
327 sizeof(gss_krb5_mech_oid_bytes),
328 gss_krb5_mech_oid_bytes
331 static gss_OID GSS_KRB5_MECH = &gss_krb5_mech_oid_desc;
333 static unsigned char gss_mskrb5_mech_oid_bytes[] = {
334 0x2a, 0x86, 0x48, 0x82, 0xf7, 0x12, 0x01, 0x02, 0x02
337 static gss_OID_desc gss_mskrb5_mech_oid_desc = {
338 sizeof(gss_mskrb5_mech_oid_bytes),
339 gss_mskrb5_mech_oid_bytes
342 static gss_OID GSS_MSKRB5_MECH = &gss_mskrb5_mech_oid_desc;
344 static unsigned char gss_spnego_mech_oid_bytes[] = {
345 0x2b, 0x06, 0x01, 0x05, 0x05, 0x02
348 static gss_OID_desc gss_spnego_mech_oid_desc = {
349 sizeof(gss_spnego_mech_oid_bytes),
350 gss_spnego_mech_oid_bytes
353 static gss_OID GSS_SPNEGO_MECH = &gss_spnego_mech_oid_desc;
355 /* spnegokrb5_locl.h */
358 gssapi_spnego_encapsulate(OM_uint32 *,
365 gssapi_spnego_decapsulate(OM_uint32 *,
371 /* mod_auth_kerb.c */
374 cmp_gss_type(gss_buffer_t token, gss_OID gssoid)
379 if (token->length == 0U)
380 return (GSS_S_DEFECTIVE_TOKEN);
384 return (GSS_S_DEFECTIVE_TOKEN);
387 if ((len & 0x7f) > 4U)
388 return (GSS_S_DEFECTIVE_TOKEN);
392 return (GSS_S_DEFECTIVE_TOKEN);
394 if (((OM_uint32) *p++) != gssoid->length)
395 return (GSS_S_DEFECTIVE_TOKEN);
397 return (isc_safe_memcompare(p, gssoid->elements, gssoid->length));
400 /* accept_sec_context.c */
402 * SPNEGO wrapper for Kerberos5 GSS-API kouril@ics.muni.cz, 2003 (mostly
403 * based on Heimdal code)
407 code_NegTokenArg(OM_uint32 * minor_status,
408 const NegTokenResp * resp,
409 unsigned char **outbuf,
410 size_t * outbuf_size)
414 size_t buf_size, buf_len = 0;
417 buf = malloc(buf_size);
419 *minor_status = ENOMEM;
420 return (GSS_S_FAILURE);
423 ret = encode_NegTokenResp(buf + buf_size - 1,
429 ret = der_put_length_and_tag(buf + buf_size - buf_len - 1,
440 if (ret == ASN1_OVERFLOW) {
444 tmp = realloc(buf, buf_size);
446 *minor_status = ENOMEM;
448 return (GSS_S_FAILURE);
454 return (GSS_S_FAILURE);
457 } while (ret == ASN1_OVERFLOW);
459 *outbuf = malloc(buf_len);
460 if (*outbuf == NULL) {
461 *minor_status = ENOMEM;
463 return (GSS_S_FAILURE);
465 memmove(*outbuf, buf + buf_size - buf_len, buf_len);
466 *outbuf_size = buf_len;
470 return (GSS_S_COMPLETE);
474 send_reject(OM_uint32 * minor_status,
475 gss_buffer_t output_token)
480 resp.negState = malloc(sizeof(*resp.negState));
481 if (resp.negState == NULL) {
482 *minor_status = ENOMEM;
483 return (GSS_S_FAILURE);
485 *(resp.negState) = reject;
487 resp.supportedMech = NULL;
488 resp.responseToken = NULL;
489 resp.mechListMIC = NULL;
491 ret = code_NegTokenArg(minor_status, &resp,
492 (unsigned char **)&output_token->value,
493 &output_token->length);
494 free_NegTokenResp(&resp);
498 return (GSS_S_BAD_MECH);
502 send_accept(OM_uint32 * minor_status,
503 gss_buffer_t output_token,
504 gss_buffer_t mech_token,
510 memset(&resp, 0, sizeof(resp));
511 resp.negState = malloc(sizeof(*resp.negState));
512 if (resp.negState == NULL) {
513 *minor_status = ENOMEM;
514 return (GSS_S_FAILURE);
516 *(resp.negState) = accept_completed;
518 resp.supportedMech = malloc(sizeof(*resp.supportedMech));
519 if (resp.supportedMech == NULL) {
520 free_NegTokenResp(&resp);
521 *minor_status = ENOMEM;
522 return (GSS_S_FAILURE);
524 ret = der_get_oid(pref->elements,
529 free_NegTokenResp(&resp);
530 *minor_status = ENOMEM;
531 return (GSS_S_FAILURE);
533 if (mech_token != NULL && mech_token->length != 0U) {
534 resp.responseToken = malloc(sizeof(*resp.responseToken));
535 if (resp.responseToken == NULL) {
536 free_NegTokenResp(&resp);
537 *minor_status = ENOMEM;
538 return (GSS_S_FAILURE);
540 resp.responseToken->length = mech_token->length;
541 resp.responseToken->data = mech_token->value;
544 ret = code_NegTokenArg(minor_status, &resp,
545 (unsigned char **)&output_token->value,
546 &output_token->length);
547 if (resp.responseToken != NULL) {
548 free(resp.responseToken);
549 resp.responseToken = NULL;
551 free_NegTokenResp(&resp);
555 return (GSS_S_COMPLETE);
559 gss_accept_sec_context_spnego(OM_uint32 *minor_status,
560 gss_ctx_id_t *context_handle,
561 const gss_cred_id_t acceptor_cred_handle,
562 const gss_buffer_t input_token_buffer,
563 const gss_channel_bindings_t input_chan_bindings,
564 gss_name_t *src_name,
566 gss_buffer_t output_token,
567 OM_uint32 *ret_flags,
569 gss_cred_id_t *delegated_cred_handle)
571 NegTokenInit init_token;
572 OM_uint32 major_status;
573 OM_uint32 minor_status2;
574 gss_buffer_desc ibuf, obuf;
575 gss_buffer_t ot = NULL;
576 gss_OID pref = GSS_KRB5_MECH;
579 size_t len, taglen, ni_len;
585 * Before doing anything else, see whether this is a SPNEGO
586 * PDU. If not, dispatch to the GSSAPI library and get out.
589 if (cmp_gss_type(input_token_buffer, GSS_SPNEGO_MECH))
590 return (gss_accept_sec_context(minor_status,
592 acceptor_cred_handle,
600 delegated_cred_handle));
603 * If we get here, it's SPNEGO.
606 memset(&init_token, 0, sizeof(init_token));
608 ret = gssapi_spnego_decapsulate(minor_status, input_token_buffer,
609 &buf, &buf_size, GSS_SPNEGO_MECH);
613 ret = der_match_tag_and_length(buf, buf_size, ASN1_C_CONTEXT, CONS,
618 ret = decode_NegTokenInit(buf + taglen, len, &init_token, &ni_len);
620 *minor_status = EINVAL; /* XXX */
621 return (GSS_S_DEFECTIVE_TOKEN);
624 for (i = 0; !found && i < init_token.mechTypes.len; ++i) {
625 unsigned char mechbuf[17];
628 ret = der_put_oid(mechbuf + sizeof(mechbuf) - 1,
630 &init_token.mechTypes.val[i],
633 free_NegTokenInit(&init_token);
634 return (GSS_S_DEFECTIVE_TOKEN);
636 if (mech_len == GSS_KRB5_MECH->length &&
637 isc_safe_memequal(GSS_KRB5_MECH->elements,
638 mechbuf + sizeof(mechbuf) - mech_len,
644 if (mech_len == GSS_MSKRB5_MECH->length &&
645 isc_safe_memequal(GSS_MSKRB5_MECH->elements,
646 mechbuf + sizeof(mechbuf) - mech_len,
651 pref = GSS_MSKRB5_MECH;
657 free_NegTokenInit(&init_token);
658 return (send_reject(minor_status, output_token));
661 if (i == 0 && init_token.mechToken != NULL) {
662 ibuf.length = init_token.mechToken->length;
663 ibuf.value = init_token.mechToken->data;
665 major_status = gss_accept_sec_context(minor_status,
667 acceptor_cred_handle,
675 delegated_cred_handle);
676 if (GSS_ERROR(major_status)) {
677 free_NegTokenInit(&init_token);
678 send_reject(&minor_status2, output_token);
679 return (major_status);
683 ret = send_accept(&minor_status2, output_token, ot, pref);
684 free_NegTokenInit(&init_token);
685 if (ot != NULL && ot->length != 0U)
686 gss_release_buffer(&minor_status2, ot);
694 gssapi_verify_mech_header(u_char ** str,
698 size_t len, len_len, mech_len, foo;
703 return (GSS_S_DEFECTIVE_TOKEN);
705 return (GSS_S_DEFECTIVE_TOKEN);
706 e = der_get_length(p, total_len - 1, &len, &len_len);
707 if (e || 1 + len_len + len != total_len)
708 return (GSS_S_DEFECTIVE_TOKEN);
711 return (GSS_S_DEFECTIVE_TOKEN);
712 e = der_get_length(p, total_len - 1 - len_len - 1,
715 return (GSS_S_DEFECTIVE_TOKEN);
717 if (mech_len != mech->length)
718 return (GSS_S_BAD_MECH);
719 if (!isc_safe_memequal(p, mech->elements, mech->length))
720 return (GSS_S_BAD_MECH);
723 return (GSS_S_COMPLETE);
727 * Remove the GSS-API wrapping from `in_token' giving `buf and buf_size' Does
728 * not copy data, so just free `in_token'.
732 gssapi_spnego_decapsulate(OM_uint32 *minor_status,
733 gss_buffer_t input_token_buffer,
741 p = input_token_buffer->value;
742 ret = gssapi_verify_mech_header(&p,
743 input_token_buffer->length,
747 return (GSS_S_FAILURE);
749 *buf_len = input_token_buffer->length -
750 (p - (u_char *) input_token_buffer->value);
752 return (GSS_S_COMPLETE);
758 free_octet_string(octet_string *k)
768 k->components = NULL;
774 * All decoding functions take a pointer `p' to first position in which to
775 * read, from the left, `len' which means the maximum number of characters we
776 * are able to read, `ret' were the value will be returned and `size' where
777 * the number of used bytes is stored. Either 0 or an error code is returned.
781 der_get_unsigned(const unsigned char *p, size_t len,
782 unsigned *ret, size_t *size)
788 val = val * 256 + *p++;
796 der_get_int(const unsigned char *p, size_t len,
797 int *ret, size_t *size)
803 val = (signed char)*p++;
805 val = val * 256 + *p++;
814 der_get_length(const unsigned char *p, size_t len,
815 size_t *val, size_t *size)
820 return (ASN1_OVERRUN);
833 *val = ASN1_INDEFINITE;
840 return (ASN1_OVERRUN);
841 e = der_get_unsigned(p, v, &tmp, &l);
852 der_get_octet_string(const unsigned char *p, size_t len,
853 octet_string *data, size_t *size)
857 data->data = malloc(len);
858 if (data->data == NULL)
860 memmove(data->data, p, len);
869 der_get_oid(const unsigned char *p, size_t len,
870 oid *data, size_t *size)
875 data->components = NULL;
878 return (ASN1_OVERRUN);
880 data->components = malloc(len * sizeof(*data->components));
881 if (data->components == NULL && len != 0U)
883 data->components[0] = (*p) / 40;
884 data->components[1] = (*p) % 40;
887 for (n = 2; len > 0U; ++n) {
892 u = u * 128 + (*p++ % 128);
893 } while (len > 0U && p[-1] & 0x80);
894 data->components[n] = u;
898 return (ASN1_OVERRUN);
907 der_get_tag(const unsigned char *p, size_t len,
908 Der_class *class, Der_type *type,
909 int *tag, size_t *size)
912 return (ASN1_OVERRUN);
913 *class = (Der_class) (((*p) >> 6) & 0x03);
914 *type = (Der_type) (((*p) >> 5) & 0x01);
922 der_match_tag(const unsigned char *p, size_t len,
923 Der_class class, Der_type type,
924 int tag, size_t *size)
932 e = der_get_tag(p, len, &thisclass, &thistype, &thistag, &l);
935 if (class != thisclass || type != thistype)
936 return (ASN1_BAD_ID);
938 return (ASN1_MISPLACED_FIELD);
940 return (ASN1_MISSING_FIELD);
947 der_match_tag_and_length(const unsigned char *p, size_t len,
948 Der_class class, Der_type type, int tag,
949 size_t *length_ret, size_t *size)
954 e = der_match_tag(p, len, class, type, tag, &l);
960 e = der_get_length(p, len, length_ret, &l);
973 decode_enumerated(const unsigned char *p, size_t len, void *num, size_t *size)
979 e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_Enumerated, &l);
985 e = der_get_length(p, len, &reallen, &l);
991 e = der_get_int(p, reallen, num, &l);
1004 decode_octet_string(const unsigned char *p, size_t len,
1005 octet_string *k, size_t *size)
1015 e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_OctetString, &l);
1022 e = der_get_length(p, len, &slen, &l);
1029 return (ASN1_OVERRUN);
1031 e = der_get_octet_string(p, slen, k, &l);
1044 decode_oid(const unsigned char *p, size_t len,
1045 oid *k, size_t *size)
1052 e = der_match_tag(p, len, ASN1_C_UNIV, PRIM, UT_OID, &l);
1059 e = der_get_length(p, len, &slen, &l);
1066 return (ASN1_OVERRUN);
1068 e = der_get_oid(p, slen, k, &l);
1081 fix_dce(size_t reallen, size_t *len)
1083 if (reallen == ASN1_INDEFINITE)
1094 len_unsigned(unsigned val)
1106 length_len(size_t len)
1111 return (len_unsigned((unsigned int)len) + 1);
1118 * All encoding functions take a pointer `p' to first position in which to
1119 * write, from the right, `len' which means the maximum number of characters
1120 * we are able to write. The function returns the number of characters
1121 * written in `size' (if non-NULL). The return value is 0 or an error.
1125 der_put_unsigned(unsigned char *p, size_t len, unsigned val, size_t *size)
1127 unsigned char *base = p;
1130 while (len > 0U && val) {
1136 return (ASN1_OVERFLOW);
1141 } else if (len < 1U)
1142 return (ASN1_OVERFLOW);
1151 der_put_int(unsigned char *p, size_t len, int val, size_t *size)
1153 unsigned char *base = p;
1158 return (ASN1_OVERFLOW);
1165 return (ASN1_OVERFLOW);
1173 return (ASN1_OVERFLOW);
1174 *p-- = ~(val % 256);
1180 return (ASN1_OVERFLOW);
1190 der_put_length(unsigned char *p, size_t len, size_t val, size_t *size)
1193 return (ASN1_OVERFLOW);
1195 *p = (unsigned char)val;
1202 e = der_put_unsigned(p, len - 1, (unsigned int)val, &l);
1206 *p = 0x80 | (unsigned char)l;
1213 der_put_octet_string(unsigned char *p, size_t len,
1214 const octet_string *data, size_t *size)
1216 if (len < data->length)
1217 return (ASN1_OVERFLOW);
1219 len -= data->length;
1221 memmove(p + 1, data->data, data->length);
1222 *size = data->length;
1227 der_put_oid(unsigned char *p, size_t len,
1228 const oid *data, size_t *size)
1230 unsigned char *base = p;
1233 for (n = data->length; n >= 3u; --n) {
1234 unsigned u = data->components[n - 1];
1237 return (ASN1_OVERFLOW);
1243 return (ASN1_OVERFLOW);
1244 *p-- = 128 + u % 128;
1250 return (ASN1_OVERFLOW);
1251 *p-- = 40 * data->components[0] + data->components[1];
1257 der_put_tag(unsigned char *p, size_t len, Der_class class, Der_type type,
1258 int tag, size_t *size)
1261 return (ASN1_OVERFLOW);
1262 *p = (class << 6) | (type << 5) | tag; /* XXX */
1268 der_put_length_and_tag(unsigned char *p, size_t len, size_t len_val,
1269 Der_class class, Der_type type, int tag, size_t *size)
1275 e = der_put_length(p, len, len_val, &l);
1281 e = der_put_tag(p, len, class, type, tag, &l);
1293 encode_enumerated(unsigned char *p, size_t len, const void *data, size_t *size)
1295 unsigned num = *(const unsigned *)data;
1300 e = der_put_int(p, len, num, &l);
1306 e = der_put_length_and_tag(p, len, l, ASN1_C_UNIV, PRIM, UT_Enumerated, &l);
1318 encode_octet_string(unsigned char *p, size_t len,
1319 const octet_string *k, size_t *size)
1325 e = der_put_octet_string(p, len, k, &l);
1331 e = der_put_length_and_tag(p, len, l, ASN1_C_UNIV, PRIM, UT_OctetString, &l);
1343 encode_oid(unsigned char *p, size_t len,
1344 const oid *k, size_t *size)
1350 e = der_put_oid(p, len, k, &l);
1356 e = der_put_length_and_tag(p, len, l, ASN1_C_UNIV, PRIM, UT_OID, &l);
1371 gssapi_encap_length(size_t data_len,
1378 *len = 1 + 1 + mech->length + data_len;
1380 len_len = length_len(*len);
1382 *total_len = 1 + len_len + *len;
1386 gssapi_mech_make_header(u_char *p,
1391 size_t len_len, foo;
1394 len_len = length_len(len);
1395 e = der_put_length(p + len_len - 1, len_len, len, &foo);
1396 if (e || foo != len_len)
1400 *p++ = mech->length;
1401 memmove(p, mech->elements, mech->length);
1407 * Give it a krb5_data and it will encapsulate with extra GSS-API wrappings.
1411 gssapi_spnego_encapsulate(OM_uint32 * minor_status,
1414 gss_buffer_t output_token,
1417 size_t len, outer_len;
1420 gssapi_encap_length(buf_size, &len, &outer_len, mech);
1422 output_token->length = outer_len;
1423 output_token->value = malloc(outer_len);
1424 if (output_token->value == NULL) {
1425 *minor_status = ENOMEM;
1426 return (GSS_S_FAILURE);
1428 p = gssapi_mech_make_header(output_token->value, len, mech);
1430 if (output_token->length != 0U)
1431 gss_release_buffer(minor_status, output_token);
1432 return (GSS_S_FAILURE);
1434 memmove(p, buf, buf_size);
1435 return (GSS_S_COMPLETE);
1438 /* init_sec_context.c */
1440 * SPNEGO wrapper for Kerberos5 GSS-API kouril@ics.muni.cz, 2003 (mostly
1441 * based on Heimdal code)
1445 add_mech(MechTypeList * mech_list, gss_OID mech)
1450 tmp = realloc(mech_list->val, (mech_list->len + 1) * sizeof(*tmp));
1453 mech_list->val = tmp;
1455 ret = der_get_oid(mech->elements, mech->length,
1456 &mech_list->val[mech_list->len], NULL);
1465 * return the length of the mechanism in token or -1
1466 * (which implies that the token was bad - GSS_S_DEFECTIVE_TOKEN
1470 gssapi_krb5_get_mech(const u_char *ptr,
1472 const u_char **mech_ret)
1474 size_t len, len_len, mech_len, foo;
1475 const u_char *p = ptr;
1482 e = der_get_length (p, total_len - 1, &len, &len_len);
1483 if (e || 1 + len_len + len != total_len)
1488 e = der_get_length (p, total_len - 1 - len_len - 1,
1498 spnego_initial(OM_uint32 *minor_status,
1499 const gss_cred_id_t initiator_cred_handle,
1500 gss_ctx_id_t *context_handle,
1501 const gss_name_t target_name,
1502 const gss_OID mech_type,
1503 OM_uint32 req_flags,
1505 const gss_channel_bindings_t input_chan_bindings,
1506 const gss_buffer_t input_token,
1507 gss_OID *actual_mech_type,
1508 gss_buffer_t output_token,
1509 OM_uint32 *ret_flags,
1510 OM_uint32 *time_rec)
1512 NegTokenInit token_init;
1513 OM_uint32 major_status, minor_status2;
1514 gss_buffer_desc krb5_output_token = GSS_C_EMPTY_BUFFER;
1515 unsigned char *buf = NULL;
1522 memset(&token_init, 0, sizeof(token_init));
1524 ret = add_mech(&token_init.mechTypes, GSS_KRB5_MECH);
1526 *minor_status = ret;
1527 ret = GSS_S_FAILURE;
1531 major_status = gss_init_sec_context(minor_status,
1532 initiator_cred_handle,
1538 input_chan_bindings,
1544 if (GSS_ERROR(major_status)) {
1548 if (krb5_output_token.length > 0U) {
1549 token_init.mechToken = malloc(sizeof(*token_init.mechToken));
1550 if (token_init.mechToken == NULL) {
1551 *minor_status = ENOMEM;
1552 ret = GSS_S_FAILURE;
1555 token_init.mechToken->data = krb5_output_token.value;
1556 token_init.mechToken->length = krb5_output_token.length;
1559 * The MS implementation of SPNEGO seems to not like the mechListMIC
1560 * field, so we omit it (it's optional anyway)
1564 buf = malloc(buf_size);
1566 *minor_status = ENOMEM;
1567 ret = GSS_S_FAILURE;
1572 ret = encode_NegTokenInit(buf + buf_size - 1,
1578 ret = der_put_length_and_tag(buf + buf_size - len - 1,
1589 if (ret == ASN1_OVERFLOW) {
1593 tmp = realloc(buf, buf_size);
1595 *minor_status = ENOMEM;
1596 ret = GSS_S_FAILURE;
1601 *minor_status = ret;
1602 ret = GSS_S_FAILURE;
1606 } while (ret == ASN1_OVERFLOW);
1608 ret = gssapi_spnego_encapsulate(minor_status,
1609 buf + buf_size - len, len,
1610 output_token, GSS_SPNEGO_MECH);
1611 if (ret == GSS_S_COMPLETE)
1615 if (token_init.mechToken != NULL) {
1616 free(token_init.mechToken);
1617 token_init.mechToken = NULL;
1619 free_NegTokenInit(&token_init);
1620 if (krb5_output_token.length != 0U)
1621 gss_release_buffer(&minor_status2, &krb5_output_token);
1629 spnego_reply(OM_uint32 *minor_status,
1630 const gss_cred_id_t initiator_cred_handle,
1631 gss_ctx_id_t *context_handle,
1632 const gss_name_t target_name,
1633 const gss_OID mech_type,
1634 OM_uint32 req_flags,
1636 const gss_channel_bindings_t input_chan_bindings,
1637 const gss_buffer_t input_token,
1638 gss_OID *actual_mech_type,
1639 gss_buffer_t output_token,
1640 OM_uint32 *ret_flags,
1641 OM_uint32 *time_rec)
1649 gss_buffer_desc sub_token;
1656 output_token->length = 0;
1657 output_token->value = NULL;
1660 * SPNEGO doesn't include gss wrapping on SubsequentContextToken
1661 * like the Kerberos 5 mech does. But lets check for it anyway.
1664 mech_len = gssapi_krb5_get_mech(input_token->value,
1665 input_token->length,
1669 buf = input_token->value;
1670 buf_size = input_token->length;
1671 } else if ((size_t)mech_len == GSS_KRB5_MECH->length &&
1672 isc_safe_memequal(GSS_KRB5_MECH->elements, p, mech_len))
1673 return (gss_init_sec_context(minor_status,
1674 initiator_cred_handle,
1680 input_chan_bindings,
1686 else if ((size_t)mech_len == GSS_SPNEGO_MECH->length &&
1687 isc_safe_memequal(GSS_SPNEGO_MECH->elements, p, mech_len)) {
1688 ret = gssapi_spnego_decapsulate(minor_status,
1696 return (GSS_S_BAD_MECH);
1698 ret = der_match_tag_and_length(buf, buf_size,
1699 ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
1703 if(len > buf_size - taglen)
1704 return (ASN1_OVERRUN);
1706 ret = decode_NegTokenResp(buf + taglen, len, &resp, NULL);
1708 free_NegTokenResp(&resp);
1709 *minor_status = ENOMEM;
1710 return (GSS_S_FAILURE);
1713 if (resp.negState == NULL ||
1714 *(resp.negState) == reject ||
1715 resp.supportedMech == NULL) {
1716 free_NegTokenResp(&resp);
1717 return (GSS_S_BAD_MECH);
1720 ret = der_put_oid(oidbuf + sizeof(oidbuf) - 1,
1724 if (ret || oidlen != GSS_KRB5_MECH->length ||
1725 !isc_safe_memequal(oidbuf + sizeof(oidbuf) - oidlen,
1726 GSS_KRB5_MECH->elements, oidlen))
1728 free_NegTokenResp(&resp);
1729 return GSS_S_BAD_MECH;
1732 if (resp.responseToken != NULL) {
1733 sub_token.length = resp.responseToken->length;
1734 sub_token.value = resp.responseToken->data;
1736 sub_token.length = 0;
1737 sub_token.value = NULL;
1740 ret = gss_init_sec_context(minor_status,
1741 initiator_cred_handle,
1747 input_chan_bindings,
1754 free_NegTokenResp(&resp);
1759 * XXXSRA I don't think this limited implementation ever needs
1760 * to check the MIC -- our preferred mechanism (Kerberos)
1761 * authenticates its own messages and is the only mechanism
1762 * we'll accept, so if the mechanism negotiation completes
1763 * successfully, we don't need the MIC. See RFC 4178.
1766 free_NegTokenResp(&resp);
1773 gss_init_sec_context_spnego(OM_uint32 *minor_status,
1774 const gss_cred_id_t initiator_cred_handle,
1775 gss_ctx_id_t *context_handle,
1776 const gss_name_t target_name,
1777 const gss_OID mech_type,
1778 OM_uint32 req_flags,
1780 const gss_channel_bindings_t input_chan_bindings,
1781 const gss_buffer_t input_token,
1782 gss_OID *actual_mech_type,
1783 gss_buffer_t output_token,
1784 OM_uint32 *ret_flags,
1785 OM_uint32 *time_rec)
1787 /* Dirty trick to suppress compiler warnings */
1789 /* Figure out whether we're starting over or processing a reply */
1791 if (input_token == GSS_C_NO_BUFFER || input_token->length == 0U)
1792 return (spnego_initial(minor_status,
1793 initiator_cred_handle,
1799 input_chan_bindings,
1806 return (spnego_reply(minor_status,
1807 initiator_cred_handle,
1813 input_chan_bindings,