diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:20:00 +0000 |
commit | 8daa83a594a2e98f39d764422bfbdbc62c9efd44 (patch) | |
tree | 4099e8021376c7d8c05bdf8503093d80e9c7bad0 /third_party/heimdal/lib/gssapi/sanon/import_name.c | |
parent | Initial commit. (diff) | |
download | samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.tar.xz samba-8daa83a594a2e98f39d764422bfbdbc62c9efd44.zip |
Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/heimdal/lib/gssapi/sanon/import_name.c')
-rw-r--r-- | third_party/heimdal/lib/gssapi/sanon/import_name.c | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/gssapi/sanon/import_name.c b/third_party/heimdal/lib/gssapi/sanon/import_name.c new file mode 100644 index 0000000..1a228b6 --- /dev/null +++ b/third_party/heimdal/lib/gssapi/sanon/import_name.c @@ -0,0 +1,163 @@ +/* + * Copyright (c) 2019-2020, AuriStor, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sanon_locl.h" + +static int +is_anonymous_identity_p(gss_buffer_t name_string, gss_OID name_type) +{ + if (gss_oid_equal(name_type, GSS_C_NT_ANONYMOUS)) + return TRUE; + else if ((name_type == GSS_C_NO_OID || + gss_oid_equal(name_type, GSS_C_NT_USER_NAME) || + gss_oid_equal(name_type, GSS_KRB5_NT_PRINCIPAL_NAME)) && + buffer_equal_p(name_string, _gss_sanon_wellknown_user_name)) + return TRUE; + else if (gss_oid_equal(name_type, GSS_C_NT_HOSTBASED_SERVICE) && + buffer_equal_p(name_string, _gss_sanon_wellknown_service_name)) + return TRUE; + + return FALSE; +} + +static krb5_error_code +storage_ret_der_oid(krb5_storage *sp, gss_OID_desc *oid) +{ + krb5_error_code ret; + uint16_t der_oid_len; + uint8_t oid_len, tag; + + oid->length = 0; + oid->elements = NULL; + + ret = krb5_ret_uint16(sp, &der_oid_len); + if (ret == 0) + ret = krb5_ret_uint8(sp, &tag); + if (ret == 0) + ret = krb5_ret_uint8(sp, &oid_len); + if (ret) + return ret; + if (tag != 0x06) + return EINVAL; + + if (der_oid_len != 2 + oid_len) + return EINVAL; + + oid->elements = malloc(oid_len); + if (oid->elements == NULL) + return ENOMEM; + + if (krb5_storage_read(sp, oid->elements, oid_len) != oid_len) { + free(oid->elements); + oid->elements = NULL; + oid->length = 0; + return EINVAL; + } + + oid->length = oid_len; + + return 0; +} + +static OM_uint32 +import_export_name(OM_uint32 *minor, + const gss_buffer_t input_name_buffer, + gss_name_t *output_name) +{ + OM_uint32 major; + krb5_error_code ret; + krb5_storage *sp; + uint32_t name_len = 0; + uint16_t tok_id; + gss_OID_desc oid_buf = { 0, NULL }; + uint8_t is_anonymous; + + sp = krb5_storage_from_readonly_mem(input_name_buffer->value, + input_name_buffer->length); + if (sp == NULL) { + *minor = ENOMEM; + return GSS_S_FAILURE; + } + + krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_BE); + + major = GSS_S_BAD_NAME; + *minor = 0; + + ret = krb5_ret_uint16(sp, &tok_id); + if (ret == 0 && tok_id != 0x0401) + ret = EINVAL; + if (ret == 0) + ret = storage_ret_der_oid(sp, &oid_buf); + if (ret == 0) { + if (!gss_oid_equal(&oid_buf, GSS_SANON_X25519_MECHANISM)) + ret = EINVAL; + free(oid_buf.elements); + } + if (ret == 0) + ret = krb5_ret_uint32(sp, &name_len); + if (ret == 0) + ret = krb5_ret_uint8(sp, &is_anonymous); + if (ret == 0) { + if (name_len != 1) + ret = EINVAL; + if (is_anonymous == 1) { + *output_name = _gss_sanon_anonymous_identity; + major = GSS_S_COMPLETE; + } else { + major = GSS_S_BAD_NAME; + } + } + + krb5_storage_free(sp); + + if (*minor == 0) + *minor = ret; + + return major; +} + +OM_uint32 GSSAPI_CALLCONV +_gss_sanon_import_name(OM_uint32 *minor, + const gss_buffer_t input_name_buffer, + const gss_OID input_name_type, + gss_name_t *output_name) +{ + if (gss_oid_equal(input_name_type, GSS_C_NT_EXPORT_NAME)) + return import_export_name(minor, input_name_buffer, output_name); + + *minor = 0; + *output_name = + is_anonymous_identity_p(input_name_buffer, input_name_type) ? + _gss_sanon_anonymous_identity : _gss_sanon_non_anonymous_identity; + + return GSS_S_COMPLETE; +} |