Heimdal/Mac support for the examples

Author: jake-scott

.gitignore

@@ -6,6 +6,7 @@
 *.dylib
 *.o
 *.class
+*.swp
 
 examples/c/gss-client-c
 examples/c/gss-server-c

examples/c/Makefile

@@ -6,8 +6,11 @@ OBJS = $(SRC:.c=.o)
 
 all: $(BINS)
 
+export CPPFLAGS = -I/usr/local/opt/heimdal/include
+export LDFLAGS = -L/usr/local/opt/heimdal/lib  -lgssapi
+
 gss-server-c: gss-server.o gss-misc.o
-	$(CC) -g -o $@ $^ -lgssapi_krb5
+	$(CC) -g -o $@ $^ ${LDFLAGS}
 
 gss-client-c: gss-client.o gss-misc.o
-	$(CC) -g -o $@ $^ -lgssapi_krb5
+	$(CC) -g -o $@ $^ ${LDFLAGS}

examples/c/gss-client.c

@@ -35,10 +35,20 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <stdbool.h>
+#include <limits.h>
+#include <assert.h>
 
 #include <gssapi/gssapi.h>
 #include "gss-misc.h"
 
+#if !defined (GSS_EMPTY_BUFFER)
+#define GSS_EMPTY_BUFFER(buf)   ((buf) == NULL ||                       \
+                                 (buf)->value == NULL || (buf)->length == 0)
+#endif
+
+OM_uint32 gss_str_to_oid(OM_uint32 *minor_status, gss_buffer_t oid_str, gss_OID *oid_out);
+
+
 void usage()
 {
      fprintf(stderr, "Usage: gss-client [-port port] [-d] [-seal] [-mutual] host service \
@@ -559,4 +569,120 @@ int main(argc, argv)
          (void) gss_release_oid(&min_stat, &oid);
 
      return 0;
-}
+}
+
+/* Return the length of a DER OID subidentifier encoding. */
+static size_t
+arc_encoded_length(unsigned long arc)
+{
+    size_t len = 1;
+
+    for (arc >>= 7; arc; arc >>= 7)
+        len++;
+    return len;
+}
+
+/* Encode a subidentifier into *bufp and advance it to the encoding's end. */
+static void
+arc_encode(unsigned long arc, unsigned char **bufp)
+{
+    unsigned char *p;
+
+    /* Advance to the end and encode backwards. */
+    p = *bufp = *bufp + arc_encoded_length(arc);
+    *--p = arc & 0x7f;
+    for (arc >>= 7; arc; arc >>= 7)
+        *--p = (arc & 0x7f) | 0x80;
+}
+
+
+static int
+get_arc(const unsigned char **bufp, const unsigned char *end,
+        unsigned long *arc_out)
+{
+    const unsigned char *p = *bufp;
+    unsigned long arc = 0, newval;
+
+    if (p == end || !isdigit(*p))
+        return 0;
+    for (; p < end && isdigit(*p); p++) {
+        newval = arc * 10 + (*p - '0');
+        if (newval < arc)
+            return 0;
+        arc = newval;
+    }
+    while (p < end && (isspace(*p) || *p == '.'))
+        p++;
+    *bufp = p;
+    *arc_out = arc;
+    return 1;
+}
+
+OM_uint32 gss_str_to_oid(OM_uint32 *minor_status, gss_buffer_t oid_str, gss_OID *oid_out)
+{
+    const unsigned char *p, *end, *arc3_start;
+    unsigned char *out;
+    unsigned long arc, arc1, arc2;
+    size_t nbytes;
+    int brace = 0;
+    gss_OID oid;
+
+    if (minor_status != NULL)
+        *minor_status = 0;
+
+    if (oid_out != NULL)
+        *oid_out = GSS_C_NO_OID;
+
+    if (GSS_EMPTY_BUFFER(oid_str))
+        return (GSS_S_CALL_INACCESSIBLE_READ);
+
+    if (oid_out == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
+
+    /* Skip past initial spaces and, optionally, an open brace. */
+    brace = 0;
+    p = oid_str->value;
+    end = p + oid_str->length;
+    while (p < end && isspace(*p))
+        p++;
+    if (p < end && *p == '{') {
+        brace = 1;
+        p++;
+    }
+    while (p < end && isspace(*p))
+        p++;
+
+    /* Get the first two arc values, to be encoded as one subidentifier. */
+    if (!get_arc(&p, end, &arc1) || !get_arc(&p, end, &arc2))
+        return (GSS_S_FAILURE);
+    if (arc1 > 2 || (arc1 < 2 && arc2 > 39) || arc2 > ULONG_MAX - 80)
+        return (GSS_S_FAILURE);
+    arc3_start = p;
+
+    /* Compute the total length of the encoding while checking syntax. */
+    nbytes = arc_encoded_length(arc1 * 40 + arc2);
+    while (get_arc(&p, end, &arc))
+        nbytes += arc_encoded_length(arc);
+    if (brace && (p == end || *p != '}'))
+        return (GSS_S_FAILURE);
+
+    /* Allocate an oid structure. */
+    oid = malloc(sizeof(*oid));
+    if (oid == NULL)
+        return (GSS_S_FAILURE);
+    oid->elements = malloc(nbytes);
+    if (oid->elements == NULL) {
+        free(oid);
+        return (GSS_S_FAILURE);
+    }
+    oid->length = nbytes;
+
+    out = oid->elements;
+    arc_encode(arc1 * 40 + arc2, &out);
+    p = arc3_start;
+    while (get_arc(&p, end, &arc))
+        arc_encode(arc, &out);
+    assert(out - nbytes == oid->elements);
+    *oid_out = oid;
+    return(GSS_S_COMPLETE);
+}

examples/go/go.mod

@@ -1,9 +1,11 @@
 module examples
 
-go 1.22.4
+go 1.21
 
 replace github.com/golang-auth/go-gssapi/v3 => ../../v3
 
-require github.com/golang-auth/go-gssapi/v3 v3.0.0-alpha
+replace github.com/golang-auth/go-gssapi-c => ../../../go-gssapi-c
+
+require github.com/golang-auth/go-gssapi/v3 v3.0.0-alpha.1
 
 require github.com/golang-auth/go-gssapi-c v0.0.0-20240828194135-955ba90d4511

examples/go/go.sum

@@ -1,9 +1,5 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/golang-auth/go-gssapi-c v0.0.0-20240827133603-e7af9f04586a h1:qdMspd9EVKyHD4PqzYpCDpWaBwdm4oBY1u631biS/3U=
-github.com/golang-auth/go-gssapi-c v0.0.0-20240827133603-e7af9f04586a/go.mod h1:7+YbBfLmM3gMF6DoCfjZFQBx1SXj1Uru6Y2tl77nhJ8=
-github.com/golang-auth/go-gssapi-c v0.0.0-20240828194135-955ba90d4511 h1:k9cgAxS+AYKwAN7/moi03LK3EjTFUKeMRh9Cu2j4/D0=
-github.com/golang-auth/go-gssapi-c v0.0.0-20240828194135-955ba90d4511/go.mod h1:rb9NLAgRMfr732Kvm1mOH5J6eIx/WULl8rAFNXSzGqY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=

examples/testvectors/krb5.conf

@@ -6,3 +6,5 @@ dns_lookup_kdc = false
 dns_uri_lookup = false
 rdns = false
 
+supported_enctypes = aes256-cts-hmac-sha384-192,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha256-128,aes128-cts-hmac-sha1-96
+

examples/testvectors/openssl.conf

@@ -0,0 +1,14 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = provider_sect
+
+[provider_sect]
+default = default_sect
+legacy = legacy_sect
+
+[default_sect]
+activate = 1
+
+[legacy_sect]
+activate = 1