Difference between revisions of "Projects/GS2"
From K5Wiki
< Projects
(New page: {{project-early}} {{project-target|1.9}} ==Background== Implement GSS_Inquire_SASLname_for_mech and GSS_Inquire_mech_for_SASLname as defined in [url http://tools.ietf.org/html/draft-ietf...) |
(→Status) |
||
| Line 35: | Line 35: | ||
Implemented and tested with a prototype GS2 implementation, as well as a mechanism plugin. |
Implemented and tested with a prototype GS2 implementation, as well as a mechanism plugin. |
||
| + | |||
| + | A test program is in src/tests/gssapi/t_saslname.c. |
||
| + | |||
| + | <pre> |
||
| + | |||
| + | [rand:src/tests/gssapi] lukeh% ./t_saslname |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 2 840 113554 1 2 2 } |
||
| + | SASL mech: GS2-KRB5 |
||
| + | Mech name: krb5 |
||
| + | Mech desc: Kerberos 5 GSS-API Mechanism |
||
| + | ------------------------------------------------------------------------------ |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 3 5 1 5 2 } |
||
| + | SASL mech: GS2-KRB5 |
||
| + | Mech name: krb5 |
||
| + | Mech desc: Kerberos 5 GSS-API Mechanism |
||
| + | ------------------------------------------------------------------------------ |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 2 840 48018 1 2 2 } |
||
| + | SASL mech: GS2-KRB5 |
||
| + | Mech name: krb5 |
||
| + | Mech desc: Kerberos 5 GSS-API Mechanism |
||
| + | ------------------------------------------------------------------------------ |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 3 6 1 5 2 5 } |
||
| + | SASL mech: GS2-KRB5 |
||
| + | Mech name: krb5 |
||
| + | Mech desc: Kerberos 5 GSS-API Mechanism |
||
| + | ------------------------------------------------------------------------------ |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 3 6 1 5 5 2 } |
||
| + | SASL mech: SPNEGO |
||
| + | Mech name: spnego |
||
| + | Mech desc: Simple and Protected GSS-API Negotiation Mechanism |
||
| + | ------------------------------------------------------------------------------ |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 3 6 1 4 1 5322 21 1 } |
||
| + | SASL mech: GS2-EAP |
||
| + | Mech name: eap |
||
| + | Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol |
||
| + | ------------------------------------------------------------------------------ |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 3 6 1 4 1 5322 21 1 16 } |
||
| + | SASL mech: GS2-ZGMBGB5SLBQ |
||
| + | Mech name: eap-des3-cbc-sha1 |
||
| + | Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol |
||
| + | ------------------------------------------------------------------------------ |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 3 6 1 4 1 5322 21 1 17 } |
||
| + | SASL mech: GS2-EAP-AES128 |
||
| + | Mech name: eap-aes128-cts-hmac-sha1-96 |
||
| + | Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol |
||
| + | ------------------------------------------------------------------------------ |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 3 6 1 4 1 5322 21 1 18 } |
||
| + | SASL mech: GS2-EAP-AES256 |
||
| + | Mech name: eap-aes256-cts-hmac-sha1-96 |
||
| + | Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol |
||
| + | ------------------------------------------------------------------------------ |
||
| + | ------------------------------------------------------------------------------ |
||
| + | OID : { 1 3 6 1 4 1 5322 21 1 23 } |
||
| + | SASL mech: GS2-6PUERUGDUSC |
||
| + | Mech name: eap-arcfour-hmac |
||
| + | Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol |
||
| + | ------------------------------------------------------------------------------ |
||
| + | </pre> |
||
==Examples== |
==Examples== |
||
Revision as of 08:32, 25 September 2010
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.
This project is targeted at release 1.9.
Background
Implement GSS_Inquire_SASLname_for_mech and GSS_Inquire_mech_for_SASLname as defined in [url http://tools.ietf.org/html/draft-ietf-sasl-gs2-20]draft-ietf-sasl-gs2-20[/url].
Architecture
These APIs provide a bidirectional mapping between GSS OIDs and SASL mechanism names. In the case of no mapping, the mechanism glue synthesises a SASL name using a base-32 encoded SHA-1 of the OID.
Implementation
The implementations live in src/lib/gssapi/mechglue/g_saslname.c.
OM_uint32 KRB5_CALLCONV gss_inquire_saslname_for_mech(
OM_uint32 *minor_status,
const gss_OID desired_mech,
gss_buffer_t sasl_mech_name,
gss_buffer_t mech_name,
gss_buffer_t mech_description);
OM_uint32 KRB5_CALLCONV gss_inquire_mech_for_saslname(
OM_uint32 *minor_status,
const gss_buffer_t sasl_mech_name,
gss_OID *mech_type);
If a mechanism does not provide the entry point or returns GSS_S_BAD_MECH, then the name is mapped as described above.
The Kerberos and SPNEGO mechanisms have been updated to return GS2-KRB5 and SPNEGO, respectively, as their SASL names.
Status
Implemented and tested with a prototype GS2 implementation, as well as a mechanism plugin.
A test program is in src/tests/gssapi/t_saslname.c.
[rand:src/tests/gssapi] lukeh% ./t_saslname
------------------------------------------------------------------------------
OID : { 1 2 840 113554 1 2 2 }
SASL mech: GS2-KRB5
Mech name: krb5
Mech desc: Kerberos 5 GSS-API Mechanism
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID : { 1 3 5 1 5 2 }
SASL mech: GS2-KRB5
Mech name: krb5
Mech desc: Kerberos 5 GSS-API Mechanism
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID : { 1 2 840 48018 1 2 2 }
SASL mech: GS2-KRB5
Mech name: krb5
Mech desc: Kerberos 5 GSS-API Mechanism
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID : { 1 3 6 1 5 2 5 }
SASL mech: GS2-KRB5
Mech name: krb5
Mech desc: Kerberos 5 GSS-API Mechanism
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID : { 1 3 6 1 5 5 2 }
SASL mech: SPNEGO
Mech name: spnego
Mech desc: Simple and Protected GSS-API Negotiation Mechanism
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID : { 1 3 6 1 4 1 5322 21 1 }
SASL mech: GS2-EAP
Mech name: eap
Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID : { 1 3 6 1 4 1 5322 21 1 16 }
SASL mech: GS2-ZGMBGB5SLBQ
Mech name: eap-des3-cbc-sha1
Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID : { 1 3 6 1 4 1 5322 21 1 17 }
SASL mech: GS2-EAP-AES128
Mech name: eap-aes128-cts-hmac-sha1-96
Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID : { 1 3 6 1 4 1 5322 21 1 18 }
SASL mech: GS2-EAP-AES256
Mech name: eap-aes256-cts-hmac-sha1-96
Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol
------------------------------------------------------------------------------
------------------------------------------------------------------------------
OID : { 1 3 6 1 4 1 5322 21 1 23 }
SASL mech: GS2-6PUERUGDUSC
Mech name: eap-arcfour-hmac
Mech desc: A GSS-API Mechanism for the Extensible Authentication Protocol
------------------------------------------------------------------------------
Examples
A list of GS2 mechanisms.
