From 2251a7224f488ac20604b6a12ccfe30d99170ef2 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: May 16 2019 01:04:42 +0000
Subject: Return actual data for RFC5587 API


Signed-off-by: Simo Sorce <simo@redhat.com>

---

diff --git a/src/gss_names.c b/src/gss_names.c
index a08eb9c..2253f5f 100644
--- a/src/gss_names.c
+++ b/src/gss_names.c
@@ -716,15 +716,116 @@ uint32_t gssntlm_inquire_mech_for_saslname(OM_uint32 *minor_status,
 
 }
 
+static uint32_t make_ma_oid_set(uint32_t *minor_status, gss_OID_set *ma_set,
+                                int supported)
+{
+    gss_const_OID known_mech_attrs[] = {
+        GSS_C_MA_MECH_CONCRETE,
+        GSS_C_MA_MECH_PSEUDO,
+        GSS_C_MA_MECH_COMPOSITE,
+        GSS_C_MA_MECH_NEGO,
+        GSS_C_MA_MECH_GLUE,
+        GSS_C_MA_NOT_MECH,
+        GSS_C_MA_DEPRECATED,
+        GSS_C_MA_NOT_DFLT_MECH,
+        GSS_C_MA_ITOK_FRAMED,
+        GSS_C_MA_AUTH_INIT,
+        GSS_C_MA_AUTH_TARG,
+        GSS_C_MA_AUTH_INIT_INIT,
+        GSS_C_MA_AUTH_TARG_INIT,
+        GSS_C_MA_AUTH_INIT_ANON,
+        GSS_C_MA_AUTH_TARG_ANON,
+        GSS_C_MA_DELEG_CRED,
+        GSS_C_MA_INTEG_PROT,
+        GSS_C_MA_CONF_PROT,
+        GSS_C_MA_MIC,
+        GSS_C_MA_WRAP,
+        GSS_C_MA_PROT_READY,
+        GSS_C_MA_REPLAY_DET,
+        GSS_C_MA_OOS_DET,
+        GSS_C_MA_CBINDINGS,
+        GSS_C_MA_PFS,
+        GSS_C_MA_COMPRESS,
+        GSS_C_MA_CTX_TRANS,
+        NULL
+    };
+    gss_const_OID supported_mech_attrs[] = {
+        GSS_C_MA_MECH_CONCRETE,
+        GSS_C_MA_NOT_DFLT_MECH,
+        GSS_C_MA_AUTH_INIT,
+        GSS_C_MA_INTEG_PROT,
+        GSS_C_MA_CONF_PROT,
+        GSS_C_MA_MIC,
+        GSS_C_MA_WRAP,
+        GSS_C_MA_OOS_DET,
+        GSS_C_MA_CBINDINGS,
+        GSS_C_MA_CTX_TRANS,
+        NULL
+    };
+    uint32_t maj = 0;
+    uint32_t min = 0;
+    gss_const_OID *array = known_mech_attrs;
+
+    if (supported) {
+        array = supported_mech_attrs;
+    }
+
+    maj = gss_create_empty_oid_set(&min, ma_set);
+    if (maj != GSS_S_COMPLETE) {
+        goto done;
+    }
+    for (int i = 0; array[i] != NULL; i++) {
+        maj = gss_add_oid_set_member(&min, discard_const(array[i]), ma_set);
+        if (maj != GSS_S_COMPLETE) {
+            goto done;
+        }
+    }
+
+done:
+    *minor_status = min;
+    return maj;
+}
+
 uint32_t gssntlm_inquire_attrs_for_mech(uint32_t *minor_status,
 					gss_const_OID mech_oid,
 					gss_OID_set *mech_attrs,
 					gss_OID_set *known_mech_attrs)
 {
-    if (mech_attrs != NULL)
-        *mech_attrs = GSS_C_NO_OID_SET;
-    if (known_mech_attrs != NULL)
-        *known_mech_attrs = GSS_C_NO_OID_SET;
+    gss_OID_set s_ma = GSS_C_NULL_OID_SET;
+    gss_OID_set k_ma = GSS_C_NULL_OID_SET;
+    uint32_t maj = GSS_S_COMPLETE;
+    uint32_t min = 0;
 
-    return GSS_S_COMPLETE;
+    if (mech_oid && !gss_oid_equal(mech_oid, &gssntlm_oid)) {
+        *minor_status = ENOENT;
+        return GSS_S_BAD_MECH;
+    }
+
+    if (mech_attrs != NULL) {
+        maj = make_ma_oid_set(&min, &s_ma, 1);
+        if (maj != GSS_S_COMPLETE) {
+            goto done;
+        }
+    }
+    if (known_mech_attrs != NULL) {
+        maj = make_ma_oid_set(&min, &k_ma, 0);
+        if (maj != GSS_S_COMPLETE) {
+            goto done;
+        }
+    }
+
+done:
+    if (maj != GSS_S_COMPLETE) {
+        gss_release_oid_set(&min, &s_ma);
+        gss_release_oid_set(&min, &k_ma);
+    }
+    if (mech_attrs != NULL) {
+        *mech_attrs = s_ma;
+    }
+    if (known_mech_attrs != NULL) {
+        *known_mech_attrs = k_ma;
+    }
+
+    *minor_status = min;
+    return maj;
 }
diff --git a/tests/ntlmssptest.c b/tests/ntlmssptest.c
index ec78fca..8a83922 100644
--- a/tests/ntlmssptest.c
+++ b/tests/ntlmssptest.c
@@ -2071,6 +2071,98 @@ int test_gssapi_rfc5801(void)
     return 0;
 }
 
+int test_gssapi_rfc5587(void)
+{
+    gss_OID_set mech_attrs;
+    gss_OID_set known_mech_attrs;
+    uint32_t retmin, retmaj;
+
+    retmaj = gssntlm_inquire_attrs_for_mech(&retmin, &gssntlm_oid,
+                                            &mech_attrs, &known_mech_attrs);
+    if (retmaj != GSS_S_COMPLETE) {
+        print_gss_error("gssntlm_inquire_attrs_for_mech() failed!",
+                        retmaj, retmin);
+        return EINVAL;
+    }
+
+    if (mech_attrs == GSS_C_NULL_OID_SET) {
+        fprintf(stderr, "mech_attrs returned empty\n");
+        return EINVAL;
+    }
+
+    if (known_mech_attrs == GSS_C_NULL_OID_SET) {
+        fprintf(stderr, "known_mech_attrs returned empty\n");
+        return EINVAL;
+    }
+
+    if (mech_attrs->count != 10) {
+        fprintf(stderr, "expected 10 mech_attr oids, got %lu\n",
+                mech_attrs->count);
+        return EINVAL;
+    }
+
+#define CHECK_MA(A, X) \
+do { \
+    int i; \
+    for (i = 0; i < A->count; i++) { \
+        if ((A->elements[i].length == X->length) && \
+            (memcmp(A->elements[i].elements, \
+                    X->elements, X->length) == 0)) break; \
+    } \
+    if (i >= A->count) { \
+        fprintf(stderr, #X " is missing from " #A " set\n"); \
+        return EINVAL; \
+    } \
+} while(0)
+
+    CHECK_MA(mech_attrs, GSS_C_MA_MECH_CONCRETE);
+    CHECK_MA(mech_attrs, GSS_C_MA_NOT_DFLT_MECH);
+    CHECK_MA(mech_attrs, GSS_C_MA_AUTH_INIT);
+    CHECK_MA(mech_attrs, GSS_C_MA_INTEG_PROT);
+    CHECK_MA(mech_attrs, GSS_C_MA_CONF_PROT);
+    CHECK_MA(mech_attrs, GSS_C_MA_MIC);
+    CHECK_MA(mech_attrs, GSS_C_MA_WRAP);
+    CHECK_MA(mech_attrs, GSS_C_MA_OOS_DET);
+    CHECK_MA(mech_attrs, GSS_C_MA_CBINDINGS);
+    CHECK_MA(mech_attrs, GSS_C_MA_CTX_TRANS);
+
+    if (known_mech_attrs->count != 27) {
+        fprintf(stderr, "expected 27 known_mech_attr oids, got %lu\n",
+                known_mech_attrs->count);
+        return EINVAL;
+    }
+
+    CHECK_MA(known_mech_attrs, GSS_C_MA_MECH_CONCRETE);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_MECH_PSEUDO);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_MECH_COMPOSITE);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_MECH_NEGO);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_MECH_GLUE);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_NOT_MECH);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_DEPRECATED);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_NOT_DFLT_MECH);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_ITOK_FRAMED);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_AUTH_INIT);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_AUTH_TARG);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_AUTH_INIT_INIT);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_AUTH_TARG_INIT);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_AUTH_INIT_ANON);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_AUTH_TARG_ANON);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_DELEG_CRED);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_INTEG_PROT);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_CONF_PROT);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_MIC);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_WRAP);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_PROT_READY);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_REPLAY_DET);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_OOS_DET);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_CBINDINGS);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_PFS);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_COMPRESS);
+    CHECK_MA(known_mech_attrs, GSS_C_MA_CTX_TRANS);
+
+    return 0;
+}
+
 int main(int argc, const char *argv[])
 {
     struct ntlm_ctx *ctx;
@@ -2238,6 +2330,10 @@ int main(int argc, const char *argv[])
     ret = test_gssapi_rfc5801();
     fprintf(stdout, "Test: %s\n", (ret ? "FAIL":"SUCCESS"));
 
+    fprintf(stdout, "Test RFC5587 SPI\n");
+    ret = test_gssapi_rfc5587();
+    fprintf(stdout, "Test: %s\n", (ret ? "FAIL":"SUCCESS"));
+
 done:
     ntlm_free_ctx(&ctx);
     return ret;