Projects/GS2
Background
Implement GSS_Inquire_SASLname_for_mech and GSS_Inquire_mech_for_SASLname as defined in [url http://tools.ietf.org/html/draft-ietf-sasl-gs2-20]draft-ietf-sasl-gs2-20[/url].
Architecture
These APIs provide a bidirectional mapping between GSS OIDs and SASL mechanism names. In the case of no mapping, the mechanism glue synthesises a SASL name using a base-32 encoded SHA-1 of the OID.
Implementation
The implementations live in src/lib/gssapi/mechglue/g_saslname.c.
OM_uint32 KRB5_CALLCONV gss_inquire_saslname_for_mech( OM_uint32 *minor_status, const gss_OID desired_mech, gss_buffer_t sasl_mech_name, gss_buffer_t mech_name, gss_buffer_t mech_description); OM_uint32 KRB5_CALLCONV gss_inquire_mech_for_saslname( OM_uint32 *minor_status, const gss_buffer_t sasl_mech_name, gss_OID *mech_type);
If a mechanism does not provide the entry point or returns GSS_S_BAD_MECH, then the name is mapped as described above.
The Kerberos and SPNEGO mechanisms have been updated to return GS2-KRB5 and SPNEGO, respectively, as their SASL names.
Status
Implemented and tested with a prototype GS2 implementation, as well as a mechanism plugin.
A test program is in src/tests/gssapi/t_saslname.c.
Examples
A list of GS2 mechanisms.