lib/certmap/sss_certmap_attr_names.c

db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose/*
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    SSSD
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    Library for rule based certificate to user mapping - Attribute name
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    mapping for different implementations
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    Authors:
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose        Sumit Bose <sbose@redhat.com>
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    Copyright (C) 2017 Red Hat
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    This program is free software; you can redistribute it and/or modify
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    it under the terms of the GNU General Public License as published by
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    the Free Software Foundation; either version 3 of the License, or
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    (at your option) any later version.
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    This program is distributed in the hope that it will be useful,
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    but WITHOUT ANY WARRANTY; without even the implied warranty of
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    GNU General Public License for more details.
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    You should have received a copy of the GNU General Public License
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    along with this program.  If not, see <http://www.gnu.org/licenses/>.
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose*/
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose/* NSS data taken from nss-utils:nss/lib/util/secoid.c and
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose * nss:nss/lib/certdb/alg1485.c */
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose/* AD data taken from
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose * https://msdn.microsoft.com/en-us/library/windows/desktop/aa376556%28v=vs.85%29.aspx
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose * and wine source code dlls/crypt32/oid.c  and include/wincrypt.h . */
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose/* OpenSSL data taken from include/openssl/obj_mac.h */
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose#include <stdbool.h>
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose#include <string.h>
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose#include <talloc.h>
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bosestruct oid_attr_name_map {
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    bool nss_ad_differ;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    bool nss_openssl_differ;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    const char *oid;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    const char *nss;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    const char *ad;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    const char *openssl;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose} oid_attr_name_map[] = {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, false, "2.5.4.3",                    "CN",                  "CN",                            "CN"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.8",                    "ST",                  "S",                             "ST"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, false, "2.5.4.10",                   "O",                   "O",                             "O"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, false, "2.5.4.11",                   "OU",                  "OU",                            "OU"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, false, "2.5.4.46",                   "dnQualifier",         "dnQualifier",                   "dnQualifier"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, false, "2.5.4.6",                    "C",                   "C",                             "C"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.5",                    "serialNumber",        "SERIALNUMBER",                  "serialNumber"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, false, "2.5.4.7",                    "L",                   "L",                             "L"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.12",                   "title",               "T",                             "title"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, false, "2.5.4.4",                    "SN",                  "SN",                            "SN"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  true,  "2.5.4.42",                   "givenName",           "G",                             "GN"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.43",                   "initials",            "I",                             "initials"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.44",                   "generationQualifier", "OID.2.5.4.44",                  "generationQualifier"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, false, "0.9.2342.19200300.100.1.25", "DC",                  "DC",                            "DC"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  true,  "0.9.2342.19200300.100.1.3",  "MAIL",                "OID,0.9.2342.19200300.100.1.3", "mail"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "0.9.2342.19200300.100.1.1",  "UID",                 "OID.0.9.2342.19200300.100.1.1", "UID"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  true,  "2.5.4.13",                   "OID.2.5.4.13",        "Description",                   "description"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.16",                   "postalAddress",       "OID.2.5.4.16",                  "postalAddress"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.17",                   "postalCode",          "PostalCode",                    "postalCode"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.18",                   "postOfficeBox",       "POBox",                         "postOfficeBox"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.51",                   "houseIdentifier",     "OID.2.5.4.51",                  "houseIdentifier"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, true,  "1.2.840.113549.1.9.1",       "E",                   "E",                             "emailAddress"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, true,  "2.5.4.9",                    "STREET",              "STREET",                        "street"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.65",                   "pseudonym",           "OID.2.5.4.65",                  "pseudonym"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.15",                   "businessCategory",    "OID.2.5.4.15",                  "businessCategory"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { true,  false, "2.5.4.41",                   "name",                "OID.2.5.4.41",                  "name"},
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    { false, false, NULL, NULL, NULL, NULL}
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose};
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bosechar *check_ad_attr_name(TALLOC_CTX *mem_ctx, const char *rdn)
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose{
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    char *p;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    size_t c;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    size_t len;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    if (rdn == NULL) {
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose        return NULL;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    }
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    p = strchr(rdn, '=');
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    if (p == NULL) {
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose        return NULL;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    }
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    len = p - rdn;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    if (len == 0) {
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose        return NULL;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    }
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    for (c = 0; oid_attr_name_map[c].oid != NULL; c++) {
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose        if (!oid_attr_name_map[c].nss_ad_differ) {
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose            continue;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose        }
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose        if (strlen(oid_attr_name_map[c].nss) != len
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose                    || strncmp(rdn, oid_attr_name_map[c].nss, len) != 0) {
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose            continue;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose        }
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose        return talloc_asprintf(mem_ctx, "%s%s", oid_attr_name_map[c].ad, p);
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    }
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose    return NULL;
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose}
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Boseconst char *openssl_2_nss_attr_name(const char *attr)
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose{
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    size_t c;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    if (attr == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose        return NULL;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    for (c = 0; oid_attr_name_map[c].oid != NULL; c++) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose        if (!oid_attr_name_map[c].nss_openssl_differ) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose            continue;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose        }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose        if (strcmp(attr, oid_attr_name_map[c].openssl) != 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose            continue;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose        }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose        return oid_attr_name_map[c].nss;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose    return attr;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose}