/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c

  1/*
  2 * Copyright (c) 2004, PADL Software Pty Ltd.
  3 * All rights reserved.
  4 *
  5 * Redistribution and use in source and binary forms, with or without
  6 * modification, are permitted provided that the following conditions
  7 * are met:
  8 *
  9 * 1. Redistributions of source code must retain the above copyright
 10 *    notice, this list of conditions and the following disclaimer.
 11 *
 12 * 2. Redistributions in binary form must reproduce the above copyright
 13 *    notice, this list of conditions and the following disclaimer in the
 14 *    documentation and/or other materials provided with the distribution.
 15 *
 16 * 3. Neither the name of PADL Software nor the names of its contributors
 17 *    may be used to endorse or promote products derived from this software
 18 *    without specific prior written permission.
 19 *
 20 * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 23 * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 30 * SUCH DAMAGE.
 31 */
 32
 33#include "spnego_locl.h"
 34
 35OM_uint32 GSSAPI_CALLCONV
 36_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
 37{
 38    OM_uint32 ret;
 39
 40    *minor_status = 0;
 41
 42    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
 43	return GSS_S_COMPLETE;
 44
 45    ret = gss_release_cred(minor_status, cred_handle);
 46
 47    *cred_handle = GSS_C_NO_CREDENTIAL;
 48
 49    return ret;
 50}
 51
 52/*
 53 * For now, just a simple wrapper that avoids recursion. When
 54 * we support gss_{get,set}_neg_mechs() we will need to expose
 55 * more functionality.
 56 */
 57OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
 58(OM_uint32 *minor_status,
 59 const gss_name_t desired_name,
 60 OM_uint32 time_req,
 61 const gss_OID_set desired_mechs,
 62 gss_cred_usage_t cred_usage,
 63 gss_cred_id_t * output_cred_handle,
 64 gss_OID_set * actual_mechs,
 65 OM_uint32 * time_rec
 66    )
 67{
 68    const spnego_name dname = (const spnego_name)desired_name;
 69    gss_name_t name = GSS_C_NO_NAME;
 70    OM_uint32 ret, tmp;
 71    gss_OID_set_desc actual_desired_mechs;
 72    gss_OID_set mechs;
 73    size_t i, j;
 74
 75    *output_cred_handle = GSS_C_NO_CREDENTIAL;
 76
 77    if (dname) {
 78	ret = gss_import_name(minor_status, &dname->value, &dname->type, &name);
 79	if (ret) {
 80	    return ret;
 81	}
 82    }
 83
 84    ret = gss_indicate_mechs(minor_status, &mechs);
 85    if (ret != GSS_S_COMPLETE) {
 86	gss_release_name(minor_status, &name);
 87	return ret;
 88    }
 89
 90    /* Remove ourselves from this list */
 91    actual_desired_mechs.count = mechs->count;
 92    actual_desired_mechs.elements = malloc(actual_desired_mechs.count *
 93					   sizeof(gss_OID_desc));
 94    if (actual_desired_mechs.elements == NULL) {
 95	*minor_status = ENOMEM;
 96	ret = GSS_S_FAILURE;
 97	goto out;
 98    }
 99
100    for (i = 0, j = 0; i < mechs->count; i++) {
101	if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
102	    continue;
103
104	actual_desired_mechs.elements[j] = mechs->elements[i];
105	j++;
106    }
107    actual_desired_mechs.count = j;
108
109    ret = gss_acquire_cred(minor_status, name,
110			   time_req, &actual_desired_mechs,
111			   cred_usage,
112			   output_cred_handle,
113			   actual_mechs, time_rec);
114    if (ret != GSS_S_COMPLETE)
115	goto out;
116
117out:
118    gss_release_name(minor_status, &name);
119    gss_release_oid_set(&tmp, &mechs);
120    if (actual_desired_mechs.elements != NULL) {
121	free(actual_desired_mechs.elements);
122    }
123    if (ret != GSS_S_COMPLETE) {
124	_gss_spnego_release_cred(&tmp, output_cred_handle);
125    }
126
127    return ret;
128}
129
130OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
131           (OM_uint32 * minor_status,
132            const gss_cred_id_t cred_handle,
133            gss_name_t * name,
134            OM_uint32 * lifetime,
135            gss_cred_usage_t * cred_usage,
136            gss_OID_set * mechanisms
137           )
138{
139    spnego_name sname = NULL;
140    OM_uint32 ret;
141
142    if (cred_handle == GSS_C_NO_CREDENTIAL) {
143	*minor_status = 0;
144	return GSS_S_NO_CRED;
145    }
146
147    if (name) {
148	sname = calloc(1, sizeof(*sname));
149	if (sname == NULL) {
150	    *minor_status = ENOMEM;
151	    return GSS_S_FAILURE;
152	}
153    }
154
155    ret = gss_inquire_cred(minor_status,
156			   cred_handle,
157			   sname ? &sname->mech : NULL,
158			   lifetime,
159			   cred_usage,
160			   mechanisms);
161    if (ret) {
162	if (sname)
163	    free(sname);
164	return ret;
165    }
166    if (name)
167	*name = (gss_name_t)sname;
168
169    return ret;
170}
171
172OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
173            OM_uint32 * minor_status,
174            const gss_cred_id_t cred_handle,
175            const gss_OID mech_type,
176            gss_name_t * name,
177            OM_uint32 * initiator_lifetime,
178            OM_uint32 * acceptor_lifetime,
179            gss_cred_usage_t * cred_usage
180           )
181{
182    spnego_name sname = NULL;
183    OM_uint32 ret;
184
185    if (cred_handle == GSS_C_NO_CREDENTIAL) {
186	*minor_status = 0;
187	return GSS_S_NO_CRED;
188    }
189
190    if (name) {
191	sname = calloc(1, sizeof(*sname));
192	if (sname == NULL) {
193	    *minor_status = ENOMEM;
194	    return GSS_S_FAILURE;
195	}
196    }
197
198    ret = gss_inquire_cred_by_mech(minor_status,
199				   cred_handle,
200				   mech_type,
201				   sname ? &sname->mech : NULL,
202				   initiator_lifetime,
203				   acceptor_lifetime,
204				   cred_usage);
205
206    if (ret) {
207	if (sname)
208	    free(sname);
209	return ret;
210    }
211    if (name)
212	*name = (gss_name_t)sname;
213
214    return GSS_S_COMPLETE;
215}
216
217OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
218           (OM_uint32 * minor_status,
219            const gss_cred_id_t cred_handle,
220            const gss_OID desired_object,
221            gss_buffer_set_t *data_set)
222{
223    OM_uint32 ret;
224
225    if (cred_handle == GSS_C_NO_CREDENTIAL) {
226	*minor_status = 0;
227	return GSS_S_NO_CRED;
228    }
229
230    ret = gss_inquire_cred_by_oid(minor_status,
231				  cred_handle,
232				  desired_object,
233				  data_set);
234
235    return ret;
236}
237
238OM_uint32 GSSAPI_CALLCONV
239_gss_spnego_set_cred_option (OM_uint32 *minor_status,
240			     gss_cred_id_t *cred_handle,
241			     const gss_OID object,
242			     const gss_buffer_t value)
243{
244    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
245	*minor_status = 0;
246	return GSS_S_NO_CRED;
247    }
248
249    return gss_set_cred_option(minor_status,
250			      cred_handle,
251			      object,
252			      value);
253}
254
255#if 0
256
257OM_uint32 GSSAPI_CALLCONV
258_gss_spnego_export_cred (OM_uint32 *minor_status,
259			 gss_cred_id_t cred_handle,
260			 gss_buffer_t value)
261{
262    return gss_export_cred(minor_status, cred_handle, value);
263}
264
265OM_uint32 GSSAPI_CALLCONV
266_gss_spnego_import_cred (OM_uint32 *minor_status,
267			 gss_buffer_t value,
268			 gss_cred_id_t *cred_handle)
269{
270    return gss_import_cred(minor_status, value, cred_handle);
271}
272
273#endif