/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 273 lines · 198 code · 38 blank · 37 comment · 40 complexity · 74eba564715633840bab4d447c02aae7 MD5 · raw file

  1. /*
  2. * Copyright (c) 2004, PADL Software Pty Ltd.
  3. * All rights reserved.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions
  7. * are met:
  8. *
  9. * 1. Redistributions of source code must retain the above copyright
  10. * notice, this list of conditions and the following disclaimer.
  11. *
  12. * 2. Redistributions in binary form must reproduce the above copyright
  13. * notice, this list of conditions and the following disclaimer in the
  14. * documentation and/or other materials provided with the distribution.
  15. *
  16. * 3. Neither the name of PADL Software nor the names of its contributors
  17. * may be used to endorse or promote products derived from this software
  18. * without specific prior written permission.
  19. *
  20. * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
  21. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23. * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
  24. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30. * SUCH DAMAGE.
  31. */
  32. #include "spnego_locl.h"
  33. OM_uint32 GSSAPI_CALLCONV
  34. _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
  35. {
  36. OM_uint32 ret;
  37. *minor_status = 0;
  38. if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
  39. return GSS_S_COMPLETE;
  40. ret = gss_release_cred(minor_status, cred_handle);
  41. *cred_handle = GSS_C_NO_CREDENTIAL;
  42. return ret;
  43. }
  44. /*
  45. * For now, just a simple wrapper that avoids recursion. When
  46. * we support gss_{get,set}_neg_mechs() we will need to expose
  47. * more functionality.
  48. */
  49. OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
  50. (OM_uint32 *minor_status,
  51. const gss_name_t desired_name,
  52. OM_uint32 time_req,
  53. const gss_OID_set desired_mechs,
  54. gss_cred_usage_t cred_usage,
  55. gss_cred_id_t * output_cred_handle,
  56. gss_OID_set * actual_mechs,
  57. OM_uint32 * time_rec
  58. )
  59. {
  60. const spnego_name dname = (const spnego_name)desired_name;
  61. gss_name_t name = GSS_C_NO_NAME;
  62. OM_uint32 ret, tmp;
  63. gss_OID_set_desc actual_desired_mechs;
  64. gss_OID_set mechs;
  65. size_t i, j;
  66. *output_cred_handle = GSS_C_NO_CREDENTIAL;
  67. if (dname) {
  68. ret = gss_import_name(minor_status, &dname->value, &dname->type, &name);
  69. if (ret) {
  70. return ret;
  71. }
  72. }
  73. ret = gss_indicate_mechs(minor_status, &mechs);
  74. if (ret != GSS_S_COMPLETE) {
  75. gss_release_name(minor_status, &name);
  76. return ret;
  77. }
  78. /* Remove ourselves from this list */
  79. actual_desired_mechs.count = mechs->count;
  80. actual_desired_mechs.elements = malloc(actual_desired_mechs.count *
  81. sizeof(gss_OID_desc));
  82. if (actual_desired_mechs.elements == NULL) {
  83. *minor_status = ENOMEM;
  84. ret = GSS_S_FAILURE;
  85. goto out;
  86. }
  87. for (i = 0, j = 0; i < mechs->count; i++) {
  88. if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
  89. continue;
  90. actual_desired_mechs.elements[j] = mechs->elements[i];
  91. j++;
  92. }
  93. actual_desired_mechs.count = j;
  94. ret = gss_acquire_cred(minor_status, name,
  95. time_req, &actual_desired_mechs,
  96. cred_usage,
  97. output_cred_handle,
  98. actual_mechs, time_rec);
  99. if (ret != GSS_S_COMPLETE)
  100. goto out;
  101. out:
  102. gss_release_name(minor_status, &name);
  103. gss_release_oid_set(&tmp, &mechs);
  104. if (actual_desired_mechs.elements != NULL) {
  105. free(actual_desired_mechs.elements);
  106. }
  107. if (ret != GSS_S_COMPLETE) {
  108. _gss_spnego_release_cred(&tmp, output_cred_handle);
  109. }
  110. return ret;
  111. }
  112. OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
  113. (OM_uint32 * minor_status,
  114. const gss_cred_id_t cred_handle,
  115. gss_name_t * name,
  116. OM_uint32 * lifetime,
  117. gss_cred_usage_t * cred_usage,
  118. gss_OID_set * mechanisms
  119. )
  120. {
  121. spnego_name sname = NULL;
  122. OM_uint32 ret;
  123. if (cred_handle == GSS_C_NO_CREDENTIAL) {
  124. *minor_status = 0;
  125. return GSS_S_NO_CRED;
  126. }
  127. if (name) {
  128. sname = calloc(1, sizeof(*sname));
  129. if (sname == NULL) {
  130. *minor_status = ENOMEM;
  131. return GSS_S_FAILURE;
  132. }
  133. }
  134. ret = gss_inquire_cred(minor_status,
  135. cred_handle,
  136. sname ? &sname->mech : NULL,
  137. lifetime,
  138. cred_usage,
  139. mechanisms);
  140. if (ret) {
  141. if (sname)
  142. free(sname);
  143. return ret;
  144. }
  145. if (name)
  146. *name = (gss_name_t)sname;
  147. return ret;
  148. }
  149. OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
  150. OM_uint32 * minor_status,
  151. const gss_cred_id_t cred_handle,
  152. const gss_OID mech_type,
  153. gss_name_t * name,
  154. OM_uint32 * initiator_lifetime,
  155. OM_uint32 * acceptor_lifetime,
  156. gss_cred_usage_t * cred_usage
  157. )
  158. {
  159. spnego_name sname = NULL;
  160. OM_uint32 ret;
  161. if (cred_handle == GSS_C_NO_CREDENTIAL) {
  162. *minor_status = 0;
  163. return GSS_S_NO_CRED;
  164. }
  165. if (name) {
  166. sname = calloc(1, sizeof(*sname));
  167. if (sname == NULL) {
  168. *minor_status = ENOMEM;
  169. return GSS_S_FAILURE;
  170. }
  171. }
  172. ret = gss_inquire_cred_by_mech(minor_status,
  173. cred_handle,
  174. mech_type,
  175. sname ? &sname->mech : NULL,
  176. initiator_lifetime,
  177. acceptor_lifetime,
  178. cred_usage);
  179. if (ret) {
  180. if (sname)
  181. free(sname);
  182. return ret;
  183. }
  184. if (name)
  185. *name = (gss_name_t)sname;
  186. return GSS_S_COMPLETE;
  187. }
  188. OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
  189. (OM_uint32 * minor_status,
  190. const gss_cred_id_t cred_handle,
  191. const gss_OID desired_object,
  192. gss_buffer_set_t *data_set)
  193. {
  194. OM_uint32 ret;
  195. if (cred_handle == GSS_C_NO_CREDENTIAL) {
  196. *minor_status = 0;
  197. return GSS_S_NO_CRED;
  198. }
  199. ret = gss_inquire_cred_by_oid(minor_status,
  200. cred_handle,
  201. desired_object,
  202. data_set);
  203. return ret;
  204. }
  205. OM_uint32 GSSAPI_CALLCONV
  206. _gss_spnego_set_cred_option (OM_uint32 *minor_status,
  207. gss_cred_id_t *cred_handle,
  208. const gss_OID object,
  209. const gss_buffer_t value)
  210. {
  211. if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
  212. *minor_status = 0;
  213. return GSS_S_NO_CRED;
  214. }
  215. return gss_set_cred_option(minor_status,
  216. cred_handle,
  217. object,
  218. value);
  219. }
  220. #if 0
  221. OM_uint32 GSSAPI_CALLCONV
  222. _gss_spnego_export_cred (OM_uint32 *minor_status,
  223. gss_cred_id_t cred_handle,
  224. gss_buffer_t value)
  225. {
  226. return gss_export_cred(minor_status, cred_handle, value);
  227. }
  228. OM_uint32 GSSAPI_CALLCONV
  229. _gss_spnego_import_cred (OM_uint32 *minor_status,
  230. gss_buffer_t value,
  231. gss_cred_id_t *cred_handle)
  232. {
  233. return gss_import_cred(minor_status, value, cred_handle);
  234. }
  235. #endif