/crypto/heimdal/lib/gssapi/spnego/cred_stubs.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 273 lines · 198 code · 38 blank · 37 comment · 40 complexity · 74eba564715633840bab4d447c02aae7 MD5 · raw file 

    

  1. /*
    2. 

  2.  * Copyright (c) 2004, PADL Software Pty Ltd.
    3. 

  3.  * All rights reserved.
    4. 

  4.  *
    5. 

  5.  * Redistribution and use in source and binary forms, with or without
    6. 

  6.  * modification, are permitted provided that the following conditions
    7. 

  7.  * are met:
    8. 

  8.  *
    9. 

  9.  * 1. Redistributions of source code must retain the above copyright
    10. 

  10.  *    notice, this list of conditions and the following disclaimer.
    11. 

  11.  *
    12. 

  12.  * 2. Redistributions in binary form must reproduce the above copyright
    13. 

  13.  *    notice, this list of conditions and the following disclaimer in the
    14. 

  14.  *    documentation and/or other materials provided with the distribution.
    15. 

  15.  *
    16. 

  16.  * 3. Neither the name of PADL Software nor the names of its contributors
    17. 

  17.  *    may be used to endorse or promote products derived from this software
    18. 

  18.  *    without specific prior written permission.
    19. 

  19.  *
    20. 

  20.  * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
    21. 

  21.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    22. 

  22.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    23. 

  23.  * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
    24. 

  24.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
    25. 

  25.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
    26. 

  26.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    27. 

  27.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
    28. 

  28.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
    29. 

  29.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    30. 

  30.  * SUCH DAMAGE.
    31. 

  31.  */
    32. 

  32. 

  33. #include "spnego_locl.h"
    34. 

  34. 

  35. OM_uint32 GSSAPI_CALLCONV
    36. 

  36. _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
    37. 

  37. {
    38. 

  38.     OM_uint32 ret;
    39. 

  39. 

  40.     *minor_status = 0;
    41. 

  41. 

  42.     if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
    43. 

  43. 	return GSS_S_COMPLETE;
    44. 

  44. 

  45.     ret = gss_release_cred(minor_status, cred_handle);
    46. 

  46. 

  47.     *cred_handle = GSS_C_NO_CREDENTIAL;
    48. 

  48. 

  49.     return ret;
    50. 

  50. }
    51. 

  51. 

  52. /*
    53. 

  53.  * For now, just a simple wrapper that avoids recursion. When
    54. 

  54.  * we support gss_{get,set}_neg_mechs() we will need to expose
    55. 

  55.  * more functionality.
    56. 

  56.  */
    57. 

  57. OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
    58. 

  58. (OM_uint32 *minor_status,
    59. 

  59.  const gss_name_t desired_name,
    60. 

  60.  OM_uint32 time_req,
    61. 

  61.  const gss_OID_set desired_mechs,
    62. 

  62.  gss_cred_usage_t cred_usage,
    63. 

  63.  gss_cred_id_t * output_cred_handle,
    64. 

  64.  gss_OID_set * actual_mechs,
    65. 

  65.  OM_uint32 * time_rec
    66. 

  66.     )
    67. 

  67. {
    68. 

  68.     const spnego_name dname = (const spnego_name)desired_name;
    69. 

  69.     gss_name_t name = GSS_C_NO_NAME;
    70. 

  70.     OM_uint32 ret, tmp;
    71. 

  71.     gss_OID_set_desc actual_desired_mechs;
    72. 

  72.     gss_OID_set mechs;
    73. 

  73.     size_t i, j;
    74. 

  74. 

  75.     *output_cred_handle = GSS_C_NO_CREDENTIAL;
    76. 

  76. 

  77.     if (dname) {
    78. 

  78. 	ret = gss_import_name(minor_status, &dname->value, &dname->type, &name);
    79. 

  79. 	if (ret) {
    80. 

  80. 	    return ret;
    81. 

  81. 	}
    82. 

  82.     }
    83. 

  83. 

  84.     ret = gss_indicate_mechs(minor_status, &mechs);
    85. 

  85.     if (ret != GSS_S_COMPLETE) {
    86. 

  86. 	gss_release_name(minor_status, &name);
    87. 

  87. 	return ret;
    88. 

  88.     }
    89. 

  89. 

  90.     /* Remove ourselves from this list */
    91. 

  91.     actual_desired_mechs.count = mechs->count;
    92. 

  92.     actual_desired_mechs.elements = malloc(actual_desired_mechs.count *
    93. 

  93. 					   sizeof(gss_OID_desc));
    94. 

  94.     if (actual_desired_mechs.elements == NULL) {
    95. 

  95. 	*minor_status = ENOMEM;
    96. 

  96. 	ret = GSS_S_FAILURE;
    97. 

  97. 	goto out;
    98. 

  98.     }
    99. 

  99. 

  100.     for (i = 0, j = 0; i < mechs->count; i++) {
    101. 

  101. 	if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
    102. 

  102. 	    continue;
    103. 

  103. 

  104. 	actual_desired_mechs.elements[j] = mechs->elements[i];
    105. 

  105. 	j++;
    106. 

  106.     }
    107. 

  107.     actual_desired_mechs.count = j;
    108. 

  108. 

  109.     ret = gss_acquire_cred(minor_status, name,
    110. 

  110. 			   time_req, &actual_desired_mechs,
    111. 

  111. 			   cred_usage,
    112. 

  112. 			   output_cred_handle,
    113. 

  113. 			   actual_mechs, time_rec);
    114. 

  114.     if (ret != GSS_S_COMPLETE)
    115. 

  115. 	goto out;
    116. 

  116. 

  117. out:
    118. 

  118.     gss_release_name(minor_status, &name);
    119. 

  119.     gss_release_oid_set(&tmp, &mechs);
    120. 

  120.     if (actual_desired_mechs.elements != NULL) {
    121. 

  121. 	free(actual_desired_mechs.elements);
    122. 

  122.     }
    123. 

  123.     if (ret != GSS_S_COMPLETE) {
    124. 

  124. 	_gss_spnego_release_cred(&tmp, output_cred_handle);
    125. 

  125.     }
    126. 

  126. 

  127.     return ret;
    128. 

  128. }
    129. 

  129. 

  130. OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
    131. 

  131.            (OM_uint32 * minor_status,
    132. 

  132.             const gss_cred_id_t cred_handle,
    133. 

  133.             gss_name_t * name,
    134. 

  134.             OM_uint32 * lifetime,
    135. 

  135.             gss_cred_usage_t * cred_usage,
    136. 

  136.             gss_OID_set * mechanisms
    137. 

  137.            )
    138. 

  138. {
    139. 

  139.     spnego_name sname = NULL;
    140. 

  140.     OM_uint32 ret;
    141. 

  141. 

  142.     if (cred_handle == GSS_C_NO_CREDENTIAL) {
    143. 

  143. 	*minor_status = 0;
    144. 

  144. 	return GSS_S_NO_CRED;
    145. 

  145.     }
    146. 

  146. 

  147.     if (name) {
    148. 

  148. 	sname = calloc(1, sizeof(*sname));
    149. 

  149. 	if (sname == NULL) {
    150. 

  150. 	    *minor_status = ENOMEM;
    151. 

  151. 	    return GSS_S_FAILURE;
    152. 

  152. 	}
    153. 

  153.     }
    154. 

  154. 

  155.     ret = gss_inquire_cred(minor_status,
    156. 

  156. 			   cred_handle,
    157. 

  157. 			   sname ? &sname->mech : NULL,
    158. 

  158. 			   lifetime,
    159. 

  159. 			   cred_usage,
    160. 

  160. 			   mechanisms);
    161. 

  161.     if (ret) {
    162. 

  162. 	if (sname)
    163. 

  163. 	    free(sname);
    164. 

  164. 	return ret;
    165. 

  165.     }
    166. 

  166.     if (name)
    167. 

  167. 	*name = (gss_name_t)sname;
    168. 

  168. 

  169.     return ret;
    170. 

  170. }
    171. 

  171. 

  172. OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
    173. 

  173.             OM_uint32 * minor_status,
    174. 

  174.             const gss_cred_id_t cred_handle,
    175. 

  175.             const gss_OID mech_type,
    176. 

  176.             gss_name_t * name,
    177. 

  177.             OM_uint32 * initiator_lifetime,
    178. 

  178.             OM_uint32 * acceptor_lifetime,
    179. 

  179.             gss_cred_usage_t * cred_usage
    180. 

  180.            )
    181. 

  181. {
    182. 

  182.     spnego_name sname = NULL;
    183. 

  183.     OM_uint32 ret;
    184. 

  184. 

  185.     if (cred_handle == GSS_C_NO_CREDENTIAL) {
    186. 

  186. 	*minor_status = 0;
    187. 

  187. 	return GSS_S_NO_CRED;
    188. 

  188.     }
    189. 

  189. 

  190.     if (name) {
    191. 

  191. 	sname = calloc(1, sizeof(*sname));
    192. 

  192. 	if (sname == NULL) {
    193. 

  193. 	    *minor_status = ENOMEM;
    194. 

  194. 	    return GSS_S_FAILURE;
    195. 

  195. 	}
    196. 

  196.     }
    197. 

  197. 

  198.     ret = gss_inquire_cred_by_mech(minor_status,
    199. 

  199. 				   cred_handle,
    200. 

  200. 				   mech_type,
    201. 

  201. 				   sname ? &sname->mech : NULL,
    202. 

  202. 				   initiator_lifetime,
    203. 

  203. 				   acceptor_lifetime,
    204. 

  204. 				   cred_usage);
    205. 

  205. 

  206.     if (ret) {
    207. 

  207. 	if (sname)
    208. 

  208. 	    free(sname);
    209. 

  209. 	return ret;
    210. 

  210.     }
    211. 

  211.     if (name)
    212. 

  212. 	*name = (gss_name_t)sname;
    213. 

  213. 

  214.     return GSS_S_COMPLETE;
    215. 

  215. }
    216. 

  216. 

  217. OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
    218. 

  218.            (OM_uint32 * minor_status,
    219. 

  219.             const gss_cred_id_t cred_handle,
    220. 

  220.             const gss_OID desired_object,
    221. 

  221.             gss_buffer_set_t *data_set)
    222. 

  222. {
    223. 

  223.     OM_uint32 ret;
    224. 

  224. 

  225.     if (cred_handle == GSS_C_NO_CREDENTIAL) {
    226. 

  226. 	*minor_status = 0;
    227. 

  227. 	return GSS_S_NO_CRED;
    228. 

  228.     }
    229. 

  229. 

  230.     ret = gss_inquire_cred_by_oid(minor_status,
    231. 

  231. 				  cred_handle,
    232. 

  232. 				  desired_object,
    233. 

  233. 				  data_set);
    234. 

  234. 

  235.     return ret;
    236. 

  236. }
    237. 

  237. 

  238. OM_uint32 GSSAPI_CALLCONV
    239. 

  239. _gss_spnego_set_cred_option (OM_uint32 *minor_status,
    240. 

  240. 			     gss_cred_id_t *cred_handle,
    241. 

  241. 			     const gss_OID object,
    242. 

  242. 			     const gss_buffer_t value)
    243. 

  243. {
    244. 

  244.     if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
    245. 

  245. 	*minor_status = 0;
    246. 

  246. 	return GSS_S_NO_CRED;
    247. 

  247.     }
    248. 

  248. 

  249.     return gss_set_cred_option(minor_status,
    250. 

  250. 			      cred_handle,
    251. 

  251. 			      object,
    252. 

  252. 			      value);
    253. 

  253. }
    254. 

  254. 

  255. #if 0
    256. 

  256. 

  257. OM_uint32 GSSAPI_CALLCONV
    258. 

  258. _gss_spnego_export_cred (OM_uint32 *minor_status,
    259. 

  259. 			 gss_cred_id_t cred_handle,
    260. 

  260. 			 gss_buffer_t value)
    261. 

  261. {
    262. 

  262.     return gss_export_cred(minor_status, cred_handle, value);
    263. 

  263. }
    264. 

  264. 

  265. OM_uint32 GSSAPI_CALLCONV
    266. 

  266. _gss_spnego_import_cred (OM_uint32 *minor_status,
    267. 

  267. 			 gss_buffer_t value,
    268. 

  268. 			 gss_cred_id_t *cred_handle)
    269. 

  269. {
    270. 

  270.     return gss_import_cred(minor_status, value, cred_handle);
    271. 

  271. }
    272. 

  272. 

  273. #endif
    274.