Line data Source code
1 : /*
2 : * Copyright (c) 2009 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "gsskrb5_locl.h"
35 :
36 : OM_uint32 GSSAPI_CALLCONV
37 896 : _gsskrb5_export_cred(OM_uint32 *minor_status,
38 : gss_cred_id_t cred_handle,
39 : gss_buffer_t cred_token)
40 : {
41 896 : gsskrb5_cred handle = (gsskrb5_cred)cred_handle;
42 : krb5_context context;
43 : krb5_error_code ret;
44 : krb5_storage *sp;
45 : krb5_data data, mech;
46 : const char *type;
47 : char *str;
48 :
49 896 : GSSAPI_KRB5_INIT (&context);
50 :
51 896 : if (handle->usage != GSS_C_INITIATE && handle->usage != GSS_C_BOTH) {
52 0 : *minor_status = GSS_KRB5_S_G_BAD_USAGE;
53 0 : return GSS_S_FAILURE;
54 : }
55 :
56 896 : sp = krb5_storage_emem();
57 896 : if (sp == NULL) {
58 0 : *minor_status = ENOMEM;
59 0 : return GSS_S_FAILURE;
60 : }
61 :
62 896 : type = krb5_cc_get_type(context, handle->ccache);
63 896 : if (strcmp(type, "MEMORY") == 0) {
64 : krb5_creds *creds;
65 896 : ret = krb5_store_uint32(sp, 0);
66 896 : if (ret) {
67 0 : krb5_storage_free(sp);
68 0 : *minor_status = ret;
69 0 : return GSS_S_FAILURE;
70 : }
71 :
72 896 : ret = _krb5_get_krbtgt(context, handle->ccache,
73 896 : handle->principal->realm,
74 : &creds);
75 896 : if (ret) {
76 0 : krb5_storage_free(sp);
77 0 : *minor_status = ret;
78 0 : return GSS_S_FAILURE;
79 : }
80 :
81 896 : ret = krb5_store_creds(sp, creds);
82 896 : krb5_free_creds(context, creds);
83 896 : if (ret) {
84 0 : krb5_storage_free(sp);
85 0 : *minor_status = ret;
86 0 : return GSS_S_FAILURE;
87 : }
88 :
89 : } else {
90 0 : ret = krb5_store_uint32(sp, 1);
91 0 : if (ret) {
92 0 : krb5_storage_free(sp);
93 0 : *minor_status = ret;
94 0 : return GSS_S_FAILURE;
95 : }
96 :
97 0 : ret = krb5_cc_get_full_name(context, handle->ccache, &str);
98 0 : if (ret) {
99 0 : krb5_storage_free(sp);
100 0 : *minor_status = ret;
101 0 : return GSS_S_FAILURE;
102 : }
103 :
104 0 : ret = krb5_store_string(sp, str);
105 0 : free(str);
106 0 : if (ret) {
107 0 : krb5_storage_free(sp);
108 0 : *minor_status = ret;
109 0 : return GSS_S_FAILURE;
110 : }
111 : }
112 896 : ret = krb5_storage_to_data(sp, &data);
113 896 : krb5_storage_free(sp);
114 896 : if (ret) {
115 0 : *minor_status = ret;
116 0 : return GSS_S_FAILURE;
117 : }
118 896 : sp = krb5_storage_emem();
119 896 : if (sp == NULL) {
120 0 : krb5_data_free(&data);
121 0 : *minor_status = ENOMEM;
122 0 : return GSS_S_FAILURE;
123 : }
124 :
125 896 : mech.data = GSS_KRB5_MECHANISM->elements;
126 896 : mech.length = GSS_KRB5_MECHANISM->length;
127 :
128 896 : ret = krb5_store_data(sp, mech);
129 896 : if (ret) {
130 0 : krb5_data_free(&data);
131 0 : krb5_storage_free(sp);
132 0 : *minor_status = ret;
133 0 : return GSS_S_FAILURE;
134 : }
135 :
136 896 : ret = krb5_store_data(sp, data);
137 896 : krb5_data_free(&data);
138 896 : if (ret) {
139 0 : krb5_storage_free(sp);
140 0 : *minor_status = ret;
141 0 : return GSS_S_FAILURE;
142 : }
143 :
144 896 : ret = krb5_storage_to_data(sp, &data);
145 896 : krb5_storage_free(sp);
146 896 : if (ret) {
147 0 : *minor_status = ret;
148 0 : return GSS_S_FAILURE;
149 : }
150 :
151 896 : cred_token->value = data.data;
152 896 : cred_token->length = data.length;
153 :
154 896 : return GSS_S_COMPLETE;
155 : }
156 :
157 : OM_uint32 GSSAPI_CALLCONV
158 22321 : _gsskrb5_import_cred(OM_uint32 * minor_status,
159 : gss_buffer_t cred_token,
160 : gss_cred_id_t * cred_handle)
161 : {
162 : krb5_context context;
163 : krb5_error_code ret;
164 : gsskrb5_cred handle;
165 : krb5_ccache id;
166 : krb5_storage *sp;
167 : char *str;
168 : uint32_t type;
169 22321 : int flags = 0;
170 :
171 22321 : *cred_handle = GSS_C_NO_CREDENTIAL;
172 :
173 22321 : GSSAPI_KRB5_INIT (&context);
174 :
175 22321 : sp = krb5_storage_from_mem(cred_token->value, cred_token->length);
176 22321 : if (sp == NULL) {
177 0 : *minor_status = ENOMEM;
178 0 : return GSS_S_FAILURE;
179 : }
180 :
181 22321 : ret = krb5_ret_uint32(sp, &type);
182 22321 : if (ret) {
183 0 : krb5_storage_free(sp);
184 0 : *minor_status = ret;
185 0 : return GSS_S_FAILURE;
186 : }
187 22321 : switch (type) {
188 22321 : case 0: {
189 : krb5_creds creds;
190 :
191 22321 : ret = krb5_ret_creds(sp, &creds);
192 22321 : krb5_storage_free(sp);
193 22321 : if (ret) {
194 0 : *minor_status = ret;
195 0 : return GSS_S_FAILURE;
196 : }
197 :
198 22321 : ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id);
199 22321 : if (ret) {
200 0 : *minor_status = ret;
201 0 : return GSS_S_FAILURE;
202 : }
203 :
204 22321 : ret = krb5_cc_initialize(context, id, creds.client);
205 22321 : if (ret) {
206 0 : krb5_cc_destroy(context, id);
207 0 : *minor_status = ret;
208 0 : return GSS_S_FAILURE;
209 : }
210 :
211 22321 : ret = krb5_cc_store_cred(context, id, &creds);
212 22321 : krb5_free_cred_contents(context, &creds);
213 :
214 22321 : flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;
215 :
216 22321 : break;
217 : }
218 0 : case 1:
219 0 : ret = krb5_ret_string(sp, &str);
220 0 : krb5_storage_free(sp);
221 0 : if (ret) {
222 0 : *minor_status = ret;
223 0 : return GSS_S_FAILURE;
224 : }
225 :
226 0 : ret = krb5_cc_resolve(context, str, &id);
227 0 : krb5_xfree(str);
228 0 : if (ret) {
229 0 : *minor_status = ret;
230 0 : return GSS_S_FAILURE;
231 : }
232 0 : break;
233 :
234 0 : default:
235 0 : krb5_storage_free(sp);
236 0 : *minor_status = 0;
237 0 : return GSS_S_NO_CRED;
238 : }
239 :
240 22321 : handle = calloc(1, sizeof(*handle));
241 22321 : if (handle == NULL) {
242 0 : krb5_cc_close(context, id);
243 0 : *minor_status = ENOMEM;
244 0 : return GSS_S_FAILURE;
245 : }
246 :
247 22321 : handle->usage = GSS_C_INITIATE;
248 22321 : krb5_cc_get_principal(context, id, &handle->principal);
249 22321 : handle->ccache = id;
250 22321 : handle->cred_flags = flags;
251 :
252 22321 : *cred_handle = (gss_cred_id_t)handle;
253 :
254 22321 : return GSS_S_COMPLETE;
255 : }
|
