Line data Source code
1 : /*
2 : * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "gsskrb5_locl.h"
35 :
36 9106 : OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
37 : (OM_uint32 * minor_status,
38 : const gss_cred_id_t cred_handle,
39 : gss_name_t * output_name,
40 : OM_uint32 * lifetime,
41 : gss_cred_usage_t * cred_usage,
42 : gss_OID_set * mechanisms
43 : )
44 : {
45 : krb5_context context;
46 9106 : gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL;
47 9106 : gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL;
48 9106 : gsskrb5_cred acred = NULL, icred = NULL;
49 : OM_uint32 ret;
50 :
51 9106 : *minor_status = 0;
52 :
53 9106 : if (output_name)
54 9106 : *output_name = NULL;
55 9106 : if (mechanisms)
56 0 : *mechanisms = GSS_C_NO_OID_SET;
57 :
58 9106 : GSSAPI_KRB5_INIT (&context);
59 :
60 9106 : if (cred_handle == GSS_C_NO_CREDENTIAL) {
61 0 : ret = _gsskrb5_acquire_cred(minor_status,
62 : GSS_C_NO_NAME,
63 : GSS_C_INDEFINITE,
64 : GSS_C_NO_OID_SET,
65 : GSS_C_ACCEPT,
66 : &aqcred_accept,
67 : NULL,
68 : NULL);
69 0 : if (ret == GSS_S_COMPLETE)
70 0 : acred = (gsskrb5_cred)aqcred_accept;
71 :
72 0 : ret = _gsskrb5_acquire_cred(minor_status,
73 : GSS_C_NO_NAME,
74 : GSS_C_INDEFINITE,
75 : GSS_C_NO_OID_SET,
76 : GSS_C_INITIATE,
77 : &aqcred_init,
78 : NULL,
79 : NULL);
80 0 : if (ret == GSS_S_COMPLETE)
81 0 : icred = (gsskrb5_cred)aqcred_init;
82 :
83 0 : if (icred == NULL && acred == NULL) {
84 0 : *minor_status = 0;
85 0 : return GSS_S_NO_CRED;
86 : }
87 : } else
88 8651 : acred = (gsskrb5_cred)cred_handle;
89 :
90 : if (acred)
91 : HEIMDAL_MUTEX_lock(&acred->cred_id_mutex);
92 : if (icred)
93 : HEIMDAL_MUTEX_lock(&icred->cred_id_mutex);
94 :
95 9106 : if (output_name != NULL) {
96 9106 : if (icred && icred->principal != NULL) {
97 : gss_name_t name;
98 :
99 0 : if (acred && acred->principal)
100 0 : name = (gss_name_t)acred->principal;
101 : else
102 0 : name = (gss_name_t)icred->principal;
103 :
104 0 : ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
105 0 : if (ret)
106 0 : goto out;
107 9106 : } else if (acred && acred->usage == GSS_C_ACCEPT) {
108 : krb5_principal princ;
109 0 : *minor_status = krb5_sname_to_principal(context, NULL,
110 : NULL, KRB5_NT_SRV_HST,
111 : &princ);
112 0 : if (*minor_status) {
113 0 : ret = GSS_S_FAILURE;
114 0 : goto out;
115 : }
116 0 : *output_name = (gss_name_t)princ;
117 : } else {
118 : krb5_principal princ;
119 9106 : *minor_status = krb5_get_default_principal(context,
120 : &princ);
121 9106 : if (*minor_status) {
122 0 : ret = GSS_S_FAILURE;
123 0 : goto out;
124 : }
125 9106 : *output_name = (gss_name_t)princ;
126 : }
127 : }
128 9106 : if (lifetime != NULL) {
129 9106 : OM_uint32 alife = GSS_C_INDEFINITE, ilife = GSS_C_INDEFINITE;
130 :
131 9106 : if (acred) alife = acred->lifetime;
132 9106 : if (icred) ilife = icred->lifetime;
133 :
134 9106 : ret = _gsskrb5_lifetime_left(minor_status,
135 : context,
136 : min(alife,ilife),
137 : lifetime);
138 9106 : if (ret)
139 0 : goto out;
140 : }
141 9106 : if (cred_usage != NULL) {
142 9106 : if (acred && icred)
143 0 : *cred_usage = GSS_C_BOTH;
144 9106 : else if (acred)
145 9106 : *cred_usage = GSS_C_ACCEPT;
146 0 : else if (icred)
147 0 : *cred_usage = GSS_C_INITIATE;
148 : else
149 0 : abort();
150 : }
151 :
152 9106 : if (mechanisms != NULL) {
153 0 : ret = gss_create_empty_oid_set(minor_status, mechanisms);
154 0 : if (ret)
155 0 : goto out;
156 0 : if (acred)
157 0 : ret = gss_add_oid_set_member(minor_status,
158 0 : &acred->mechanisms->elements[0],
159 : mechanisms);
160 0 : if (ret == GSS_S_COMPLETE && icred)
161 0 : ret = gss_add_oid_set_member(minor_status,
162 0 : &icred->mechanisms->elements[0],
163 : mechanisms);
164 0 : if (ret)
165 0 : goto out;
166 : }
167 8651 : ret = GSS_S_COMPLETE;
168 8651 : out:
169 : if (acred)
170 : HEIMDAL_MUTEX_unlock(&acred->cred_id_mutex);
171 : if (icred)
172 : HEIMDAL_MUTEX_unlock(&icred->cred_id_mutex);
173 :
174 9106 : if (aqcred_init != GSS_C_NO_CREDENTIAL)
175 0 : ret = _gsskrb5_release_cred(minor_status, &aqcred_init);
176 9106 : if (aqcred_accept != GSS_C_NO_CREDENTIAL)
177 0 : ret = _gsskrb5_release_cred(minor_status, &aqcred_accept);
178 :
179 8651 : return ret;
180 : }
|