Line data Source code
1 : /*
2 : * Copyright (c) 2004, PADL Software Pty Ltd.
3 : * All rights reserved.
4 : *
5 : * Redistribution and use in source and binary forms, with or without
6 : * modification, are permitted provided that the following conditions
7 : * are met:
8 : *
9 : * 1. Redistributions of source code must retain the above copyright
10 : * notice, this list of conditions and the following disclaimer.
11 : *
12 : * 2. Redistributions in binary form must reproduce the above copyright
13 : * notice, this list of conditions and the following disclaimer in the
14 : * documentation and/or other materials provided with the distribution.
15 : *
16 : * 3. Neither the name of PADL Software nor the names of its contributors
17 : * may be used to endorse or promote products derived from this software
18 : * without specific prior written permission.
19 : *
20 : * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
21 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 : * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
24 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 : * SUCH DAMAGE.
31 : */
32 :
33 : #include "spnego_locl.h"
34 :
35 : OM_uint32 GSSAPI_CALLCONV
36 0 : _gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
37 : {
38 : OM_uint32 ret;
39 :
40 0 : *minor_status = 0;
41 :
42 0 : if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
43 0 : return GSS_S_COMPLETE;
44 :
45 0 : ret = gss_release_cred(minor_status, cred_handle);
46 :
47 0 : *cred_handle = GSS_C_NO_CREDENTIAL;
48 :
49 0 : return ret;
50 : }
51 :
52 : /*
53 : * For now, just a simple wrapper that avoids recursion. When
54 : * we support gss_{get,set}_neg_mechs() we will need to expose
55 : * more functionality.
56 : */
57 0 : OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
58 : (OM_uint32 *minor_status,
59 : const gss_name_t desired_name,
60 : OM_uint32 time_req,
61 : const gss_OID_set desired_mechs,
62 : gss_cred_usage_t cred_usage,
63 : gss_cred_id_t * output_cred_handle,
64 : gss_OID_set * actual_mechs,
65 : OM_uint32 * time_rec
66 : )
67 : {
68 0 : const spnego_name dname = (const spnego_name)desired_name;
69 0 : gss_name_t name = GSS_C_NO_NAME;
70 : OM_uint32 ret, tmp;
71 : gss_OID_set_desc actual_desired_mechs;
72 : gss_OID_set mechs;
73 : size_t i, j;
74 :
75 0 : *output_cred_handle = GSS_C_NO_CREDENTIAL;
76 :
77 0 : if (dname) {
78 0 : ret = gss_import_name(minor_status, &dname->value, &dname->type, &name);
79 0 : if (ret) {
80 0 : return ret;
81 : }
82 : }
83 :
84 0 : ret = gss_indicate_mechs(minor_status, &mechs);
85 0 : if (ret != GSS_S_COMPLETE) {
86 0 : gss_release_name(minor_status, &name);
87 0 : return ret;
88 : }
89 :
90 : /* Remove ourselves from this list */
91 0 : actual_desired_mechs.count = mechs->count;
92 0 : actual_desired_mechs.elements = malloc(actual_desired_mechs.count *
93 : sizeof(gss_OID_desc));
94 0 : if (actual_desired_mechs.elements == NULL) {
95 0 : *minor_status = ENOMEM;
96 0 : ret = GSS_S_FAILURE;
97 0 : goto out;
98 : }
99 :
100 0 : for (i = 0, j = 0; i < mechs->count; i++) {
101 0 : if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
102 0 : continue;
103 :
104 0 : actual_desired_mechs.elements[j] = mechs->elements[i];
105 0 : j++;
106 : }
107 0 : actual_desired_mechs.count = j;
108 :
109 0 : ret = gss_acquire_cred(minor_status, name,
110 : time_req, &actual_desired_mechs,
111 : cred_usage,
112 : output_cred_handle,
113 : actual_mechs, time_rec);
114 0 : if (ret != GSS_S_COMPLETE)
115 0 : goto out;
116 :
117 0 : out:
118 0 : gss_release_name(minor_status, &name);
119 0 : gss_release_oid_set(&tmp, &mechs);
120 0 : if (actual_desired_mechs.elements != NULL) {
121 0 : free(actual_desired_mechs.elements);
122 : }
123 0 : if (ret != GSS_S_COMPLETE) {
124 0 : _gss_spnego_release_cred(&tmp, output_cred_handle);
125 : }
126 :
127 0 : return ret;
128 : }
129 :
130 0 : OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
131 : (OM_uint32 * minor_status,
132 : const gss_cred_id_t cred_handle,
133 : gss_name_t * name,
134 : OM_uint32 * lifetime,
135 : gss_cred_usage_t * cred_usage,
136 : gss_OID_set * mechanisms
137 : )
138 : {
139 0 : spnego_name sname = NULL;
140 : OM_uint32 ret;
141 :
142 0 : if (cred_handle == GSS_C_NO_CREDENTIAL) {
143 0 : *minor_status = 0;
144 0 : return GSS_S_NO_CRED;
145 : }
146 :
147 0 : if (name) {
148 0 : sname = calloc(1, sizeof(*sname));
149 0 : if (sname == NULL) {
150 0 : *minor_status = ENOMEM;
151 0 : return GSS_S_FAILURE;
152 : }
153 : }
154 :
155 0 : ret = gss_inquire_cred(minor_status,
156 : cred_handle,
157 : sname ? &sname->mech : NULL,
158 : lifetime,
159 : cred_usage,
160 : mechanisms);
161 0 : if (ret) {
162 0 : if (sname)
163 0 : free(sname);
164 0 : return ret;
165 : }
166 0 : if (name)
167 0 : *name = (gss_name_t)sname;
168 :
169 0 : return ret;
170 : }
171 :
172 0 : OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
173 : OM_uint32 * minor_status,
174 : const gss_cred_id_t cred_handle,
175 : const gss_OID mech_type,
176 : gss_name_t * name,
177 : OM_uint32 * initiator_lifetime,
178 : OM_uint32 * acceptor_lifetime,
179 : gss_cred_usage_t * cred_usage
180 : )
181 : {
182 0 : spnego_name sname = NULL;
183 : OM_uint32 ret;
184 :
185 0 : if (cred_handle == GSS_C_NO_CREDENTIAL) {
186 0 : *minor_status = 0;
187 0 : return GSS_S_NO_CRED;
188 : }
189 :
190 0 : if (name) {
191 0 : sname = calloc(1, sizeof(*sname));
192 0 : if (sname == NULL) {
193 0 : *minor_status = ENOMEM;
194 0 : return GSS_S_FAILURE;
195 : }
196 : }
197 :
198 0 : ret = gss_inquire_cred_by_mech(minor_status,
199 : cred_handle,
200 : mech_type,
201 : sname ? &sname->mech : NULL,
202 : initiator_lifetime,
203 : acceptor_lifetime,
204 : cred_usage);
205 :
206 0 : if (ret) {
207 0 : if (sname)
208 0 : free(sname);
209 0 : return ret;
210 : }
211 0 : if (name)
212 0 : *name = (gss_name_t)sname;
213 :
214 0 : return GSS_S_COMPLETE;
215 : }
216 :
217 0 : OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
218 : (OM_uint32 * minor_status,
219 : const gss_cred_id_t cred_handle,
220 : const gss_OID desired_object,
221 : gss_buffer_set_t *data_set)
222 : {
223 : OM_uint32 ret;
224 :
225 0 : if (cred_handle == GSS_C_NO_CREDENTIAL) {
226 0 : *minor_status = 0;
227 0 : return GSS_S_NO_CRED;
228 : }
229 :
230 0 : ret = gss_inquire_cred_by_oid(minor_status,
231 : cred_handle,
232 : desired_object,
233 : data_set);
234 :
235 0 : return ret;
236 : }
237 :
238 : OM_uint32 GSSAPI_CALLCONV
239 73038 : _gss_spnego_set_cred_option (OM_uint32 *minor_status,
240 : gss_cred_id_t *cred_handle,
241 : const gss_OID object,
242 : const gss_buffer_t value)
243 : {
244 73038 : if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
245 73038 : *minor_status = 0;
246 73038 : return GSS_S_NO_CRED;
247 : }
248 :
249 0 : return gss_set_cred_option(minor_status,
250 : cred_handle,
251 : object,
252 : value);
253 : }
254 :
255 :
256 : OM_uint32 GSSAPI_CALLCONV
257 0 : _gss_spnego_export_cred (OM_uint32 *minor_status,
258 : gss_cred_id_t cred_handle,
259 : gss_buffer_t value)
260 : {
261 0 : return gss_export_cred(minor_status, cred_handle, value);
262 : }
263 :
264 : OM_uint32 GSSAPI_CALLCONV
265 0 : _gss_spnego_import_cred (OM_uint32 *minor_status,
266 : gss_buffer_t value,
267 : gss_cred_id_t *cred_handle)
268 : {
269 0 : return gss_import_cred(minor_status, value, cred_handle);
270 : }
271 :
|