lib/gssapi/mech/gss_acquire_cred_ext.c

   1 /*-
   2  * Copyright (c) 2005 Doug Rabson
   3  * All rights reserved.
   4  *
   5  * Portions Copyright (c) 2011 PADL Software Pty Ltd.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  26  * SUCH DAMAGE.
  27  *
  28  *      $FreeBSD: src/lib/libgssapi/gss_acquire_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $
  29  */
  30
  31 #include "mech_locl.h"
  32
  33 OM_uint32
  34 _gss_acquire_mech_cred(OM_uint32 *minor_status,
  35                        gssapi_mech_interface m,
  36                        const struct _gss_mechanism_name *mn,
  37                        gss_const_OID credential_type,
  38                        const void *credential_data,
  39                        OM_uint32 time_req,
  40                        gss_const_OID desired_mech,
  41                        gss_cred_usage_t cred_usage,
  42                        struct _gss_mechanism_cred **output_cred_handle)
  43 {
  44     OM_uint32 major_status;
  45     struct _gss_mechanism_cred *mc;
  46     gss_OID_set_desc set2;
  47
  48     *output_cred_handle = NULL;
  49
  50     mc = calloc(1, sizeof(struct _gss_mechanism_cred));
  51     if (mc == NULL) {
  52         *minor_status = ENOMEM;
  53         return GSS_S_FAILURE;
  54     }
  55
  56     mc->gmc_mech = m;
  57     mc->gmc_mech_oid = &m->gm_mech_oid;
  58
  59     set2.count = 1;
  60     set2.elements = mc->gmc_mech_oid;
  61
  62     if (m->gm_acquire_cred_ext) {
  63         major_status = m->gm_acquire_cred_ext(minor_status,
  64                                               mn->gmn_name,
  65                                               credential_type,
  66                                               credential_data,
  67                                               time_req,
  68                                               mc->gmc_mech_oid,
  69                                               cred_usage,
  70                                               &mc->gmc_cred);
  71     } else if (gss_oid_equal(credential_type, GSS_C_CRED_PASSWORD) &&
  72                 m->gm_compat &&
  73                 m->gm_compat->gmc_acquire_cred_with_password) {
  74         /*
  75          * Shim for mechanisms that adhere to API-as-SPI and do not
  76          * implement gss_acquire_cred_ext().
  77          */
  78
  79         major_status = m->gm_compat->gmc_acquire_cred_with_password(minor_status,
  80                                 mn->gmn_name,
  81                                 (const gss_buffer_t)credential_data,
  82                                 time_req,
  83                                 &set2,
  84                                 cred_usage,
  85                                 &mc->gmc_cred,
  86                                 NULL,
  87                                 NULL);
  88     } else if (credential_type == GSS_C_NO_OID) {
  89         major_status = m->gm_acquire_cred(minor_status,
  90                                           mn->gmn_name,
  91                                           time_req,
  92                                           &set2,
  93                                           cred_usage,
  94                                           &mc->gmc_cred,
  95                                           NULL,
  96                                           NULL);
  97     } else {
  98         major_status = GSS_S_UNAVAILABLE;
  99         free(mc);
 100         mc= NULL;
 101     }
 102
 103     *output_cred_handle = mc;
 104     return major_status;
 105 }
 106
 107 OM_uint32
 108 _gss_acquire_cred_ext(OM_uint32 *minor_status,
 109     gss_const_name_t desired_name,
 110     gss_const_OID credential_type,
 111     const void *credential_data,
 112     OM_uint32 time_req,
 113     gss_const_OID desired_mech,
 114     gss_cred_usage_t cred_usage,
 115     gss_cred_id_t *output_cred_handle)
 116 {
 117     OM_uint32 major_status;
 118     struct _gss_name *name = (struct _gss_name *) desired_name;
 119     gssapi_mech_interface m;
 120     struct _gss_cred *cred;
 121     gss_OID_set_desc set, *mechs;
 122     size_t i;
 123
 124     *minor_status = 0;
 125     if (output_cred_handle == NULL)
 126         return GSS_S_CALL_INACCESSIBLE_READ;
 127
 128     _gss_load_mech();
 129
 130     if (desired_mech != GSS_C_NO_OID) {
 131         int match = 0;
 132
 133         gss_test_oid_set_member(minor_status, (gss_OID)desired_mech,
 134                                 _gss_mech_oids, &match);
 135         if (!match)
 136             return GSS_S_BAD_MECH;
 137
 138         set.count = 1;
 139         set.elements = (gss_OID)desired_mech;
 140         mechs = &set;
 141     } else
 142         mechs = _gss_mech_oids;
 143
 144     cred = calloc(1, sizeof(*cred));
 145     if (cred == NULL) {
 146         *minor_status = ENOMEM;
 147         return GSS_S_FAILURE;
 148     }
 149
 150     HEIM_SLIST_INIT(&cred->gc_mc);
 151
 152     for (i = 0; i < mechs->count; i++) {
 153         struct _gss_mechanism_name *mn = NULL;
 154         struct _gss_mechanism_cred *mc = NULL;
 155
 156         m = __gss_get_mechanism(&mechs->elements[i]);
 157         if (!m)
 158             continue;
 159
 160         if (desired_name != GSS_C_NO_NAME) {
 161             major_status = _gss_find_mn(minor_status, name,
 162                                         &mechs->elements[i], &mn);
 163             if (major_status != GSS_S_COMPLETE)
 164                 continue;
 165         }
 166
 167         major_status = _gss_acquire_mech_cred(minor_status, m, mn,
 168                                               credential_type, credential_data,
 169                                               time_req, desired_mech, cred_usage,
 170                                               &mc);
 171         if (GSS_ERROR(major_status))
 172             continue;
 173
 174         HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
 175     }
 176
 177     /*
 178      * If we didn't manage to create a single credential, return
 179      * an error.
 180      */
 181     if (!HEIM_SLIST_FIRST(&cred->gc_mc)) {
 182         free(cred);
 183         *minor_status = 0;
 184         return GSS_S_NO_CRED;
 185     }
 186
 187     *output_cred_handle = (gss_cred_id_t) cred;
 188     *minor_status = 0;
 189     return GSS_S_COMPLETE;
 190 }