2 * Copyright (c) 2005 Doug Rabson
5 * Portions Copyright (c) 2011 PADL Software Pty Ltd.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * $FreeBSD: src/lib/libgssapi/gss_acquire_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $
31 #include "mech_locl.h"
34 _gss_acquire_mech_cred(OM_uint32
*minor_status
,
35 gssapi_mech_interface m
,
36 const struct _gss_mechanism_name
*mn
,
37 gss_const_OID credential_type
,
38 const void *credential_data
,
40 gss_const_OID desired_mech
,
41 gss_cred_usage_t cred_usage
,
42 struct _gss_mechanism_cred
**output_cred_handle
)
44 OM_uint32 major_status
;
45 struct _gss_mechanism_cred
*mc
;
46 gss_OID_set_desc set2
;
48 *output_cred_handle
= NULL
;
50 mc
= calloc(1, sizeof(struct _gss_mechanism_cred
));
52 *minor_status
= ENOMEM
;
57 mc
->gmc_mech_oid
= &m
->gm_mech_oid
;
60 set2
.elements
= mc
->gmc_mech_oid
;
62 if (m
->gm_acquire_cred_ext
) {
63 major_status
= m
->gm_acquire_cred_ext(minor_status
,
71 } else if (gss_oid_equal(credential_type
, GSS_C_CRED_PASSWORD
) &&
73 m
->gm_compat
->gmc_acquire_cred_with_password
) {
75 * Shim for mechanisms that adhere to API-as-SPI and do not
76 * implement gss_acquire_cred_ext().
79 major_status
= m
->gm_compat
->gmc_acquire_cred_with_password(minor_status
,
81 (const gss_buffer_t
)credential_data
,
88 } else if (credential_type
== GSS_C_NO_OID
) {
89 major_status
= m
->gm_acquire_cred(minor_status
,
98 major_status
= GSS_S_UNAVAILABLE
;
103 *output_cred_handle
= mc
;
108 _gss_acquire_cred_ext(OM_uint32
*minor_status
,
109 gss_const_name_t desired_name
,
110 gss_const_OID credential_type
,
111 const void *credential_data
,
113 gss_const_OID desired_mech
,
114 gss_cred_usage_t cred_usage
,
115 gss_cred_id_t
*output_cred_handle
)
117 OM_uint32 major_status
;
118 struct _gss_name
*name
= (struct _gss_name
*) desired_name
;
119 gssapi_mech_interface m
;
120 struct _gss_cred
*cred
;
121 gss_OID_set_desc set
, *mechs
;
125 if (output_cred_handle
== NULL
)
126 return GSS_S_CALL_INACCESSIBLE_READ
;
130 if (desired_mech
!= GSS_C_NO_OID
) {
133 gss_test_oid_set_member(minor_status
, (gss_OID
)desired_mech
,
134 _gss_mech_oids
, &match
);
136 return GSS_S_BAD_MECH
;
139 set
.elements
= (gss_OID
)desired_mech
;
142 mechs
= _gss_mech_oids
;
144 cred
= calloc(1, sizeof(*cred
));
146 *minor_status
= ENOMEM
;
147 return GSS_S_FAILURE
;
150 HEIM_SLIST_INIT(&cred
->gc_mc
);
152 for (i
= 0; i
< mechs
->count
; i
++) {
153 struct _gss_mechanism_name
*mn
= NULL
;
154 struct _gss_mechanism_cred
*mc
= NULL
;
156 m
= __gss_get_mechanism(&mechs
->elements
[i
]);
160 if (desired_name
!= GSS_C_NO_NAME
) {
161 major_status
= _gss_find_mn(minor_status
, name
,
162 &mechs
->elements
[i
], &mn
);
163 if (major_status
!= GSS_S_COMPLETE
)
167 major_status
= _gss_acquire_mech_cred(minor_status
, m
, mn
,
168 credential_type
, credential_data
,
169 time_req
, desired_mech
, cred_usage
,
171 if (GSS_ERROR(major_status
))
174 HEIM_SLIST_INSERT_HEAD(&cred
->gc_mc
, mc
, gmc_link
);
178 * If we didn't manage to create a single credential, return
181 if (!HEIM_SLIST_FIRST(&cred
->gc_mc
)) {
184 return GSS_S_NO_CRED
;
187 *output_cred_handle
= (gss_cred_id_t
) cred
;
189 return GSS_S_COMPLETE
;