lib/gssapi/ntlm/creds.c

   1 /*
   2  * Copyright (c) 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in the
  17  *    documentation and/or other materials provided with the distribution.
  18  *
  19  * 3. Neither the name of the Institute nor the names of its contributors
  20  *    may be used to endorse or promote products derived from this software
  21  *    without specific prior written permission.
  22  *
  23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  33  * SUCH DAMAGE.
  34  */
  35
  36 #include "ntlm.h"
  37
  38 OM_uint32 GSSAPI_CALLCONV
  39 _gss_ntlm_inquire_cred
  40            (OM_uint32 * minor_status,
  41             gss_const_cred_id_t cred_handle,
  42             gss_name_t * name,
  43             OM_uint32 * lifetime,
  44             gss_cred_usage_t * cred_usage,
  45             gss_OID_set * mechanisms
  46            )
  47 {
  48     OM_uint32 ret, junk;
  49
  50     *minor_status = 0;
  51
  52     if (cred_handle == NULL)
  53         return GSS_S_NO_CRED;
  54
  55     if (name) {
  56         ntlm_name n = calloc(1, sizeof(*n));
  57         ntlm_cred c = (ntlm_cred)cred_handle;
  58         if (n) {
  59             n->user = strdup(c->username);
  60             n->domain = strdup(c->domain);
  61         }
  62         if (n == NULL || n->user == NULL || n->domain == NULL) {
  63             if (n)
  64                 free(n->user);
  65             *minor_status = ENOMEM;
  66             return GSS_S_FAILURE;
  67         }
  68         *name = (gss_name_t)n;
  69     }
  70     if (lifetime)
  71         *lifetime = GSS_C_INDEFINITE;
  72     if (cred_usage)
  73         *cred_usage = 0;
  74     if (mechanisms)
  75         *mechanisms = GSS_C_NO_OID_SET;
  76
  77     if (cred_handle == GSS_C_NO_CREDENTIAL)
  78         return GSS_S_NO_CRED;
  79
  80     if (mechanisms) {
  81         ret = gss_create_empty_oid_set(minor_status, mechanisms);
  82         if (ret)
  83             goto out;
  84         ret = gss_add_oid_set_member(minor_status,
  85                                      GSS_NTLM_MECHANISM,
  86                                      mechanisms);
  87         if (ret)
  88             goto out;
  89     }
  90
  91     return GSS_S_COMPLETE;
  92 out:
  93     gss_release_oid_set(&junk, mechanisms);
  94     return ret;
  95 }
  96
  97 #ifdef HAVE_KCM
  98 static OM_uint32
  99 _gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle)
 100 {
 101     krb5_storage *request, *response;
 102     krb5_data response_data;
 103     krb5_context context;
 104     krb5_error_code ret;
 105     ntlm_cred cred;
 106
 107     cred = (ntlm_cred)*cred_handle;
 108
 109     ret = krb5_init_context(&context);
 110     if (ret)
 111         return ret;
 112
 113     ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request);
 114     if (ret)
 115         goto out;
 116
 117     ret = krb5_store_stringz(request, cred->username);
 118     if (ret)
 119         goto out;
 120
 121     ret = krb5_store_stringz(request, cred->domain);
 122     if (ret)
 123         goto out;
 124
 125     ret = krb5_kcm_call(context, request, &response, &response_data);
 126     if (ret)
 127         goto out;
 128
 129     krb5_storage_free(request);
 130     krb5_storage_free(response);
 131     krb5_data_free(&response_data);
 132
 133  out:
 134     krb5_free_context(context);
 135
 136     return ret;
 137 }
 138 #endif /* HAVE_KCM */
 139
 140 OM_uint32 GSSAPI_CALLCONV
 141 _gss_ntlm_destroy_cred(OM_uint32 *minor_status,
 142                        gss_cred_id_t *cred_handle)
 143 {
 144 #ifdef HAVE_KCM
 145     krb5_error_code ret;
 146 #endif
 147
 148     if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
 149         return GSS_S_COMPLETE;
 150
 151 #ifdef HAVE_KCM
 152     ret = _gss_ntlm_destroy_kcm_cred(cred_handle);
 153     if (ret) {
 154         *minor_status = ret;
 155         return GSS_S_FAILURE;
 156     }
 157 #endif
 158
 159     return _gss_ntlm_release_cred(minor_status, cred_handle);
 160 }