lib/gssapi/krb5/import_sec_context.c

   1 /*
   2  * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "gsskrb5_locl.h"
  35
  36 OM_uint32 GSSAPI_CALLCONV
  37 _gsskrb5_import_sec_context (
  38     OM_uint32 * minor_status,
  39     const gss_buffer_t interprocess_token,
  40     gss_ctx_id_t * context_handle
  41     )
  42 {
  43     OM_uint32 ret = GSS_S_FAILURE;
  44     krb5_context context;
  45     krb5_error_code kret;
  46     krb5_storage *sp;
  47     krb5_auth_context ac;
  48     krb5_address local, remote;
  49     krb5_address *localp, *remotep;
  50     krb5_keyblock keyblock;
  51     int32_t flags, tmp;
  52     int64_t tmp64;
  53     gsskrb5_ctx ctx;
  54
  55     GSSAPI_KRB5_INIT (&context);
  56
  57     *context_handle = GSS_C_NO_CONTEXT;
  58
  59     localp = remotep = NULL;
  60
  61     sp = krb5_storage_from_mem (interprocess_token->value,
  62                                 interprocess_token->length);
  63     if (sp == NULL) {
  64         *minor_status = ENOMEM;
  65         return GSS_S_FAILURE;
  66     }
  67
  68     krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_PACKED);
  69     krb5_storage_set_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE);
  70
  71     ctx = calloc(1, sizeof(*ctx));
  72     if (ctx == NULL) {
  73         *minor_status = ENOMEM;
  74         krb5_storage_free (sp);
  75         return GSS_S_FAILURE;
  76     }
  77     HEIMDAL_MUTEX_init(&ctx->ctx_id_mutex);
  78
  79     kret = krb5_auth_con_init (context,
  80                                &ctx->auth_context);
  81     if (kret) {
  82         *minor_status = kret;
  83         ret = GSS_S_FAILURE;
  84         goto failure;
  85     }
  86
  87     /* flags */
  88
  89     *minor_status = 0;
  90
  91     if (krb5_ret_int32 (sp, &flags) != 0)
  92         goto failure;
  93
  94     /* retrieve the auth context */
  95
  96     ac = ctx->auth_context;
  97     if (krb5_ret_int32 (sp, &tmp) != 0)
  98         goto failure;
  99     ac->flags = tmp;
 100     if (flags & SC_LOCAL_ADDRESS) {
 101         if (krb5_ret_address (sp, localp = &local) != 0)
 102             goto failure;
 103     }
 104
 105     if (flags & SC_REMOTE_ADDRESS) {
 106         if (krb5_ret_address (sp, remotep = &remote) != 0)
 107             goto failure;
 108     }
 109
 110     krb5_auth_con_setaddrs (context, ac, localp, remotep);
 111     if (localp)
 112         krb5_free_address (context, localp);
 113     if (remotep)
 114         krb5_free_address (context, remotep);
 115     localp = remotep = NULL;
 116
 117     if (krb5_ret_int16 (sp, &ac->local_port) != 0)
 118         goto failure;
 119
 120     if (krb5_ret_int16 (sp, &ac->remote_port) != 0)
 121         goto failure;
 122     if (flags & SC_KEYBLOCK) {
 123         if (krb5_ret_keyblock (sp, &keyblock) != 0)
 124             goto failure;
 125         krb5_auth_con_setkey (context, ac, &keyblock);
 126         krb5_free_keyblock_contents (context, &keyblock);
 127     }
 128     if (flags & SC_LOCAL_SUBKEY) {
 129         if (krb5_ret_keyblock (sp, &keyblock) != 0)
 130             goto failure;
 131         krb5_auth_con_setlocalsubkey (context, ac, &keyblock);
 132         krb5_free_keyblock_contents (context, &keyblock);
 133     }
 134     if (flags & SC_REMOTE_SUBKEY) {
 135         if (krb5_ret_keyblock (sp, &keyblock) != 0)
 136             goto failure;
 137         krb5_auth_con_setremotesubkey (context, ac, &keyblock);
 138         krb5_free_keyblock_contents (context, &keyblock);
 139     }
 140     if (krb5_ret_uint32 (sp, &ac->local_seqnumber))
 141         goto failure;
 142     if (krb5_ret_uint32 (sp, &ac->remote_seqnumber))
 143         goto failure;
 144
 145     if (flags & SC_AUTHENTICATOR) {
 146         if (krb5_ret_int64(sp, &tmp64))
 147             goto failure;
 148         ac->authenticator->ctime = tmp64;
 149         if (krb5_ret_int32(sp, &tmp))
 150             goto failure;
 151         ac->authenticator->cusec = tmp;
 152     }
 153
 154     if (krb5_ret_int32 (sp, &tmp) != 0)
 155         goto failure;
 156     ac->keytype = tmp;
 157     if (krb5_ret_int32 (sp, &tmp) != 0)
 158         goto failure;
 159     ac->cksumtype = tmp;
 160
 161     /* names */
 162     if (flags & SC_SOURCE_NAME) {
 163         if (krb5_ret_principal(sp, &ctx->source))
 164             goto failure;
 165     }
 166
 167     if (flags & SC_TARGET_NAME) {
 168         if (krb5_ret_principal(sp, &ctx->target))
 169             goto failure;
 170     }
 171
 172     if (krb5_ret_int32 (sp, &tmp))
 173         goto failure;
 174     ctx->flags = tmp;
 175     if (krb5_ret_int32 (sp, &tmp))
 176         goto failure;
 177     ctx->more_flags = tmp;
 178     if (krb5_ret_int32 (sp, &tmp))
 179         goto failure;
 180     ctx->state = tmp;
 181     /*
 182      * XXX endtime should be a 64-bit int, but we don't have
 183      * krb5_ret_int64() yet.
 184      */
 185     if (krb5_ret_int32 (sp, &tmp))
 186         goto failure;
 187     ctx->endtime = tmp;
 188
 189     if (flags & SC_ORDER) {
 190         ret = _gssapi_msg_order_import(minor_status, sp, &ctx->order);
 191         if (ret)
 192             goto failure;
 193     }
 194
 195     krb5_storage_free (sp);
 196
 197     _gsskrb5i_is_cfx(context, ctx, (ctx->more_flags & LOCAL) == 0);
 198
 199     *context_handle = (gss_ctx_id_t)ctx;
 200
 201     return GSS_S_COMPLETE;
 202
 203 failure:
 204     krb5_auth_con_free (context,
 205                         ctx->auth_context);
 206     if (ctx->source != NULL)
 207         krb5_free_principal(context, ctx->source);
 208     if (ctx->target != NULL)
 209         krb5_free_principal(context, ctx->target);
 210     if (localp)
 211         krb5_free_address (context, localp);
 212     if (remotep)
 213         krb5_free_address (context, remotep);
 214     if(ctx->order)
 215         _gssapi_msg_order_destroy(&ctx->order);
 216     HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
 217     krb5_storage_free (sp);
 218     free (ctx);
 219     *context_handle = GSS_C_NO_CONTEXT;
 220     return ret;
 221 }