2 * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "gsskrb5_locl.h"
36 OM_uint32 GSSAPI_CALLCONV
37 _gsskrb5_import_sec_context (
38 OM_uint32
* minor_status
,
39 const gss_buffer_t interprocess_token
,
40 gss_ctx_id_t
* context_handle
43 OM_uint32 ret
= GSS_S_FAILURE
;
48 krb5_address local
, remote
;
49 krb5_address
*localp
, *remotep
;
50 krb5_keyblock keyblock
;
55 GSSAPI_KRB5_INIT (&context
);
57 *context_handle
= GSS_C_NO_CONTEXT
;
59 localp
= remotep
= NULL
;
61 sp
= krb5_storage_from_mem (interprocess_token
->value
,
62 interprocess_token
->length
);
64 *minor_status
= ENOMEM
;
68 krb5_storage_set_byteorder(sp
, KRB5_STORAGE_BYTEORDER_PACKED
);
69 krb5_storage_set_flags(sp
, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE
);
71 ctx
= calloc(1, sizeof(*ctx
));
73 *minor_status
= ENOMEM
;
74 krb5_storage_free (sp
);
77 HEIMDAL_MUTEX_init(&ctx
->ctx_id_mutex
);
79 kret
= krb5_auth_con_init (context
,
91 if (krb5_ret_int32 (sp
, &flags
) != 0)
94 /* retrieve the auth context */
96 ac
= ctx
->auth_context
;
97 if (krb5_ret_int32 (sp
, &tmp
) != 0)
100 if (flags
& SC_LOCAL_ADDRESS
) {
101 if (krb5_ret_address (sp
, localp
= &local
) != 0)
105 if (flags
& SC_REMOTE_ADDRESS
) {
106 if (krb5_ret_address (sp
, remotep
= &remote
) != 0)
110 krb5_auth_con_setaddrs (context
, ac
, localp
, remotep
);
112 krb5_free_address (context
, localp
);
114 krb5_free_address (context
, remotep
);
115 localp
= remotep
= NULL
;
117 if (krb5_ret_int16 (sp
, &ac
->local_port
) != 0)
120 if (krb5_ret_int16 (sp
, &ac
->remote_port
) != 0)
122 if (flags
& SC_KEYBLOCK
) {
123 if (krb5_ret_keyblock (sp
, &keyblock
) != 0)
125 krb5_auth_con_setkey (context
, ac
, &keyblock
);
126 krb5_free_keyblock_contents (context
, &keyblock
);
128 if (flags
& SC_LOCAL_SUBKEY
) {
129 if (krb5_ret_keyblock (sp
, &keyblock
) != 0)
131 krb5_auth_con_setlocalsubkey (context
, ac
, &keyblock
);
132 krb5_free_keyblock_contents (context
, &keyblock
);
134 if (flags
& SC_REMOTE_SUBKEY
) {
135 if (krb5_ret_keyblock (sp
, &keyblock
) != 0)
137 krb5_auth_con_setremotesubkey (context
, ac
, &keyblock
);
138 krb5_free_keyblock_contents (context
, &keyblock
);
140 if (krb5_ret_uint32 (sp
, &ac
->local_seqnumber
))
142 if (krb5_ret_uint32 (sp
, &ac
->remote_seqnumber
))
145 if (flags
& SC_AUTHENTICATOR
) {
146 if (krb5_ret_int64(sp
, &tmp64
))
148 ac
->authenticator
->ctime
= tmp64
;
149 if (krb5_ret_int32(sp
, &tmp
))
151 ac
->authenticator
->cusec
= tmp
;
154 if (krb5_ret_int32 (sp
, &tmp
) != 0)
157 if (krb5_ret_int32 (sp
, &tmp
) != 0)
162 if (flags
& SC_SOURCE_NAME
) {
163 if (krb5_ret_principal(sp
, &ctx
->source
))
167 if (flags
& SC_TARGET_NAME
) {
168 if (krb5_ret_principal(sp
, &ctx
->target
))
172 if (krb5_ret_int32 (sp
, &tmp
))
175 if (krb5_ret_int32 (sp
, &tmp
))
177 ctx
->more_flags
= tmp
;
178 if (krb5_ret_int32 (sp
, &tmp
))
182 * XXX endtime should be a 64-bit int, but we don't have
183 * krb5_ret_int64() yet.
185 if (krb5_ret_int32 (sp
, &tmp
))
189 if (flags
& SC_ORDER
) {
190 ret
= _gssapi_msg_order_import(minor_status
, sp
, &ctx
->order
);
195 krb5_storage_free (sp
);
197 _gsskrb5i_is_cfx(context
, ctx
, (ctx
->more_flags
& LOCAL
) == 0);
199 *context_handle
= (gss_ctx_id_t
)ctx
;
201 return GSS_S_COMPLETE
;
204 krb5_auth_con_free (context
,
206 if (ctx
->source
!= NULL
)
207 krb5_free_principal(context
, ctx
->source
);
208 if (ctx
->target
!= NULL
)
209 krb5_free_principal(context
, ctx
->target
);
211 krb5_free_address (context
, localp
);
213 krb5_free_address (context
, remotep
);
215 _gssapi_msg_order_destroy(&ctx
->order
);
216 HEIMDAL_MUTEX_destroy(&ctx
->ctx_id_mutex
);
217 krb5_storage_free (sp
);
219 *context_handle
= GSS_C_NO_CONTEXT
;