lib/gssapi/mech/gss_import_sec_context.c

   1 /*-
   2  * Copyright (c) 2005 Doug Rabson
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  * 2. Redistributions in binary form must reproduce the above copyright
  11  *    notice, this list of conditions and the following disclaimer in the
  12  *    documentation and/or other materials provided with the distribution.
  13  *
  14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  24  * SUCH DAMAGE.
  25  *
  26  *      $FreeBSD: src/lib/libgssapi/gss_import_sec_context.c,v 1.1 2005/12/29 14:40:20 dfr Exp $
  27  */
  28
  29 #include "mech_locl.h"
  30
  31 GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
  32 gss_import_sec_context(OM_uint32 *minor_status,
  33     const gss_buffer_t interprocess_token,
  34     gss_ctx_id_t *context_handle)
  35 {
  36         OM_uint32 ret = GSS_S_FAILURE, tmp_minor;
  37         krb5_storage *sp;
  38         gssapi_mech_interface m;
  39         struct _gss_context *ctx = NULL;
  40         gss_buffer_desc buf = GSS_C_EMPTY_BUFFER;
  41         unsigned char verflags;
  42
  43         _gss_mg_log(10, "gss-isc called");
  44
  45         if (!context_handle) {
  46             *minor_status = EFAULT;
  47             return GSS_S_CALL_INACCESSIBLE_WRITE;
  48         }
  49
  50         *minor_status = 0;
  51         *context_handle = GSS_C_NO_CONTEXT;
  52
  53         sp = krb5_storage_from_mem(interprocess_token->value,
  54                                    interprocess_token->length);
  55         if (!sp) {
  56             *minor_status = ENOMEM;
  57             return GSS_S_FAILURE;
  58         }
  59         krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_PACKED);
  60
  61         ctx = calloc(1, sizeof(struct _gss_context));
  62         if (!ctx) {
  63             *minor_status = ENOMEM;
  64             goto failure;
  65         }
  66
  67         if (krb5_ret_uint8(sp, &verflags))
  68             goto failure;
  69
  70         if ((verflags & EXPORT_CONTEXT_VERSION_MASK) != 0) {
  71             _gss_mg_log(10, "gss-isc failed, token version %d not recognised",
  72                 (int)(verflags & EXPORT_CONTEXT_VERSION_MASK));
  73             /* We don't recognise the version */
  74             goto failure;
  75         }
  76
  77         if (verflags & EXPORT_CONTEXT_FLAG_ACCUMULATING) {
  78             uint32_t target_len;
  79
  80             if (krb5_ret_uint8(sp, &ctx->gc_initial))
  81                 goto failure;
  82
  83             if (krb5_ret_uint32(sp, &target_len))
  84                 goto failure;
  85
  86             ret = _gss_mg_ret_buffer(minor_status, sp, &buf);
  87             if (ret != GSS_S_COMPLETE)
  88                 goto failure;
  89
  90             ctx->gc_free_this = ctx->gc_input.value = calloc(target_len, 1);
  91             if (ctx->gc_input.value == NULL)
  92                 goto failure;
  93
  94             ctx->gc_target_len   = target_len;
  95             ctx->gc_input.length = buf.length;
  96             if (buf.value)
  97                 memcpy(ctx->gc_input.value, buf.value, buf.length);
  98
  99             gss_release_buffer(&tmp_minor, &buf);
 100         }
 101
 102         if (verflags & EXPORT_CONTEXT_FLAG_MECH_CTX) {
 103             gss_OID mech_oid;
 104
 105             ret = _gss_mg_ret_oid(minor_status, sp, &mech_oid);
 106             if (ret != GSS_S_COMPLETE)
 107                 goto failure;
 108
 109             if (mech_oid == GSS_C_NO_OID) {
 110                 ret = GSS_S_BAD_MECH;
 111                 goto failure;
 112             }
 113
 114             m = __gss_get_mechanism(mech_oid);
 115             if (m == NULL) {
 116                 ret = GSS_S_DEFECTIVE_TOKEN;
 117                 goto failure;
 118             }
 119             ctx->gc_mech = m;
 120
 121             ret = _gss_mg_ret_buffer(minor_status, sp, &buf);
 122             if (ret != GSS_S_COMPLETE)
 123                 goto failure;
 124
 125             if (buf.value == NULL) {
 126                 ret = GSS_S_DEFECTIVE_TOKEN;
 127                 goto failure;
 128             }
 129
 130             ret = m->gm_import_sec_context(minor_status, &buf, &ctx->gc_ctx);
 131             if (ret != GSS_S_COMPLETE) {
 132                 _gss_mg_error(m, *minor_status);
 133                 goto failure;
 134             }
 135         }
 136
 137         *context_handle = (gss_ctx_id_t) ctx;
 138         ctx = NULL;
 139
 140         ret = GSS_S_COMPLETE;
 141
 142 failure:
 143         free(ctx);
 144         krb5_storage_free(sp);
 145         _gss_secure_release_buffer(&tmp_minor, &buf);
 146         return ret;
 147 }