lib/gssapi/ntlm/creds.c

   1 /*
   2  * Copyright (c) 2006 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in the
  17  *    documentation and/or other materials provided with the distribution.
  18  *
  19  * 3. Neither the name of the Institute nor the names of its contributors
  20  *    may be used to endorse or promote products derived from this software
  21  *    without specific prior written permission.
  22  *
  23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  33  * SUCH DAMAGE.
  34  */
  35
  36 #include "ntlm.h"
  37
  38 OM_uint32 GSSAPI_CALLCONV
  39 _gss_ntlm_inquire_cred
  40            (OM_uint32 * minor_status,
  41             gss_const_cred_id_t cred_handle,
  42             gss_name_t * name,
  43             OM_uint32 * lifetime,
  44             gss_cred_usage_t * cred_usage,
  45             gss_OID_set * mechanisms
  46            )
  47 {
  48     OM_uint32 ret, junk;
  49
  50     *minor_status = 0;
  51
  52     if (cred_handle == NULL)
  53         return GSS_S_NO_CRED;
  54
  55     if (name) {
  56         ntlm_name n = calloc(1, sizeof(*n));
  57         ntlm_cred c = (ntlm_cred)cred_handle;
  58         if (n) {
  59             n->user = strdup(c->username);
  60             n->domain = strdup(c->domain);
  61         }
  62         if (n == NULL || n->user == NULL || n->domain == NULL) {
  63             if (n) {
  64                 free(n->user);
  65                 free(n->domain);
  66                 free(n);
  67             }
  68             *minor_status = ENOMEM;
  69             return GSS_S_FAILURE;
  70         }
  71         *name = (gss_name_t)n;
  72     }
  73     if (lifetime)
  74         *lifetime = GSS_C_INDEFINITE;
  75     if (cred_usage)
  76         *cred_usage = 0;
  77     if (mechanisms)
  78         *mechanisms = GSS_C_NO_OID_SET;
  79     if (mechanisms) {
  80         ret = gss_create_empty_oid_set(minor_status, mechanisms);
  81         if (ret)
  82             goto out;
  83         ret = gss_add_oid_set_member(minor_status,
  84                                      GSS_NTLM_MECHANISM,
  85                                      mechanisms);
  86         if (ret)
  87             goto out;
  88     }
  89
  90     return GSS_S_COMPLETE;
  91 out:
  92     gss_release_oid_set(&junk, mechanisms);
  93     return ret;
  94 }
  95
  96 #ifdef HAVE_KCM
  97 static OM_uint32
  98 _gss_ntlm_destroy_kcm_cred(gss_cred_id_t *cred_handle)
  99 {
 100     krb5_storage *request, *response;
 101     krb5_data response_data;
 102     krb5_context context;
 103     krb5_error_code ret;
 104     ntlm_cred cred;
 105
 106     cred = (ntlm_cred)*cred_handle;
 107
 108     ret = krb5_init_context(&context);
 109     if (ret)
 110         return ret;
 111
 112     ret = krb5_kcm_storage_request(context, KCM_OP_DEL_NTLM_CRED, &request);
 113     if (ret)
 114         goto out;
 115
 116     ret = krb5_store_stringz(request, cred->username);
 117     if (ret)
 118         goto out;
 119
 120     ret = krb5_store_stringz(request, cred->domain);
 121     if (ret)
 122         goto out;
 123
 124     ret = krb5_kcm_call(context, request, &response, &response_data);
 125     if (ret)
 126         goto out;
 127
 128     krb5_storage_free(request);
 129     krb5_storage_free(response);
 130     krb5_data_free(&response_data);
 131
 132  out:
 133     krb5_free_context(context);
 134
 135     return ret;
 136 }
 137 #endif /* HAVE_KCM */
 138
 139 OM_uint32 GSSAPI_CALLCONV
 140 _gss_ntlm_destroy_cred(OM_uint32 *minor_status,
 141                        gss_cred_id_t *cred_handle)
 142 {
 143 #ifdef HAVE_KCM
 144     krb5_error_code ret;
 145 #endif
 146
 147     if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
 148         return GSS_S_COMPLETE;
 149
 150 #ifdef HAVE_KCM
 151     ret = _gss_ntlm_destroy_kcm_cred(cred_handle);
 152     if (ret) {
 153         *minor_status = ret;
 154         return GSS_S_FAILURE;
 155     }
 156 #endif
 157
 158     return _gss_ntlm_release_cred(minor_status, cred_handle);
 159 }