1
/*
2
 * Copyright (c) 2000 - 2001, 2003 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 *
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * 3. Neither the name of the Institute nor the names of its contributors
18
 *    may be used to endorse or promote products derived from this software
19
 *    without specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
 * SUCH DAMAGE.
32
 */
33

34
#include "gsskrb5_locl.h"
35

36
#if 0
37
OM_uint32
38
gss_krb5_copy_ccache(OM_uint32 *minor_status,
39
		     krb5_context context,
40
		     gss_cred_id_t cred,
41
		     krb5_ccache out)
42
{
43
    krb5_error_code kret;
44

45
    HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
46

47
    if (cred->ccache == NULL) {
48
	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
49
	*minor_status = EINVAL;
50
	return GSS_S_FAILURE;
51
    }
52

53
    kret = krb5_cc_copy_cache(context, cred->ccache, out);
54
    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
55
    if (kret) {
56
	*minor_status = kret;
57
	return GSS_S_FAILURE;
58
    }
59
    *minor_status = 0;
60
    return GSS_S_COMPLETE;
61
}
62
#endif
63

64

65
OM_uint32
66
_gsskrb5_krb5_import_cred(OM_uint32 *minor_status,
67
			  krb5_ccache id,
68
			  krb5_principal keytab_principal,
69
			  krb5_keytab keytab,
70
			  gss_cred_id_t *cred)
71
{
72
    krb5_context context;
73
    krb5_error_code kret;
74
    gsskrb5_cred handle;
75
    OM_uint32 ret;
76

77
    *cred = NULL;
78

79
    GSSAPI_KRB5_INIT (&context);
80

81
    handle = calloc(1, sizeof(*handle));
82
    if (handle == NULL) {
83
	_gsskrb5_clear_status ();
84
	*minor_status = ENOMEM;
85
        return (GSS_S_FAILURE);
86
    }
87
    HEIMDAL_MUTEX_init(&handle->cred_id_mutex);
88

89
    handle->usage = 0;
90

91
    if (id) {
92
	char *str;
93

94
	handle->usage |= GSS_C_INITIATE;
95

96
	kret = krb5_cc_get_principal(context, id,
97
				     &handle->principal);
98
	if (kret) {
99
	    free(handle);
100
	    *minor_status = kret;
101
	    return GSS_S_FAILURE;
102
	}
103

104
	if (keytab_principal) {
105
	    krb5_boolean match;
106

107
	    match = krb5_principal_compare(context,
108
					   handle->principal,
109
					   keytab_principal);
110
	    if (match == FALSE) {
111
		krb5_free_principal(context, handle->principal);
112
		free(handle);
113
		_gsskrb5_clear_status ();
114
		*minor_status = EINVAL;
115
		return GSS_S_FAILURE;
116
	    }
117
	}
118

119
	ret = __gsskrb5_ccache_lifetime(minor_status,
120
					context,
121
					id,
122
					handle->principal,
123
					&handle->lifetime);
124
	if (ret != GSS_S_COMPLETE) {
125
	    krb5_free_principal(context, handle->principal);
126
	    free(handle);
127
	    return ret;
128
	}
129

130

131
	kret = krb5_cc_get_full_name(context, id, &str);
132
	if (kret)
133
	    goto out;
134

135
	kret = krb5_cc_resolve(context, str, &handle->ccache);
136
	free(str);
137
	if (kret)
138
	    goto out;
139
    }
140

141

142
    if (keytab) {
143
	char *str;
144

145
	handle->usage |= GSS_C_ACCEPT;
146

147
	if (keytab_principal && handle->principal == NULL) {
148
	    kret = krb5_copy_principal(context,
149
				       keytab_principal,
150
				       &handle->principal);
151
	    if (kret)
152
		goto out;
153
	}
154

155
	kret = krb5_kt_get_full_name(context, keytab, &str);
156
	if (kret)
157
	    goto out;
158

159
	kret = krb5_kt_resolve(context, str, &handle->keytab);
160
	free(str);
161
	if (kret)
162
	    goto out;
163
    }
164

165

166
    if (id || keytab) {
167
	ret = gss_create_empty_oid_set(minor_status, &handle->mechanisms);
168
	if (ret == GSS_S_COMPLETE)
169
	    ret = gss_add_oid_set_member(minor_status, GSS_KRB5_MECHANISM,
170
					 &handle->mechanisms);
171
	if (ret != GSS_S_COMPLETE) {
172
	    kret = *minor_status;
173
	    goto out;
174
	}
175
    }
176

177
    *minor_status = 0;
178
    *cred = (gss_cred_id_t)handle;
179
    return GSS_S_COMPLETE;
180

181
out:
182
    gss_release_oid_set(minor_status, &handle->mechanisms);
183
    if (handle->ccache)
184
	krb5_cc_close(context, handle->ccache);
185
    if (handle->keytab)
186
	krb5_kt_close(context, handle->keytab);
187
    if (handle->principal)
188
	krb5_free_principal(context, handle->principal);
189
    HEIMDAL_MUTEX_destroy(&handle->cred_id_mutex);
190
    free(handle);
191
    *minor_status = kret;
192
    return GSS_S_FAILURE;
193
}
194

195