Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/heimdal/lib/gssapi/krb5/creds.c
34923 views
1
/*

2
 * Copyright (c) 2009 Kungliga Tekniska Högskolan

3
 * (Royal Institute of Technology, Stockholm, Sweden).

4
 * All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 *

13
 * 2. Redistributions in binary form must reproduce the above copyright

14
 *    notice, this list of conditions and the following disclaimer in the

15
 *    documentation and/or other materials provided with the distribution.

16
 *

17
 * 3. Neither the name of the Institute nor the names of its contributors

18
 *    may be used to endorse or promote products derived from this software

19
 *    without specific prior written permission.

20
 *

21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

31
 * SUCH DAMAGE.

32
 */

33


34
#include "gsskrb5_locl.h"

35


36
OM_uint32 GSSAPI_CALLCONV

37
_gsskrb5_export_cred(OM_uint32 *minor_status,

38
		     gss_cred_id_t cred_handle,

39
		     gss_buffer_t cred_token)

40
{

41
    gsskrb5_cred handle = (gsskrb5_cred)cred_handle;

42
    krb5_context context;

43
    krb5_error_code ret;

44
    krb5_storage *sp;

45
    krb5_data data, mech;

46
    const char *type;

47
    char *str;

48


49
    GSSAPI_KRB5_INIT (&context);

50


51
    if (handle->usage != GSS_C_INITIATE && handle->usage != GSS_C_BOTH) {

52
	*minor_status = GSS_KRB5_S_G_BAD_USAGE;

53
	return GSS_S_FAILURE;

54
    }

55


56
    sp = krb5_storage_emem();

57
    if (sp == NULL) {

58
	*minor_status = ENOMEM;

59
	return GSS_S_FAILURE;

60
    }

61


62
    type = krb5_cc_get_type(context, handle->ccache);

63
    if (strcmp(type, "MEMORY") == 0) {

64
	krb5_creds *creds;

65
	ret = krb5_store_uint32(sp, 0);

66
	if (ret) {

67
	    krb5_storage_free(sp);

68
	    *minor_status = ret;

69
	    return GSS_S_FAILURE;

70
	}

71


72
	ret = _krb5_get_krbtgt(context, handle->ccache,

73
			       handle->principal->realm,

74
			       &creds);

75
	if (ret) {

76
	    krb5_storage_free(sp);

77
	    *minor_status = ret;

78
	    return GSS_S_FAILURE;

79
	}

80


81
	ret = krb5_store_creds(sp, creds);

82
	krb5_free_creds(context, creds);

83
	if (ret) {

84
	    krb5_storage_free(sp);

85
	    *minor_status = ret;

86
	    return GSS_S_FAILURE;

87
	}

88


89
    } else {

90
	ret = krb5_store_uint32(sp, 1);

91
	if (ret) {

92
	    krb5_storage_free(sp);

93
	    *minor_status = ret;

94
	    return GSS_S_FAILURE;

95
	}

96


97
	ret = krb5_cc_get_full_name(context, handle->ccache, &str);

98
	if (ret) {

99
	    krb5_storage_free(sp);

100
	    *minor_status = ret;

101
	    return GSS_S_FAILURE;

102
	}

103


104
	ret = krb5_store_string(sp, str);

105
	free(str);

106
	if (ret) {

107
	    krb5_storage_free(sp);

108
	    *minor_status = ret;

109
	    return GSS_S_FAILURE;

110
	}

111
    }

112
    ret = krb5_storage_to_data(sp, &data);

113
    krb5_storage_free(sp);

114
    if (ret) {

115
	*minor_status = ret;

116
	return GSS_S_FAILURE;

117
    }

118
    sp = krb5_storage_emem();

119
    if (sp == NULL) {

120
	krb5_data_free(&data);

121
	*minor_status = ENOMEM;

122
	return GSS_S_FAILURE;

123
    }

124


125
    mech.data = GSS_KRB5_MECHANISM->elements;

126
    mech.length = GSS_KRB5_MECHANISM->length;

127


128
    ret = krb5_store_data(sp, mech);

129
    if (ret) {

130
	krb5_data_free(&data);

131
	krb5_storage_free(sp);

132
	*minor_status = ret;

133
	return GSS_S_FAILURE;

134
    }

135


136
    ret = krb5_store_data(sp, data);

137
    krb5_data_free(&data);

138
    if (ret) {

139
	krb5_storage_free(sp);

140
	*minor_status = ret;

141
	return GSS_S_FAILURE;

142
    }

143


144
    ret = krb5_storage_to_data(sp, &data);

145
    krb5_storage_free(sp);

146
    if (ret) {

147
	*minor_status = ret;

148
	return GSS_S_FAILURE;

149
    }

150


151
    cred_token->value = data.data;

152
    cred_token->length = data.length;

153


154
    return GSS_S_COMPLETE;

155
}

156


157
OM_uint32 GSSAPI_CALLCONV

158
_gsskrb5_import_cred(OM_uint32 * minor_status,

159
		     gss_buffer_t cred_token,

160
		     gss_cred_id_t * cred_handle)

161
{

162
    krb5_context context;

163
    krb5_error_code ret;

164
    gsskrb5_cred handle;

165
    krb5_ccache id;

166
    krb5_storage *sp;

167
    char *str;

168
    uint32_t type;

169
    int flags = 0;

170


171
    *cred_handle = GSS_C_NO_CREDENTIAL;

172


173
    GSSAPI_KRB5_INIT (&context);

174


175
    sp = krb5_storage_from_mem(cred_token->value, cred_token->length);

176
    if (sp == NULL) {

177
	*minor_status = ENOMEM;

178
	return GSS_S_FAILURE;

179
    }

180


181
    ret = krb5_ret_uint32(sp, &type);

182
    if (ret) {

183
	krb5_storage_free(sp);

184
	*minor_status = ret;

185
	return GSS_S_FAILURE;

186
    }

187
    switch (type) {

188
    case 0: {

189
	krb5_creds creds;

190


191
	ret = krb5_ret_creds(sp, &creds);

192
	krb5_storage_free(sp);

193
	if (ret) {

194
	    *minor_status = ret;

195
	    return GSS_S_FAILURE;

196
	}

197


198
	ret = krb5_cc_new_unique(context, "MEMORY", NULL, &id);

199
	if (ret) {

200
	    *minor_status = ret;

201
	    return GSS_S_FAILURE;

202
	}

203


204
	ret = krb5_cc_initialize(context, id, creds.client);

205
	if (ret) {

206
	    krb5_cc_destroy(context, id);

207
	    *minor_status = ret;

208
	    return GSS_S_FAILURE;

209
	}

210


211
	ret = krb5_cc_store_cred(context, id, &creds);

212
	krb5_free_cred_contents(context, &creds);

213


214
	flags |= GSS_CF_DESTROY_CRED_ON_RELEASE;

215


216
	break;

217
    }

218
    case 1:

219
	ret = krb5_ret_string(sp, &str);

220
	krb5_storage_free(sp);

221
	if (ret) {

222
	    *minor_status = ret;

223
	    return GSS_S_FAILURE;

224
	}

225


226
	ret = krb5_cc_resolve(context, str, &id);

227
	krb5_xfree(str);

228
	if (ret) {

229
	    *minor_status = ret;

230
	    return GSS_S_FAILURE;

231
	}

232
	break;

233


234
    default:

235
	krb5_storage_free(sp);

236
	*minor_status = 0;

237
	return GSS_S_NO_CRED;

238
    }

239


240
    handle = calloc(1, sizeof(*handle));

241
    if (handle == NULL) {

242
	krb5_cc_close(context, id);

243
	*minor_status = ENOMEM;

244
	return GSS_S_FAILURE;

245
    }

246


247
    handle->usage = GSS_C_INITIATE;

248
    krb5_cc_get_principal(context, id, &handle->principal);

249
    handle->ccache = id;

250
    handle->cred_flags = flags;

251


252
    *cred_handle = (gss_cred_id_t)handle;

253


254
    return GSS_S_COMPLETE;

255
}

256


257