1
/*
2
 * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 *
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * 3. Neither the name of the Institute nor the names of its contributors
18
 *    may be used to endorse or promote products derived from this software
19
 *    without specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31
 * SUCH DAMAGE.
32
 */
33

34
#include "gsskrb5_locl.h"
35

36
OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
37
(OM_uint32 * minor_status,
38
 const gss_cred_id_t cred_handle,
39
 gss_name_t * output_name,
40
 OM_uint32 * lifetime,
41
 gss_cred_usage_t * cred_usage,
42
 gss_OID_set * mechanisms
43
    )
44
{
45
    krb5_context context;
46
    gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL;
47
    gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL;
48
    gsskrb5_cred acred = NULL, icred = NULL;
49
    OM_uint32 ret;
50

51
    *minor_status = 0;
52

53
    if (output_name)
54
	*output_name = NULL;
55
    if (mechanisms)
56
	*mechanisms = GSS_C_NO_OID_SET;
57

58
    GSSAPI_KRB5_INIT (&context);
59

60
    if (cred_handle == GSS_C_NO_CREDENTIAL) {
61
	ret = _gsskrb5_acquire_cred(minor_status,
62
				    GSS_C_NO_NAME,
63
				    GSS_C_INDEFINITE,
64
				    GSS_C_NO_OID_SET,
65
				    GSS_C_ACCEPT,
66
				    &aqcred_accept,
67
				    NULL,
68
				    NULL);
69
	if (ret == GSS_S_COMPLETE)
70
	    acred = (gsskrb5_cred)aqcred_accept;
71

72
	ret = _gsskrb5_acquire_cred(minor_status,
73
				    GSS_C_NO_NAME,
74
				    GSS_C_INDEFINITE,
75
				    GSS_C_NO_OID_SET,
76
				    GSS_C_INITIATE,
77
				    &aqcred_init,
78
				    NULL,
79
				    NULL);
80
	if (ret == GSS_S_COMPLETE)
81
	    icred = (gsskrb5_cred)aqcred_init;
82

83
	if (icred == NULL && acred == NULL) {
84
	    *minor_status = 0;
85
	    return GSS_S_NO_CRED;
86
	}
87
    } else
88
	acred = (gsskrb5_cred)cred_handle;
89

90
    if (acred)
91
	HEIMDAL_MUTEX_lock(&acred->cred_id_mutex);
92
    if (icred)
93
	HEIMDAL_MUTEX_lock(&icred->cred_id_mutex);
94

95
    if (output_name != NULL) {
96
	if (icred && icred->principal != NULL) {
97
	    gss_name_t name;
98

99
	    if (acred && acred->principal)
100
		name = (gss_name_t)acred->principal;
101
	    else
102
		name = (gss_name_t)icred->principal;
103

104
            ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
105
            if (ret)
106
		goto out;
107
	} else if (acred && acred->usage == GSS_C_ACCEPT) {
108
	    krb5_principal princ;
109
	    *minor_status = krb5_sname_to_principal(context, NULL,
110
						    NULL, KRB5_NT_SRV_HST,
111
						    &princ);
112
	    if (*minor_status) {
113
		ret = GSS_S_FAILURE;
114
		goto out;
115
	    }
116
	    *output_name = (gss_name_t)princ;
117
	} else {
118
	    krb5_principal princ;
119
	    *minor_status = krb5_get_default_principal(context,
120
						       &princ);
121
	    if (*minor_status) {
122
		ret = GSS_S_FAILURE;
123
		goto out;
124
	    }
125
	    *output_name = (gss_name_t)princ;
126
	}
127
    }
128
    if (lifetime != NULL) {
129
	OM_uint32 alife = GSS_C_INDEFINITE, ilife = GSS_C_INDEFINITE;
130

131
	if (acred) alife = acred->lifetime;
132
	if (icred) ilife = icred->lifetime;
133

134
	ret = _gsskrb5_lifetime_left(minor_status,
135
				     context,
136
				     min(alife,ilife),
137
				     lifetime);
138
	if (ret)
139
	    goto out;
140
    }
141
    if (cred_usage != NULL) {
142
	if (acred && icred)
143
	    *cred_usage = GSS_C_BOTH;
144
	else if (acred)
145
	    *cred_usage = GSS_C_ACCEPT;
146
	else if (icred)
147
	    *cred_usage = GSS_C_INITIATE;
148
	else
149
	    abort();
150
    }
151

152
    if (mechanisms != NULL) {
153
        ret = gss_create_empty_oid_set(minor_status, mechanisms);
154
        if (ret)
155
	    goto out;
156
	if (acred)
157
	    ret = gss_add_oid_set_member(minor_status,
158
					 &acred->mechanisms->elements[0],
159
					 mechanisms);
160
	if (ret == GSS_S_COMPLETE && icred)
161
	    ret = gss_add_oid_set_member(minor_status,
162
					 &icred->mechanisms->elements[0],
163
					 mechanisms);
164
        if (ret)
165
	    goto out;
166
    }
167
    ret = GSS_S_COMPLETE;
168
out:
169
    if (acred)
170
	HEIMDAL_MUTEX_unlock(&acred->cred_id_mutex);
171
    if (icred)
172
	HEIMDAL_MUTEX_unlock(&icred->cred_id_mutex);
173

174
    if (aqcred_init != GSS_C_NO_CREDENTIAL)
175
	ret = _gsskrb5_release_cred(minor_status, &aqcred_init);
176
    if (aqcred_accept != GSS_C_NO_CREDENTIAL)
177
	ret = _gsskrb5_release_cred(minor_status, &aqcred_accept);
178

179
    return ret;
180
}
181

182