Path: blob/main/crypto/heimdal/lib/gssapi/mech/gss_cred.c
34914 views
/*1* Copyright (c) 2009 Kungliga Tekniska Högskolan2* (Royal Institute of Technology, Stockholm, Sweden).3* All rights reserved.4*5* Redistribution and use in source and binary forms, with or without6* modification, are permitted provided that the following conditions7* are met:8*9* 1. Redistributions of source code must retain the above copyright10* notice, this list of conditions and the following disclaimer.11*12* 2. Redistributions in binary form must reproduce the above copyright13* notice, this list of conditions and the following disclaimer in the14* documentation and/or other materials provided with the distribution.15*16* 3. Neither the name of KTH nor the names of its contributors may be17* used to endorse or promote products derived from this software without18* specific prior written permission.19*20* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY21* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE22* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR23* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE24* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR25* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF26* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR27* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,28* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR29* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF30* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.31*/3233#include "mech_locl.h"34#include <krb5.h>3536/*37* format: any number of:38* mech-len: int3239* mech-data: char * (not alligned)40* cred-len: int3241* cred-data char * (not alligned)42*/4344GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL45gss_export_cred(OM_uint32 * minor_status,46gss_cred_id_t cred_handle,47gss_buffer_t token)48{49struct _gss_cred *cred = (struct _gss_cred *)cred_handle;50struct _gss_mechanism_cred *mc;51gss_buffer_desc buffer;52krb5_error_code ret;53krb5_storage *sp;54OM_uint32 major;55krb5_data data;5657_mg_buffer_zero(token);5859if (cred == NULL) {60*minor_status = 0;61return GSS_S_NO_CRED;62}6364HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {65if (mc->gmc_mech->gm_export_cred == NULL) {66*minor_status = 0;67return GSS_S_NO_CRED;68}69}7071sp = krb5_storage_emem();72if (sp == NULL) {73*minor_status = ENOMEM;74return GSS_S_FAILURE;75}7677HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {7879major = mc->gmc_mech->gm_export_cred(minor_status,80mc->gmc_cred, &buffer);81if (major) {82krb5_storage_free(sp);83return major;84}8586ret = krb5_storage_write(sp, buffer.value, buffer.length);87if (ret < 0 || (size_t)ret != buffer.length) {88gss_release_buffer(minor_status, &buffer);89krb5_storage_free(sp);90*minor_status = EINVAL;91return GSS_S_FAILURE;92}93gss_release_buffer(minor_status, &buffer);94}9596ret = krb5_storage_to_data(sp, &data);97krb5_storage_free(sp);98if (ret) {99*minor_status = ret;100return GSS_S_FAILURE;101}102103token->value = data.data;104token->length = data.length;105106return GSS_S_COMPLETE;107}108109GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL110gss_import_cred(OM_uint32 * minor_status,111gss_buffer_t token,112gss_cred_id_t * cred_handle)113{114gssapi_mech_interface m;115krb5_error_code ret;116struct _gss_cred *cred;117krb5_storage *sp = NULL;118OM_uint32 major, junk;119krb5_data data;120121*cred_handle = GSS_C_NO_CREDENTIAL;122123if (token->length == 0) {124*minor_status = ENOMEM;125return GSS_S_FAILURE;126}127128sp = krb5_storage_from_readonly_mem(token->value, token->length);129if (sp == NULL) {130*minor_status = ENOMEM;131return GSS_S_FAILURE;132}133134cred = calloc(1, sizeof(struct _gss_cred));135if (cred == NULL) {136krb5_storage_free(sp);137*minor_status = ENOMEM;138return GSS_S_FAILURE;139}140HEIM_SLIST_INIT(&cred->gc_mc);141142*cred_handle = (gss_cred_id_t)cred;143144while(1) {145struct _gss_mechanism_cred *mc;146gss_buffer_desc buffer;147gss_cred_id_t mcred;148gss_OID_desc oid;149150ret = krb5_ret_data(sp, &data);151if (ret == HEIM_ERR_EOF) {152break;153} else if (ret) {154*minor_status = ret;155major = GSS_S_FAILURE;156goto out;157}158oid.elements = data.data;159oid.length = data.length;160161m = __gss_get_mechanism(&oid);162krb5_data_free(&data);163if (!m) {164*minor_status = 0;165major = GSS_S_BAD_MECH;166goto out;167}168169if (m->gm_import_cred == NULL) {170*minor_status = 0;171major = GSS_S_BAD_MECH;172goto out;173}174175ret = krb5_ret_data(sp, &data);176if (ret) {177*minor_status = ret;178major = GSS_S_FAILURE;179goto out;180}181182buffer.value = data.data;183buffer.length = data.length;184185major = m->gm_import_cred(minor_status,186&buffer, &mcred);187krb5_data_free(&data);188if (major) {189goto out;190}191192mc = malloc(sizeof(struct _gss_mechanism_cred));193if (mc == NULL) {194*minor_status = EINVAL;195major = GSS_S_FAILURE;196goto out;197}198199mc->gmc_mech = m;200mc->gmc_mech_oid = &m->gm_mech_oid;201mc->gmc_cred = mcred;202203HEIM_SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);204}205krb5_storage_free(sp);206sp = NULL;207208if (HEIM_SLIST_EMPTY(&cred->gc_mc)) {209major = GSS_S_NO_CRED;210goto out;211}212213return GSS_S_COMPLETE;214215out:216if (sp)217krb5_storage_free(sp);218219gss_release_cred(&junk, cred_handle);220221return major;222223}224225226