1
/*
2
 * Copyright (c) 2004, PADL Software Pty Ltd.
3
 * All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 *
9
 * 1. Redistributions of source code must retain the above copyright
10
 *    notice, this list of conditions and the following disclaimer.
11
 *
12
 * 2. Redistributions in binary form must reproduce the above copyright
13
 *    notice, this list of conditions and the following disclaimer in the
14
 *    documentation and/or other materials provided with the distribution.
15
 *
16
 * 3. Neither the name of PADL Software nor the names of its contributors
17
 *    may be used to endorse or promote products derived from this software
18
 *    without specific prior written permission.
19
 *
20
 * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
21
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23
 * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
24
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30
 * SUCH DAMAGE.
31
 */
32

33
#include "spnego_locl.h"
34

35
OM_uint32 GSSAPI_CALLCONV
36
_gss_spnego_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle)
37
{
38
    OM_uint32 ret;
39

40
    *minor_status = 0;
41

42
    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL)
43
	return GSS_S_COMPLETE;
44

45
    ret = gss_release_cred(minor_status, cred_handle);
46

47
    *cred_handle = GSS_C_NO_CREDENTIAL;
48

49
    return ret;
50
}
51

52
/*
53
 * For now, just a simple wrapper that avoids recursion. When
54
 * we support gss_{get,set}_neg_mechs() we will need to expose
55
 * more functionality.
56
 */
57
OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
58
(OM_uint32 *minor_status,
59
 const gss_name_t desired_name,
60
 OM_uint32 time_req,
61
 const gss_OID_set desired_mechs,
62
 gss_cred_usage_t cred_usage,
63
 gss_cred_id_t * output_cred_handle,
64
 gss_OID_set * actual_mechs,
65
 OM_uint32 * time_rec
66
    )
67
{
68
    const spnego_name dname = (const spnego_name)desired_name;
69
    gss_name_t name = GSS_C_NO_NAME;
70
    OM_uint32 ret, tmp;
71
    gss_OID_set_desc actual_desired_mechs;
72
    gss_OID_set mechs;
73
    size_t i, j;
74

75
    *output_cred_handle = GSS_C_NO_CREDENTIAL;
76

77
    if (dname) {
78
	ret = gss_import_name(minor_status, &dname->value, &dname->type, &name);
79
	if (ret) {
80
	    return ret;
81
	}
82
    }
83

84
    ret = gss_indicate_mechs(minor_status, &mechs);
85
    if (ret != GSS_S_COMPLETE) {
86
	gss_release_name(minor_status, &name);
87
	return ret;
88
    }
89

90
    /* Remove ourselves from this list */
91
    actual_desired_mechs.count = mechs->count;
92
    actual_desired_mechs.elements = malloc(actual_desired_mechs.count *
93
					   sizeof(gss_OID_desc));
94
    if (actual_desired_mechs.elements == NULL) {
95
	*minor_status = ENOMEM;
96
	ret = GSS_S_FAILURE;
97
	goto out;
98
    }
99

100
    for (i = 0, j = 0; i < mechs->count; i++) {
101
	if (gss_oid_equal(&mechs->elements[i], GSS_SPNEGO_MECHANISM))
102
	    continue;
103

104
	actual_desired_mechs.elements[j] = mechs->elements[i];
105
	j++;
106
    }
107
    actual_desired_mechs.count = j;
108

109
    ret = gss_acquire_cred(minor_status, name,
110
			   time_req, &actual_desired_mechs,
111
			   cred_usage,
112
			   output_cred_handle,
113
			   actual_mechs, time_rec);
114
    if (ret != GSS_S_COMPLETE)
115
	goto out;
116

117
out:
118
    gss_release_name(minor_status, &name);
119
    gss_release_oid_set(&tmp, &mechs);
120
    if (actual_desired_mechs.elements != NULL) {
121
	free(actual_desired_mechs.elements);
122
    }
123
    if (ret != GSS_S_COMPLETE) {
124
	_gss_spnego_release_cred(&tmp, output_cred_handle);
125
    }
126

127
    return ret;
128
}
129

130
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred
131
           (OM_uint32 * minor_status,
132
            const gss_cred_id_t cred_handle,
133
            gss_name_t * name,
134
            OM_uint32 * lifetime,
135
            gss_cred_usage_t * cred_usage,
136
            gss_OID_set * mechanisms
137
           )
138
{
139
    spnego_name sname = NULL;
140
    OM_uint32 ret;
141

142
    if (cred_handle == GSS_C_NO_CREDENTIAL) {
143
	*minor_status = 0;
144
	return GSS_S_NO_CRED;
145
    }
146

147
    if (name) {
148
	sname = calloc(1, sizeof(*sname));
149
	if (sname == NULL) {
150
	    *minor_status = ENOMEM;
151
	    return GSS_S_FAILURE;
152
	}
153
    }
154

155
    ret = gss_inquire_cred(minor_status,
156
			   cred_handle,
157
			   sname ? &sname->mech : NULL,
158
			   lifetime,
159
			   cred_usage,
160
			   mechanisms);
161
    if (ret) {
162
	if (sname)
163
	    free(sname);
164
	return ret;
165
    }
166
    if (name)
167
	*name = (gss_name_t)sname;
168

169
    return ret;
170
}
171

172
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_mech (
173
            OM_uint32 * minor_status,
174
            const gss_cred_id_t cred_handle,
175
            const gss_OID mech_type,
176
            gss_name_t * name,
177
            OM_uint32 * initiator_lifetime,
178
            OM_uint32 * acceptor_lifetime,
179
            gss_cred_usage_t * cred_usage
180
           )
181
{
182
    spnego_name sname = NULL;
183
    OM_uint32 ret;
184

185
    if (cred_handle == GSS_C_NO_CREDENTIAL) {
186
	*minor_status = 0;
187
	return GSS_S_NO_CRED;
188
    }
189

190
    if (name) {
191
	sname = calloc(1, sizeof(*sname));
192
	if (sname == NULL) {
193
	    *minor_status = ENOMEM;
194
	    return GSS_S_FAILURE;
195
	}
196
    }
197

198
    ret = gss_inquire_cred_by_mech(minor_status,
199
				   cred_handle,
200
				   mech_type,
201
				   sname ? &sname->mech : NULL,
202
				   initiator_lifetime,
203
				   acceptor_lifetime,
204
				   cred_usage);
205

206
    if (ret) {
207
	if (sname)
208
	    free(sname);
209
	return ret;
210
    }
211
    if (name)
212
	*name = (gss_name_t)sname;
213

214
    return GSS_S_COMPLETE;
215
}
216

217
OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_cred_by_oid
218
           (OM_uint32 * minor_status,
219
            const gss_cred_id_t cred_handle,
220
            const gss_OID desired_object,
221
            gss_buffer_set_t *data_set)
222
{
223
    OM_uint32 ret;
224

225
    if (cred_handle == GSS_C_NO_CREDENTIAL) {
226
	*minor_status = 0;
227
	return GSS_S_NO_CRED;
228
    }
229

230
    ret = gss_inquire_cred_by_oid(minor_status,
231
				  cred_handle,
232
				  desired_object,
233
				  data_set);
234

235
    return ret;
236
}
237

238
OM_uint32 GSSAPI_CALLCONV
239
_gss_spnego_set_cred_option (OM_uint32 *minor_status,
240
			     gss_cred_id_t *cred_handle,
241
			     const gss_OID object,
242
			     const gss_buffer_t value)
243
{
244
    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
245
	*minor_status = 0;
246
	return GSS_S_NO_CRED;
247
    }
248

249
    return gss_set_cred_option(minor_status,
250
			      cred_handle,
251
			      object,
252
			      value);
253
}
254

255
#if 0
256

257
OM_uint32 GSSAPI_CALLCONV
258
_gss_spnego_export_cred (OM_uint32 *minor_status,
259
			 gss_cred_id_t cred_handle,
260
			 gss_buffer_t value)
261
{
262
    return gss_export_cred(minor_status, cred_handle, value);
263
}
264

265
OM_uint32 GSSAPI_CALLCONV
266
_gss_spnego_import_cred (OM_uint32 *minor_status,
267
			 gss_buffer_t value,
268
			 gss_cred_id_t *cred_handle)
269
{
270
    return gss_import_cred(minor_status, value, cred_handle);
271
}
272

273
#endif
274

275