CoCalc -- g_negoex.c

GitHub Repository: freebsd/freebsd-src
Path: blob/main/crypto/krb5/src/lib/gssapi/mechglue/g_negoex.c
³⁹⁵⁸⁶ views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2
/*
3
 * Copyright (C) 2011 by the Massachusetts Institute of Technology.
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * * Redistributions of source code must retain the above copyright
11
 *   notice, this list of conditions and the following disclaimer.
12
 *
13
 * * Redistributions in binary form must reproduce the above copyright
14
 *   notice, this list of conditions and the following disclaimer in
15
 *   the documentation and/or other materials provided with the
16
 *   distribution.
17
 *
18
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22
 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
25
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
29
 * OF THE POSSIBILITY OF SUCH DAMAGE.
30
 */
31

32
/*
33
 * This file contains dispatch functions for the three GSSAPI extensions
34
 * described in draft-zhu-negoex-04, renamed to use the gssspi_ prefix.  Since
35
 * the only caller of these functions is SPNEGO, argument validation is
36
 * omitted.
37
 */
38

39
#include "mglueP.h"
40

41
OM_uint32 KRB5_CALLCONV
42
gssspi_query_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
43
                       gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle,
44
                       const gss_name_t targ_name, OM_uint32 req_flags,
45
                       gss_buffer_t meta_data)
46
{
47
    OM_uint32 status, minor;
48
    gss_union_ctx_id_t ctx = (gss_union_ctx_id_t)*context_handle;
49
    gss_union_cred_t cred = (gss_union_cred_t)cred_handle;
50
    gss_union_name_t union_name = (gss_union_name_t)targ_name;
51
    gss_mechanism mech;
52
    gss_OID selected_mech, public_mech;
53
    gss_cred_id_t internal_cred = GSS_C_NO_CREDENTIAL;
54
    gss_name_t internal_name = GSS_C_NO_NAME, imported_name = GSS_C_NO_NAME;
55
    gss_ctx_id_t new_ctx = GSS_C_NO_CONTEXT, *internal_ctx;
56

57
    *minor_status = 0;
58
    meta_data->length = 0;
59
    meta_data->value = NULL;
60

61
    status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech);
62
    if (status != GSS_S_COMPLETE)
63
        return status;
64
    public_mech = gssint_get_public_oid(selected_mech);
65

66
    mech = gssint_get_mechanism(selected_mech);
67
    if (mech == NULL)
68
        return GSS_S_BAD_MECH;
69
    if (mech->gssspi_query_meta_data == NULL)
70
        return GSS_S_UNAVAILABLE;
71

72
    if (cred != NULL) {
73
        internal_cred = gssint_get_mechanism_cred(cred, selected_mech);
74
        if (internal_cred == GSS_C_NO_CREDENTIAL)
75
            return GSS_S_NO_CRED;
76
    }
77

78
    if (union_name != NULL) {
79
        if (union_name->mech_type != GSS_C_NO_OID &&
80
            g_OID_equal(union_name->mech_type, selected_mech)) {
81
            internal_name = union_name->mech_name;
82
        } else {
83
            status = gssint_import_internal_name(minor_status, selected_mech,
84
                                                 union_name, &imported_name);
85
            if (status != GSS_S_COMPLETE)
86
                goto cleanup;
87
            internal_name = imported_name;
88
        }
89
    }
90

91
    internal_ctx = (ctx != NULL) ? &ctx->internal_ctx_id : &new_ctx;
92
    status = mech->gssspi_query_meta_data(minor_status, public_mech,
93
                                          internal_cred, internal_ctx,
94
                                          internal_name, req_flags, meta_data);
95
    if (status != GSS_S_COMPLETE) {
96
        map_error(minor_status, mech);
97
        goto cleanup;
98
    }
99

100
    /* If the mech created a context, wrap it in a union context. */
101
    if (new_ctx != GSS_C_NO_CONTEXT) {
102
        assert(ctx == NULL);
103
        status = gssint_create_union_context(minor_status, selected_mech,
104
                                             &ctx);
105
        if (status != GSS_S_COMPLETE)
106
            goto cleanup;
107

108
        ctx->internal_ctx_id = new_ctx;
109
        new_ctx = GSS_C_NO_CONTEXT;
110
        *context_handle = (gss_ctx_id_t)ctx;
111
    }
112

113
cleanup:
114
    if (imported_name != GSS_C_NO_NAME) {
115
        (void)gssint_release_internal_name(&minor, selected_mech,
116
                                           &imported_name);
117
    }
118
    if (new_ctx != GSS_C_NO_CONTEXT) {
119
        (void)gssint_delete_internal_sec_context(&minor, &mech->mech_type,
120
                                                 &new_ctx, GSS_C_NO_BUFFER);
121
    }
122
    return status;
123
}
124

125
OM_uint32 KRB5_CALLCONV
126
gssspi_exchange_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid,
127
                          gss_cred_id_t cred_handle,
128
                          gss_ctx_id_t *context_handle,
129
                          const gss_name_t targ_name, OM_uint32 req_flags,
130
                          gss_const_buffer_t meta_data)
131
{
132
    OM_uint32 status, minor;
133
    gss_union_ctx_id_t ctx = (gss_union_ctx_id_t)*context_handle;
134
    gss_union_cred_t cred = (gss_union_cred_t)cred_handle;
135
    gss_union_name_t union_name = (gss_union_name_t)targ_name;
136
    gss_mechanism mech;
137
    gss_OID selected_mech, public_mech;
138
    gss_cred_id_t internal_cred = GSS_C_NO_CREDENTIAL;
139
    gss_name_t internal_name = GSS_C_NO_NAME, imported_name = GSS_C_NO_NAME;
140
    gss_ctx_id_t new_ctx = GSS_C_NO_CONTEXT, *internal_ctx;
141

142
    *minor_status = 0;
143

144
    status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech);
145
    if (status != GSS_S_COMPLETE)
146
        return status;
147
    public_mech = gssint_get_public_oid(selected_mech);
148

149
    mech = gssint_get_mechanism(selected_mech);
150
    if (mech == NULL)
151
        return GSS_S_BAD_MECH;
152
    if (mech->gssspi_exchange_meta_data == NULL)
153
        return GSS_S_UNAVAILABLE;
154

155
    if (cred != NULL) {
156
        internal_cred = gssint_get_mechanism_cred(cred, selected_mech);
157
        if (internal_cred == GSS_C_NO_CREDENTIAL)
158
            return GSS_S_NO_CRED;
159
    }
160

161
    if (union_name != NULL) {
162
        if (union_name->mech_type != GSS_C_NO_OID &&
163
            g_OID_equal(union_name->mech_type, selected_mech)) {
164
            internal_name = union_name->mech_name;
165
        } else {
166
            status = gssint_import_internal_name(minor_status, selected_mech,
167
                                                 union_name, &imported_name);
168
            if (GSS_ERROR(status))
169
                return status;
170
            internal_name = imported_name;
171
        }
172
    }
173

174
    internal_ctx = (ctx != NULL) ? &ctx->internal_ctx_id : &new_ctx;
175
    status = mech->gssspi_exchange_meta_data(minor_status, public_mech,
176
                                             internal_cred, internal_ctx,
177
                                             internal_name, req_flags,
178
                                             meta_data);
179
    if (status != GSS_S_COMPLETE) {
180
        map_error(minor_status, mech);
181
        goto cleanup;
182
    }
183

184
    /* If the mech created a context, wrap it in a union context. */
185
    if (new_ctx != GSS_C_NO_CONTEXT) {
186
        assert(ctx == NULL);
187
        status = gssint_create_union_context(minor_status, selected_mech,
188
                                             &ctx);
189
        if (status != GSS_S_COMPLETE)
190
            goto cleanup;
191

192
        ctx->internal_ctx_id = new_ctx;
193
        new_ctx = GSS_C_NO_CONTEXT;
194
        *context_handle = (gss_ctx_id_t)ctx;
195
    }
196

197
cleanup:
198
    if (imported_name != GSS_C_NO_NAME) {
199
        (void)gssint_release_internal_name(&minor, selected_mech,
200
                                           &imported_name);
201
    }
202
    if (new_ctx != GSS_C_NO_CONTEXT) {
203
        (void)gssint_delete_internal_sec_context(&minor, &mech->mech_type,
204
                                                 &new_ctx, GSS_C_NO_BUFFER);
205
    }
206
    return status;
207
}
208

209
OM_uint32 KRB5_CALLCONV
210
gssspi_query_mechanism_info(OM_uint32 *minor_status, gss_const_OID mech_oid,
211
                            unsigned char auth_scheme[16])
212
{
213
    OM_uint32 status;
214
    gss_OID selected_mech, public_mech;
215
    gss_mechanism mech;
216

217
    *minor_status = 0;
218
    memset(auth_scheme, 0, 16);
219

220
    status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech);
221
    if (status != GSS_S_COMPLETE)
222
        return status;
223
    public_mech = gssint_get_public_oid(selected_mech);
224

225
    mech = gssint_get_mechanism(selected_mech);
226
    if (mech == NULL)
227
        return GSS_S_BAD_MECH;
228
    if (mech->gssspi_query_mechanism_info == NULL)
229
        return GSS_S_UNAVAILABLE;
230

231
    status = mech->gssspi_query_mechanism_info(minor_status, public_mech,
232
                                               auth_scheme);
233
    if (GSS_ERROR(status))
234
        map_error(minor_status, mech);
235

236
    return status;
237
}
238

239
Product

Resources

Company
