xref: /freebsd/crypto/krb5/src/lib/gssapi/krb5/process_context_token.c (revision f1c4c3daccbaf3820f0e2224de53df12fc952fcc) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /*
3  * Copyright 1993 by OpenVision Technologies, Inc.
4  *
5  * Permission to use, copy, modify, distribute, and sell this software
6  * and its documentation for any purpose is hereby granted without fee,
7  * provided that the above copyright notice appears in all copies and
8  * that both that copyright notice and this permission notice appear in
9  * supporting documentation, and that the name of OpenVision not be used
10  * in advertising or publicity pertaining to distribution of the software
11  * without specific, written prior permission. OpenVision makes no
12  * representations about the suitability of this software for any
13  * purpose.  It is provided "as is" without express or implied warranty.
14  *
15  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
16  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
17  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
18  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
19  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
20  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
21  * PERFORMANCE OF THIS SOFTWARE.
22  */
23 
24 #include "gssapiP_krb5.h"
25 
26 /*
27  * $Id$
28  */
29 
30 OM_uint32 KRB5_CALLCONV
krb5_gss_process_context_token(OM_uint32 * minor_status,gss_ctx_id_t context_handle,gss_buffer_t token_buffer)31 krb5_gss_process_context_token(OM_uint32 *minor_status,
32                                gss_ctx_id_t context_handle,
33                                gss_buffer_t token_buffer)
34 {
35     krb5_gss_ctx_id_rec *ctx;
36     OM_uint32 majerr;
37     struct k5input in;
38     gss_buffer_desc empty = { 0 };
39 
40     ctx = (krb5_gss_ctx_id_t) context_handle;
41 
42     if (ctx->terminated || !ctx->established) {
43         *minor_status = KG_CTX_INCOMPLETE;
44         return(GSS_S_NO_CONTEXT);
45     }
46 
47     /* We only support context deletion tokens for now, and RFC 4121 does not
48      * define a context deletion token. */
49     if (ctx->proto) {
50         *minor_status = 0;
51         return(GSS_S_DEFECTIVE_TOKEN);
52     }
53 
54     k5_input_init(&in, token_buffer->value, token_buffer->length);
55     (void)g_verify_token_header(&in, ctx->mech_used);
56 
57     majerr = kg_verify_mic_v1(ctx->k5_context, minor_status, ctx,
58                               KG_TOK_DEL_CTX, &in, &empty);
59     if (GSS_ERROR(majerr)) {
60         save_error_info(*minor_status, ctx->k5_context);
61         return(majerr);
62     }
63 
64     /* Mark the context as terminated, but do not delete it (as that would
65      * leave the caller with a dangling context handle). */
66     ctx->terminated = 1;
67     return(GSS_S_COMPLETE);
68 }
69