xref: /freebsd/crypto/krb5/src/lib/gssapi/mechglue/g_inq_cred.c (revision f1c4c3daccbaf3820f0e2224de53df12fc952fcc) 
1 /* #pragma ident	"@(#)g_inquire_cred.c	1.16	04/02/23 SMI" */
2 
3 /*
4  * Copyright 1996 by Sun Microsystems, Inc.
5  *
6  * Permission to use, copy, modify, distribute, and sell this software
7  * and its documentation for any purpose is hereby granted without fee,
8  * provided that the above copyright notice appears in all copies and
9  * that both that copyright notice and this permission notice appear in
10  * supporting documentation, and that the name of Sun Microsystems not be used
11  * in advertising or publicity pertaining to distribution of the software
12  * without specific, written prior permission. Sun Microsystems makes no
13  * representations about the suitability of this software for any
14  * purpose.  It is provided "as is" without express or implied warranty.
15  *
16  * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
17  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
18  * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
19  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
20  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
21  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
22  * PERFORMANCE OF THIS SOFTWARE.
23  */
24 
25 /*
26  *  glue routine for gss_inquire_cred
27  */
28 
29 #include "mglueP.h"
30 #include <stdio.h>
31 #ifdef HAVE_STDLIB_H
32 #include <stdlib.h>
33 #endif
34 #include <string.h>
35 #include <time.h>
36 
37 OM_uint32 KRB5_CALLCONV
gss_inquire_cred(OM_uint32 * minor_status,gss_cred_id_t cred_handle,gss_name_t * name,OM_uint32 * lifetime,int * cred_usage,gss_OID_set * mechanisms)38 gss_inquire_cred(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
39 		 gss_name_t *name, OM_uint32 *lifetime, int *cred_usage,
40 		 gss_OID_set *mechanisms)
41 {
42     OM_uint32		status, temp_minor_status;
43     gss_union_cred_t	union_cred;
44     gss_mechanism	mech;
45     gss_cred_id_t	mech_cred;
46     gss_name_t		mech_name;
47     gss_OID_set		mechs = NULL;
48 
49     /* Initialize outputs. */
50 
51     if (minor_status != NULL)
52 	*minor_status = 0;
53 
54     if (name != NULL)
55 	*name = GSS_C_NO_NAME;
56 
57     if (mechanisms != NULL)
58 	*mechanisms = GSS_C_NO_OID_SET;
59 
60     /* Validate arguments. */
61     if (minor_status == NULL)
62 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
63 
64     /*
65      * XXX We should iterate over all mechanisms in the credential and
66      * aggregate the results.  This requires a union name structure containing
67      * multiple mechanism names, which we don't currently have.  For now,
68      * inquire the first mechanism in the credential; this is consistent with
69      * our historical behavior.
70      */
71 
72     /* Determine mechanism and mechanism credential. */
73     if (cred_handle != GSS_C_NO_CREDENTIAL) {
74 	union_cred = (gss_union_cred_t) cred_handle;
75 	if (union_cred->count <= 0)
76 	    return (GSS_S_DEFECTIVE_CREDENTIAL);
77 	mech_cred = union_cred->cred_array[0];
78 	mech = gssint_get_mechanism(&union_cred->mechs_array[0]);
79     } else {
80 	union_cred = NULL;
81 	mech_cred = GSS_C_NO_CREDENTIAL;
82 	mech = gssint_get_mechanism(GSS_C_NULL_OID);
83     }
84 
85     /* Skip the call into the mech if the caller doesn't care about any of the
86      * values we would ask for. */
87     if (name != NULL || lifetime != NULL || cred_usage != NULL) {
88 	if (mech == NULL)
89 	    return (GSS_S_DEFECTIVE_CREDENTIAL);
90 	if (!mech->gss_inquire_cred)
91 	    return (GSS_S_UNAVAILABLE);
92 
93 	status = mech->gss_inquire_cred(minor_status, mech_cred,
94 					name ? &mech_name : NULL,
95 					lifetime, cred_usage, NULL);
96 	if (status != GSS_S_COMPLETE) {
97 	    map_error(minor_status, mech);
98 	    return(status);
99 	}
100 
101 	if (name) {
102 	    /* Convert mech_name into a union_name equivalent. */
103 	    status = gssint_convert_name_to_union_name(&temp_minor_status,
104 						       mech, mech_name, name);
105 	    if (status != GSS_S_COMPLETE) {
106 		*minor_status = temp_minor_status;
107 		map_error(minor_status, mech);
108 		return (status);
109 	    }
110 	}
111     }
112 
113     /*
114      * copy the mechanism set in union_cred into an OID set and return in
115      * the mechanisms parameter.
116      */
117 
118     if(mechanisms != NULL) {
119 	if (union_cred) {
120 	    status = gssint_make_public_oid_set(minor_status,
121 						union_cred->mechs_array,
122 						union_cred->count, &mechs);
123 	    if (GSS_ERROR(status))
124 		goto error;
125 	} else {
126 	    status = gss_create_empty_oid_set(minor_status, &mechs);
127 	    if (GSS_ERROR(status))
128 		goto error;
129 
130 	    status = gss_add_oid_set_member(minor_status,
131 					    &mech->mech_type, &mechs);
132 	    if (GSS_ERROR(status))
133 		goto error;
134 	}
135 	*mechanisms = mechs;
136     }
137 
138     return(GSS_S_COMPLETE);
139 
140 error:
141     if (mechs != NULL)
142 	(void) gss_release_oid_set(&temp_minor_status, &mechs);
143 
144     if (name && *name != NULL)
145 	(void) gss_release_name(&temp_minor_status, name);
146 
147     return (status);
148 }
149 
150 OM_uint32 KRB5_CALLCONV
gss_inquire_cred_by_mech(OM_uint32 * minor_status,gss_cred_id_t cred_handle,gss_OID mech_type,gss_name_t * name,OM_uint32 * initiator_lifetime,OM_uint32 * acceptor_lifetime,gss_cred_usage_t * cred_usage)151 gss_inquire_cred_by_mech(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
152 			 gss_OID mech_type, gss_name_t *name,
153 			 OM_uint32 *initiator_lifetime,
154 			 OM_uint32 *acceptor_lifetime,
155 			 gss_cred_usage_t *cred_usage)
156 {
157     gss_union_cred_t	union_cred;
158     gss_cred_id_t	mech_cred;
159     gss_mechanism	mech;
160     OM_uint32		status, temp_minor_status;
161     gss_name_t		internal_name;
162     gss_OID		selected_mech, public_mech;
163 
164     if (minor_status != NULL)
165 	*minor_status = 0;
166 
167     if (name != NULL)
168 	*name = GSS_C_NO_NAME;
169 
170     if (minor_status == NULL)
171 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
172 
173     status = gssint_select_mech_type(minor_status, mech_type, &selected_mech);
174     if (status != GSS_S_COMPLETE)
175 	return (status);
176 
177     mech = gssint_get_mechanism(selected_mech);
178     if (!mech)
179 	return (GSS_S_BAD_MECH);
180     if (!mech->gss_inquire_cred_by_mech)
181 	return (GSS_S_BAD_BINDINGS);
182 
183     union_cred = (gss_union_cred_t) cred_handle;
184     mech_cred = gssint_get_mechanism_cred(union_cred, selected_mech);
185     if (cred_handle != GSS_C_NO_CREDENTIAL && mech_cred == GSS_C_NO_CREDENTIAL)
186 	return (GSS_S_NO_CRED);
187 
188     public_mech = gssint_get_public_oid(selected_mech);
189     status = mech->gss_inquire_cred_by_mech(minor_status,
190 					    mech_cred, public_mech,
191 					    name ? &internal_name : NULL,
192 					    initiator_lifetime,
193 					    acceptor_lifetime, cred_usage);
194 
195     if (status != GSS_S_COMPLETE) {
196 	map_error(minor_status, mech);
197 	return (status);
198     }
199 
200     if (name) {
201 	/*
202 	 * Convert internal_name into a union_name equivalent.
203 	 */
204 	status = gssint_convert_name_to_union_name(
205 	    &temp_minor_status, mech,
206 	    internal_name, name);
207 	if (status != GSS_S_COMPLETE) {
208 	    *minor_status = temp_minor_status;
209 	    map_error(minor_status, mech);
210 	    return (status);
211 	}
212     }
213 
214     return (GSS_S_COMPLETE);
215 }
216