xref: /freebsd/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c (revision ae77177087c655fc883075af4f425b37e032cd05) 
1c19800e8SDoug Rabson /*
2*ae771770SStanislav Sedov  * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
3c19800e8SDoug Rabson  * (Royal Institute of Technology, Stockholm, Sweden).
4c19800e8SDoug Rabson  * All rights reserved.
5c19800e8SDoug Rabson  *
6c19800e8SDoug Rabson  * Redistribution and use in source and binary forms, with or without
7c19800e8SDoug Rabson  * modification, are permitted provided that the following conditions
8c19800e8SDoug Rabson  * are met:
9c19800e8SDoug Rabson  *
10c19800e8SDoug Rabson  * 1. Redistributions of source code must retain the above copyright
11c19800e8SDoug Rabson  *    notice, this list of conditions and the following disclaimer.
12c19800e8SDoug Rabson  *
13c19800e8SDoug Rabson  * 2. Redistributions in binary form must reproduce the above copyright
14c19800e8SDoug Rabson  *    notice, this list of conditions and the following disclaimer in the
15c19800e8SDoug Rabson  *    documentation and/or other materials provided with the distribution.
16c19800e8SDoug Rabson  *
17c19800e8SDoug Rabson  * 3. Neither the name of the Institute nor the names of its contributors
18c19800e8SDoug Rabson  *    may be used to endorse or promote products derived from this software
19c19800e8SDoug Rabson  *    without specific prior written permission.
20c19800e8SDoug Rabson  *
21c19800e8SDoug Rabson  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22c19800e8SDoug Rabson  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23c19800e8SDoug Rabson  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24c19800e8SDoug Rabson  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25c19800e8SDoug Rabson  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26c19800e8SDoug Rabson  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27c19800e8SDoug Rabson  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28c19800e8SDoug Rabson  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29c19800e8SDoug Rabson  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30c19800e8SDoug Rabson  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31c19800e8SDoug Rabson  * SUCH DAMAGE.
32c19800e8SDoug Rabson  */
33c19800e8SDoug Rabson 
34*ae771770SStanislav Sedov #include "gsskrb5_locl.h"
35c19800e8SDoug Rabson 
36*ae771770SStanislav Sedov OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
37c19800e8SDoug Rabson (OM_uint32 * minor_status,
38c19800e8SDoug Rabson  const gss_cred_id_t cred_handle,
39c19800e8SDoug Rabson  gss_name_t * output_name,
40c19800e8SDoug Rabson  OM_uint32 * lifetime,
41c19800e8SDoug Rabson  gss_cred_usage_t * cred_usage,
42c19800e8SDoug Rabson  gss_OID_set * mechanisms
43c19800e8SDoug Rabson     )
44c19800e8SDoug Rabson {
45c19800e8SDoug Rabson     krb5_context context;
46c19800e8SDoug Rabson     gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL;
47c19800e8SDoug Rabson     gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL;
48c19800e8SDoug Rabson     gsskrb5_cred acred = NULL, icred = NULL;
49c19800e8SDoug Rabson     OM_uint32 ret;
50c19800e8SDoug Rabson 
51c19800e8SDoug Rabson     *minor_status = 0;
52c19800e8SDoug Rabson 
53c19800e8SDoug Rabson     if (output_name)
54c19800e8SDoug Rabson 	*output_name = NULL;
55c19800e8SDoug Rabson     if (mechanisms)
56c19800e8SDoug Rabson 	*mechanisms = GSS_C_NO_OID_SET;
57c19800e8SDoug Rabson 
58c19800e8SDoug Rabson     GSSAPI_KRB5_INIT (&context);
59c19800e8SDoug Rabson 
60c19800e8SDoug Rabson     if (cred_handle == GSS_C_NO_CREDENTIAL) {
61c19800e8SDoug Rabson 	ret = _gsskrb5_acquire_cred(minor_status,
62c19800e8SDoug Rabson 				    GSS_C_NO_NAME,
63c19800e8SDoug Rabson 				    GSS_C_INDEFINITE,
64c19800e8SDoug Rabson 				    GSS_C_NO_OID_SET,
65c19800e8SDoug Rabson 				    GSS_C_ACCEPT,
66c19800e8SDoug Rabson 				    &aqcred_accept,
67c19800e8SDoug Rabson 				    NULL,
68c19800e8SDoug Rabson 				    NULL);
69c19800e8SDoug Rabson 	if (ret == GSS_S_COMPLETE)
70c19800e8SDoug Rabson 	    acred = (gsskrb5_cred)aqcred_accept;
71c19800e8SDoug Rabson 
72c19800e8SDoug Rabson 	ret = _gsskrb5_acquire_cred(minor_status,
73c19800e8SDoug Rabson 				    GSS_C_NO_NAME,
74c19800e8SDoug Rabson 				    GSS_C_INDEFINITE,
75c19800e8SDoug Rabson 				    GSS_C_NO_OID_SET,
76c19800e8SDoug Rabson 				    GSS_C_INITIATE,
77c19800e8SDoug Rabson 				    &aqcred_init,
78c19800e8SDoug Rabson 				    NULL,
79c19800e8SDoug Rabson 				    NULL);
80c19800e8SDoug Rabson 	if (ret == GSS_S_COMPLETE)
81c19800e8SDoug Rabson 	    icred = (gsskrb5_cred)aqcred_init;
82c19800e8SDoug Rabson 
83c19800e8SDoug Rabson 	if (icred == NULL && acred == NULL) {
84c19800e8SDoug Rabson 	    *minor_status = 0;
85c19800e8SDoug Rabson 	    return GSS_S_NO_CRED;
86c19800e8SDoug Rabson 	}
87c19800e8SDoug Rabson     } else
88c19800e8SDoug Rabson 	acred = (gsskrb5_cred)cred_handle;
89c19800e8SDoug Rabson 
90c19800e8SDoug Rabson     if (acred)
91c19800e8SDoug Rabson 	HEIMDAL_MUTEX_lock(&acred->cred_id_mutex);
92c19800e8SDoug Rabson     if (icred)
93c19800e8SDoug Rabson 	HEIMDAL_MUTEX_lock(&icred->cred_id_mutex);
94c19800e8SDoug Rabson 
95c19800e8SDoug Rabson     if (output_name != NULL) {
96c19800e8SDoug Rabson 	if (icred && icred->principal != NULL) {
97c19800e8SDoug Rabson 	    gss_name_t name;
98c19800e8SDoug Rabson 
99c19800e8SDoug Rabson 	    if (acred && acred->principal)
100c19800e8SDoug Rabson 		name = (gss_name_t)acred->principal;
101c19800e8SDoug Rabson 	    else
102c19800e8SDoug Rabson 		name = (gss_name_t)icred->principal;
103c19800e8SDoug Rabson 
104c19800e8SDoug Rabson             ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
105c19800e8SDoug Rabson             if (ret)
106c19800e8SDoug Rabson 		goto out;
107c19800e8SDoug Rabson 	} else if (acred && acred->usage == GSS_C_ACCEPT) {
108c19800e8SDoug Rabson 	    krb5_principal princ;
109c19800e8SDoug Rabson 	    *minor_status = krb5_sname_to_principal(context, NULL,
110c19800e8SDoug Rabson 						    NULL, KRB5_NT_SRV_HST,
111c19800e8SDoug Rabson 						    &princ);
112c19800e8SDoug Rabson 	    if (*minor_status) {
113c19800e8SDoug Rabson 		ret = GSS_S_FAILURE;
114c19800e8SDoug Rabson 		goto out;
115c19800e8SDoug Rabson 	    }
116c19800e8SDoug Rabson 	    *output_name = (gss_name_t)princ;
117c19800e8SDoug Rabson 	} else {
118c19800e8SDoug Rabson 	    krb5_principal princ;
119c19800e8SDoug Rabson 	    *minor_status = krb5_get_default_principal(context,
120c19800e8SDoug Rabson 						       &princ);
121c19800e8SDoug Rabson 	    if (*minor_status) {
122c19800e8SDoug Rabson 		ret = GSS_S_FAILURE;
123c19800e8SDoug Rabson 		goto out;
124c19800e8SDoug Rabson 	    }
125c19800e8SDoug Rabson 	    *output_name = (gss_name_t)princ;
126c19800e8SDoug Rabson 	}
127c19800e8SDoug Rabson     }
128c19800e8SDoug Rabson     if (lifetime != NULL) {
129c19800e8SDoug Rabson 	OM_uint32 alife = GSS_C_INDEFINITE, ilife = GSS_C_INDEFINITE;
130c19800e8SDoug Rabson 
131c19800e8SDoug Rabson 	if (acred) alife = acred->lifetime;
132c19800e8SDoug Rabson 	if (icred) ilife = icred->lifetime;
133c19800e8SDoug Rabson 
134c19800e8SDoug Rabson 	ret = _gsskrb5_lifetime_left(minor_status,
135c19800e8SDoug Rabson 				     context,
136c19800e8SDoug Rabson 				     min(alife,ilife),
137c19800e8SDoug Rabson 				     lifetime);
138c19800e8SDoug Rabson 	if (ret)
139c19800e8SDoug Rabson 	    goto out;
140c19800e8SDoug Rabson     }
141c19800e8SDoug Rabson     if (cred_usage != NULL) {
142c19800e8SDoug Rabson 	if (acred && icred)
143c19800e8SDoug Rabson 	    *cred_usage = GSS_C_BOTH;
144c19800e8SDoug Rabson 	else if (acred)
145c19800e8SDoug Rabson 	    *cred_usage = GSS_C_ACCEPT;
146c19800e8SDoug Rabson 	else if (icred)
147c19800e8SDoug Rabson 	    *cred_usage = GSS_C_INITIATE;
148c19800e8SDoug Rabson 	else
149c19800e8SDoug Rabson 	    abort();
150c19800e8SDoug Rabson     }
151c19800e8SDoug Rabson 
152c19800e8SDoug Rabson     if (mechanisms != NULL) {
153c19800e8SDoug Rabson         ret = gss_create_empty_oid_set(minor_status, mechanisms);
154c19800e8SDoug Rabson         if (ret)
155c19800e8SDoug Rabson 	    goto out;
156c19800e8SDoug Rabson 	if (acred)
157c19800e8SDoug Rabson 	    ret = gss_add_oid_set_member(minor_status,
158c19800e8SDoug Rabson 					 &acred->mechanisms->elements[0],
159c19800e8SDoug Rabson 					 mechanisms);
160c19800e8SDoug Rabson 	if (ret == GSS_S_COMPLETE && icred)
161c19800e8SDoug Rabson 	    ret = gss_add_oid_set_member(minor_status,
162c19800e8SDoug Rabson 					 &icred->mechanisms->elements[0],
163c19800e8SDoug Rabson 					 mechanisms);
164c19800e8SDoug Rabson         if (ret)
165c19800e8SDoug Rabson 	    goto out;
166c19800e8SDoug Rabson     }
167c19800e8SDoug Rabson     ret = GSS_S_COMPLETE;
168c19800e8SDoug Rabson out:
169c19800e8SDoug Rabson     if (acred)
170c19800e8SDoug Rabson 	HEIMDAL_MUTEX_unlock(&acred->cred_id_mutex);
171c19800e8SDoug Rabson     if (icred)
172c19800e8SDoug Rabson 	HEIMDAL_MUTEX_unlock(&icred->cred_id_mutex);
173c19800e8SDoug Rabson 
174c19800e8SDoug Rabson     if (aqcred_init != GSS_C_NO_CREDENTIAL)
175c19800e8SDoug Rabson 	ret = _gsskrb5_release_cred(minor_status, &aqcred_init);
176c19800e8SDoug Rabson     if (aqcred_accept != GSS_C_NO_CREDENTIAL)
177c19800e8SDoug Rabson 	ret = _gsskrb5_release_cred(minor_status, &aqcred_accept);
178c19800e8SDoug Rabson 
179c19800e8SDoug Rabson     return ret;
180c19800e8SDoug Rabson }
181