xref: /freebsd/crypto/heimdal/lib/gssapi/krb5/inquire_cred.c (revision 2e3f49888ec8851bafb22011533217487764fdb0) 
1 /*
2  * Copyright (c) 1997, 2003 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "gsskrb5_locl.h"
35 
36 OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
37 (OM_uint32 * minor_status,
38  const gss_cred_id_t cred_handle,
39  gss_name_t * output_name,
40  OM_uint32 * lifetime,
41  gss_cred_usage_t * cred_usage,
42  gss_OID_set * mechanisms
43     )
44 {
45     krb5_context context;
46     gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL;
47     gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL;
48     gsskrb5_cred acred = NULL, icred = NULL;
49     OM_uint32 ret;
50 
51     *minor_status = 0;
52 
53     if (output_name)
54 	*output_name = NULL;
55     if (mechanisms)
56 	*mechanisms = GSS_C_NO_OID_SET;
57 
58     GSSAPI_KRB5_INIT (&context);
59 
60     if (cred_handle == GSS_C_NO_CREDENTIAL) {
61 	ret = _gsskrb5_acquire_cred(minor_status,
62 				    GSS_C_NO_NAME,
63 				    GSS_C_INDEFINITE,
64 				    GSS_C_NO_OID_SET,
65 				    GSS_C_ACCEPT,
66 				    &aqcred_accept,
67 				    NULL,
68 				    NULL);
69 	if (ret == GSS_S_COMPLETE)
70 	    acred = (gsskrb5_cred)aqcred_accept;
71 
72 	ret = _gsskrb5_acquire_cred(minor_status,
73 				    GSS_C_NO_NAME,
74 				    GSS_C_INDEFINITE,
75 				    GSS_C_NO_OID_SET,
76 				    GSS_C_INITIATE,
77 				    &aqcred_init,
78 				    NULL,
79 				    NULL);
80 	if (ret == GSS_S_COMPLETE)
81 	    icred = (gsskrb5_cred)aqcred_init;
82 
83 	if (icred == NULL && acred == NULL) {
84 	    *minor_status = 0;
85 	    return GSS_S_NO_CRED;
86 	}
87     } else
88 	acred = (gsskrb5_cred)cred_handle;
89 
90     if (acred)
91 	HEIMDAL_MUTEX_lock(&acred->cred_id_mutex);
92     if (icred)
93 	HEIMDAL_MUTEX_lock(&icred->cred_id_mutex);
94 
95     if (output_name != NULL) {
96 	if (icred && icred->principal != NULL) {
97 	    gss_name_t name;
98 
99 	    if (acred && acred->principal)
100 		name = (gss_name_t)acred->principal;
101 	    else
102 		name = (gss_name_t)icred->principal;
103 
104             ret = _gsskrb5_duplicate_name(minor_status, name, output_name);
105             if (ret)
106 		goto out;
107 	} else if (acred && acred->usage == GSS_C_ACCEPT) {
108 	    krb5_principal princ;
109 	    *minor_status = krb5_sname_to_principal(context, NULL,
110 						    NULL, KRB5_NT_SRV_HST,
111 						    &princ);
112 	    if (*minor_status) {
113 		ret = GSS_S_FAILURE;
114 		goto out;
115 	    }
116 	    *output_name = (gss_name_t)princ;
117 	} else {
118 	    krb5_principal princ;
119 	    *minor_status = krb5_get_default_principal(context,
120 						       &princ);
121 	    if (*minor_status) {
122 		ret = GSS_S_FAILURE;
123 		goto out;
124 	    }
125 	    *output_name = (gss_name_t)princ;
126 	}
127     }
128     if (lifetime != NULL) {
129 	OM_uint32 alife = GSS_C_INDEFINITE, ilife = GSS_C_INDEFINITE;
130 
131 	if (acred) alife = acred->lifetime;
132 	if (icred) ilife = icred->lifetime;
133 
134 	ret = _gsskrb5_lifetime_left(minor_status,
135 				     context,
136 				     min(alife,ilife),
137 				     lifetime);
138 	if (ret)
139 	    goto out;
140     }
141     if (cred_usage != NULL) {
142 	if (acred && icred)
143 	    *cred_usage = GSS_C_BOTH;
144 	else if (acred)
145 	    *cred_usage = GSS_C_ACCEPT;
146 	else if (icred)
147 	    *cred_usage = GSS_C_INITIATE;
148 	else
149 	    abort();
150     }
151 
152     if (mechanisms != NULL) {
153         ret = gss_create_empty_oid_set(minor_status, mechanisms);
154         if (ret)
155 	    goto out;
156 	if (acred)
157 	    ret = gss_add_oid_set_member(minor_status,
158 					 &acred->mechanisms->elements[0],
159 					 mechanisms);
160 	if (ret == GSS_S_COMPLETE && icred)
161 	    ret = gss_add_oid_set_member(minor_status,
162 					 &icred->mechanisms->elements[0],
163 					 mechanisms);
164         if (ret)
165 	    goto out;
166     }
167     ret = GSS_S_COMPLETE;
168 out:
169     if (acred)
170 	HEIMDAL_MUTEX_unlock(&acred->cred_id_mutex);
171     if (icred)
172 	HEIMDAL_MUTEX_unlock(&icred->cred_id_mutex);
173 
174     if (aqcred_init != GSS_C_NO_CREDENTIAL)
175 	ret = _gsskrb5_release_cred(minor_status, &aqcred_init);
176     if (aqcred_accept != GSS_C_NO_CREDENTIAL)
177 	ret = _gsskrb5_release_cred(minor_status, &aqcred_accept);
178 
179     return ret;
180 }
181