1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* 3 * Copyright (C) 2011 by the Massachusetts Institute of Technology. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * * Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * * Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 21 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 22 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 23 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 24 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 27 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 29 * OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * This file contains dispatch functions for the three GSSAPI extensions 34 * described in draft-zhu-negoex-04, renamed to use the gssspi_ prefix. Since 35 * the only caller of these functions is SPNEGO, argument validation is 36 * omitted. 37 */ 38 39 #include "mglueP.h" 40 41 OM_uint32 KRB5_CALLCONV 42 gssspi_query_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid, 43 gss_cred_id_t cred_handle, gss_ctx_id_t *context_handle, 44 const gss_name_t targ_name, OM_uint32 req_flags, 45 gss_buffer_t meta_data) 46 { 47 OM_uint32 status, minor; 48 gss_union_ctx_id_t ctx = (gss_union_ctx_id_t)*context_handle; 49 gss_union_cred_t cred = (gss_union_cred_t)cred_handle; 50 gss_union_name_t union_name = (gss_union_name_t)targ_name; 51 gss_mechanism mech; 52 gss_OID selected_mech, public_mech; 53 gss_cred_id_t internal_cred = GSS_C_NO_CREDENTIAL; 54 gss_name_t internal_name = GSS_C_NO_NAME, imported_name = GSS_C_NO_NAME; 55 gss_ctx_id_t new_ctx = GSS_C_NO_CONTEXT, *internal_ctx; 56 57 *minor_status = 0; 58 meta_data->length = 0; 59 meta_data->value = NULL; 60 61 status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech); 62 if (status != GSS_S_COMPLETE) 63 return status; 64 public_mech = gssint_get_public_oid(selected_mech); 65 66 mech = gssint_get_mechanism(selected_mech); 67 if (mech == NULL) 68 return GSS_S_BAD_MECH; 69 if (mech->gssspi_query_meta_data == NULL) 70 return GSS_S_UNAVAILABLE; 71 72 if (cred != NULL) { 73 internal_cred = gssint_get_mechanism_cred(cred, selected_mech); 74 if (internal_cred == GSS_C_NO_CREDENTIAL) 75 return GSS_S_NO_CRED; 76 } 77 78 if (union_name != NULL) { 79 if (union_name->mech_type != GSS_C_NO_OID && 80 g_OID_equal(union_name->mech_type, selected_mech)) { 81 internal_name = union_name->mech_name; 82 } else { 83 status = gssint_import_internal_name(minor_status, selected_mech, 84 union_name, &imported_name); 85 if (status != GSS_S_COMPLETE) 86 goto cleanup; 87 internal_name = imported_name; 88 } 89 } 90 91 internal_ctx = (ctx != NULL) ? &ctx->internal_ctx_id : &new_ctx; 92 status = mech->gssspi_query_meta_data(minor_status, public_mech, 93 internal_cred, internal_ctx, 94 internal_name, req_flags, meta_data); 95 if (status != GSS_S_COMPLETE) { 96 map_error(minor_status, mech); 97 goto cleanup; 98 } 99 100 /* If the mech created a context, wrap it in a union context. */ 101 if (new_ctx != GSS_C_NO_CONTEXT) { 102 assert(ctx == NULL); 103 status = gssint_create_union_context(minor_status, selected_mech, 104 &ctx); 105 if (status != GSS_S_COMPLETE) 106 goto cleanup; 107 108 ctx->internal_ctx_id = new_ctx; 109 new_ctx = GSS_C_NO_CONTEXT; 110 *context_handle = (gss_ctx_id_t)ctx; 111 } 112 113 cleanup: 114 if (imported_name != GSS_C_NO_NAME) { 115 (void)gssint_release_internal_name(&minor, selected_mech, 116 &imported_name); 117 } 118 if (new_ctx != GSS_C_NO_CONTEXT) { 119 (void)gssint_delete_internal_sec_context(&minor, &mech->mech_type, 120 &new_ctx, GSS_C_NO_BUFFER); 121 } 122 return status; 123 } 124 125 OM_uint32 KRB5_CALLCONV 126 gssspi_exchange_meta_data(OM_uint32 *minor_status, gss_const_OID mech_oid, 127 gss_cred_id_t cred_handle, 128 gss_ctx_id_t *context_handle, 129 const gss_name_t targ_name, OM_uint32 req_flags, 130 gss_const_buffer_t meta_data) 131 { 132 OM_uint32 status, minor; 133 gss_union_ctx_id_t ctx = (gss_union_ctx_id_t)*context_handle; 134 gss_union_cred_t cred = (gss_union_cred_t)cred_handle; 135 gss_union_name_t union_name = (gss_union_name_t)targ_name; 136 gss_mechanism mech; 137 gss_OID selected_mech, public_mech; 138 gss_cred_id_t internal_cred = GSS_C_NO_CREDENTIAL; 139 gss_name_t internal_name = GSS_C_NO_NAME, imported_name = GSS_C_NO_NAME; 140 gss_ctx_id_t new_ctx = GSS_C_NO_CONTEXT, *internal_ctx; 141 142 *minor_status = 0; 143 144 status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech); 145 if (status != GSS_S_COMPLETE) 146 return status; 147 public_mech = gssint_get_public_oid(selected_mech); 148 149 mech = gssint_get_mechanism(selected_mech); 150 if (mech == NULL) 151 return GSS_S_BAD_MECH; 152 if (mech->gssspi_exchange_meta_data == NULL) 153 return GSS_S_UNAVAILABLE; 154 155 if (cred != NULL) { 156 internal_cred = gssint_get_mechanism_cred(cred, selected_mech); 157 if (internal_cred == GSS_C_NO_CREDENTIAL) 158 return GSS_S_NO_CRED; 159 } 160 161 if (union_name != NULL) { 162 if (union_name->mech_type != GSS_C_NO_OID && 163 g_OID_equal(union_name->mech_type, selected_mech)) { 164 internal_name = union_name->mech_name; 165 } else { 166 status = gssint_import_internal_name(minor_status, selected_mech, 167 union_name, &imported_name); 168 if (GSS_ERROR(status)) 169 return status; 170 internal_name = imported_name; 171 } 172 } 173 174 internal_ctx = (ctx != NULL) ? &ctx->internal_ctx_id : &new_ctx; 175 status = mech->gssspi_exchange_meta_data(minor_status, public_mech, 176 internal_cred, internal_ctx, 177 internal_name, req_flags, 178 meta_data); 179 if (status != GSS_S_COMPLETE) { 180 map_error(minor_status, mech); 181 goto cleanup; 182 } 183 184 /* If the mech created a context, wrap it in a union context. */ 185 if (new_ctx != GSS_C_NO_CONTEXT) { 186 assert(ctx == NULL); 187 status = gssint_create_union_context(minor_status, selected_mech, 188 &ctx); 189 if (status != GSS_S_COMPLETE) 190 goto cleanup; 191 192 ctx->internal_ctx_id = new_ctx; 193 new_ctx = GSS_C_NO_CONTEXT; 194 *context_handle = (gss_ctx_id_t)ctx; 195 } 196 197 cleanup: 198 if (imported_name != GSS_C_NO_NAME) { 199 (void)gssint_release_internal_name(&minor, selected_mech, 200 &imported_name); 201 } 202 if (new_ctx != GSS_C_NO_CONTEXT) { 203 (void)gssint_delete_internal_sec_context(&minor, &mech->mech_type, 204 &new_ctx, GSS_C_NO_BUFFER); 205 } 206 return status; 207 } 208 209 OM_uint32 KRB5_CALLCONV 210 gssspi_query_mechanism_info(OM_uint32 *minor_status, gss_const_OID mech_oid, 211 unsigned char auth_scheme[16]) 212 { 213 OM_uint32 status; 214 gss_OID selected_mech, public_mech; 215 gss_mechanism mech; 216 217 *minor_status = 0; 218 memset(auth_scheme, 0, 16); 219 220 status = gssint_select_mech_type(minor_status, mech_oid, &selected_mech); 221 if (status != GSS_S_COMPLETE) 222 return status; 223 public_mech = gssint_get_public_oid(selected_mech); 224 225 mech = gssint_get_mechanism(selected_mech); 226 if (mech == NULL) 227 return GSS_S_BAD_MECH; 228 if (mech->gssspi_query_mechanism_info == NULL) 229 return GSS_S_UNAVAILABLE; 230 231 status = mech->gssspi_query_mechanism_info(minor_status, public_mech, 232 auth_scheme); 233 if (GSS_ERROR(status)) 234 map_error(minor_status, mech); 235 236 return status; 237 } 238