1 /*- 2 * Copyright (c) 2005 Doug Rabson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD$ 27 */ 28 29 #include <gssapi/gssapi.h> 30 #include <stdlib.h> 31 #include <errno.h> 32 33 #include "mech_switch.h" 34 #include "name.h" 35 #include "cred.h" 36 37 OM_uint32 38 gss_acquire_cred(OM_uint32 *minor_status, 39 const gss_name_t desired_name, 40 OM_uint32 time_req, 41 const gss_OID_set desired_mechs, 42 gss_cred_usage_t cred_usage, 43 gss_cred_id_t *output_cred_handle, 44 gss_OID_set *actual_mechs, 45 OM_uint32 *time_rec) 46 { 47 OM_uint32 major_status; 48 gss_OID_set mechs = desired_mechs; 49 gss_OID_set_desc set; 50 struct _gss_name *name = (struct _gss_name *) desired_name; 51 struct _gss_mech_switch *m; 52 struct _gss_cred *cred; 53 struct _gss_mechanism_cred *mc; 54 struct _gss_mechanism_name *mn; 55 OM_uint32 min_time, time; 56 int i; 57 58 /* 59 * First make sure that at least one of the requested 60 * mechanisms is one that we support. 61 */ 62 _gss_load_mech(); 63 if (mechs) { 64 for (i = 0; i < mechs->count; i++) { 65 int t; 66 gss_test_oid_set_member(minor_status, 67 &mechs->elements[i], _gss_mech_oids, &t); 68 if (t) 69 break; 70 } 71 if (i == mechs->count) { 72 *output_cred_handle = 0; 73 *minor_status = 0; 74 return (GSS_S_BAD_MECH); 75 } 76 } else { 77 mechs = _gss_mech_oids; 78 } 79 80 if (actual_mechs) { 81 major_status = gss_create_empty_oid_set(minor_status, 82 actual_mechs); 83 if (major_status) 84 return (major_status); 85 } 86 87 cred = malloc(sizeof(struct _gss_cred)); 88 if (!cred) { 89 if (actual_mechs) 90 gss_release_oid_set(minor_status, actual_mechs); 91 *minor_status = ENOMEM; 92 return (GSS_S_FAILURE); 93 } 94 cred->gc_usage = cred_usage; 95 SLIST_INIT(&cred->gc_mc); 96 97 set.count = 1; 98 min_time = GSS_C_INDEFINITE; 99 for (i = 0; i < mechs->count; i++) { 100 m = _gss_find_mech_switch(&mechs->elements[i]); 101 if (!m) 102 continue; 103 104 if (desired_name != GSS_C_NO_NAME) { 105 mn = _gss_find_mn(name, &mechs->elements[i]); 106 if (!mn) 107 continue; 108 } 109 110 mc = malloc(sizeof(struct _gss_mechanism_cred)); 111 if (!mc) { 112 continue; 113 } 114 mc->gmc_mech = m; 115 mc->gmc_mech_oid = &m->gm_mech_oid; 116 117 /* 118 * XXX Probably need to do something with actual_mechs. 119 */ 120 set.elements = &mechs->elements[i]; 121 major_status = m->gm_acquire_cred(minor_status, 122 (desired_name != GSS_C_NO_NAME 123 ? mn->gmn_name : GSS_C_NO_NAME), 124 time_req, &set, cred_usage, 125 &mc->gmc_cred, NULL, &time); 126 if (major_status) { 127 free(mc); 128 continue; 129 } 130 if (time < min_time) 131 min_time = time; 132 133 if (actual_mechs) { 134 major_status = gss_add_oid_set_member(minor_status, 135 mc->gmc_mech_oid, actual_mechs); 136 if (major_status) { 137 m->gm_release_cred(minor_status, 138 &mc->gmc_cred); 139 free(mc); 140 continue; 141 } 142 } 143 144 SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); 145 } 146 147 /* 148 * If we didn't manage to create a single credential, return 149 * an error. 150 */ 151 if (!SLIST_FIRST(&cred->gc_mc)) { 152 free(cred); 153 if (actual_mechs) 154 gss_release_oid_set(minor_status, actual_mechs); 155 *output_cred_handle = 0; 156 *minor_status = 0; 157 return (GSS_S_NO_CRED); 158 } 159 160 if (time_rec) 161 *time_rec = min_time; 162 *output_cred_handle = (gss_cred_id_t) cred; 163 *minor_status = 0; 164 return (GSS_S_COMPLETE); 165 } 166