1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2005 Doug Rabson 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <gssapi/gssapi.h> 30 #include <stdlib.h> 31 #include <errno.h> 32 33 #include "mech_switch.h" 34 #include "name.h" 35 #include "cred.h" 36 37 OM_uint32 38 gss_acquire_cred(OM_uint32 *minor_status, 39 const gss_name_t desired_name, 40 OM_uint32 time_req, 41 const gss_OID_set desired_mechs, 42 gss_cred_usage_t cred_usage, 43 gss_cred_id_t *output_cred_handle, 44 gss_OID_set *actual_mechs, 45 OM_uint32 *time_rec) 46 { 47 OM_uint32 major_status; 48 gss_OID_set mechs = desired_mechs; 49 gss_OID_set_desc set; 50 struct _gss_name *name = (struct _gss_name *) desired_name; 51 struct _gss_mech_switch *m; 52 struct _gss_cred *cred; 53 struct _gss_mechanism_cred *mc; 54 struct _gss_mechanism_name *mn; 55 OM_uint32 min_time, cred_time; 56 size_t i; 57 58 *minor_status = 0; 59 if (output_cred_handle) 60 *output_cred_handle = GSS_C_NO_CREDENTIAL; 61 if (actual_mechs) 62 *actual_mechs = GSS_C_NO_OID_SET; 63 if (time_rec) 64 *time_rec = 0; 65 66 _gss_load_mech(); 67 68 /* 69 * First make sure that at least one of the requested 70 * mechanisms is one that we support. 71 */ 72 if (mechs) { 73 for (i = 0; i < mechs->count; i++) { 74 int t; 75 gss_test_oid_set_member(minor_status, 76 &mechs->elements[i], _gss_mech_oids, &t); 77 if (t) 78 break; 79 } 80 if (i == mechs->count) { 81 *minor_status = 0; 82 return (GSS_S_BAD_MECH); 83 } 84 } else { 85 mechs = _gss_mech_oids; 86 } 87 88 if (actual_mechs) { 89 major_status = gss_create_empty_oid_set(minor_status, 90 actual_mechs); 91 if (major_status) 92 return (major_status); 93 } 94 95 cred = malloc(sizeof(struct _gss_cred)); 96 if (!cred) { 97 if (actual_mechs) 98 gss_release_oid_set(minor_status, actual_mechs); 99 *minor_status = ENOMEM; 100 return (GSS_S_FAILURE); 101 } 102 SLIST_INIT(&cred->gc_mc); 103 104 set.count = 1; 105 min_time = GSS_C_INDEFINITE; 106 for (i = 0; i < mechs->count; i++) { 107 m = _gss_find_mech_switch(&mechs->elements[i]); 108 if (!m) 109 continue; 110 111 if (desired_name != GSS_C_NO_NAME) { 112 major_status = _gss_find_mn(minor_status, name, 113 &mechs->elements[i], &mn); 114 if (major_status != GSS_S_COMPLETE) 115 continue; 116 } 117 118 mc = malloc(sizeof(struct _gss_mechanism_cred)); 119 if (!mc) { 120 continue; 121 } 122 mc->gmc_mech = m; 123 mc->gmc_mech_oid = &m->gm_mech_oid; 124 125 /* 126 * XXX Probably need to do something with actual_mechs. 127 */ 128 set.elements = &mechs->elements[i]; 129 major_status = m->gm_acquire_cred(minor_status, 130 (desired_name != GSS_C_NO_NAME 131 ? mn->gmn_name : GSS_C_NO_NAME), 132 time_req, &set, cred_usage, 133 &mc->gmc_cred, NULL, &cred_time); 134 if (major_status) { 135 free(mc); 136 continue; 137 } 138 if (cred_time < min_time) 139 min_time = cred_time; 140 141 if (actual_mechs) { 142 major_status = gss_add_oid_set_member(minor_status, 143 mc->gmc_mech_oid, actual_mechs); 144 if (major_status) { 145 m->gm_release_cred(minor_status, 146 &mc->gmc_cred); 147 free(mc); 148 continue; 149 } 150 } 151 152 SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); 153 } 154 155 /* 156 * If we didn't manage to create a single credential, return 157 * an error. 158 */ 159 if (!SLIST_FIRST(&cred->gc_mc)) { 160 free(cred); 161 if (actual_mechs) 162 gss_release_oid_set(minor_status, actual_mechs); 163 *minor_status = 0; 164 return (GSS_S_NO_CRED); 165 } 166 167 if (time_rec) 168 *time_rec = min_time; 169 *output_cred_handle = (gss_cred_id_t) cred; 170 *minor_status = 0; 171 return (GSS_S_COMPLETE); 172 } 173