1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2005 Doug Rabson 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * $FreeBSD$ 29 */ 30 31 #include <gssapi/gssapi.h> 32 #include <stdlib.h> 33 #include <errno.h> 34 35 #include "mech_switch.h" 36 #include "name.h" 37 #include "cred.h" 38 39 OM_uint32 40 gss_acquire_cred(OM_uint32 *minor_status, 41 const gss_name_t desired_name, 42 OM_uint32 time_req, 43 const gss_OID_set desired_mechs, 44 gss_cred_usage_t cred_usage, 45 gss_cred_id_t *output_cred_handle, 46 gss_OID_set *actual_mechs, 47 OM_uint32 *time_rec) 48 { 49 OM_uint32 major_status; 50 gss_OID_set mechs = desired_mechs; 51 gss_OID_set_desc set; 52 struct _gss_name *name = (struct _gss_name *) desired_name; 53 struct _gss_mech_switch *m; 54 struct _gss_cred *cred; 55 struct _gss_mechanism_cred *mc; 56 struct _gss_mechanism_name *mn; 57 OM_uint32 min_time, cred_time; 58 size_t i; 59 60 *minor_status = 0; 61 if (output_cred_handle) 62 *output_cred_handle = GSS_C_NO_CREDENTIAL; 63 if (actual_mechs) 64 *actual_mechs = GSS_C_NO_OID_SET; 65 if (time_rec) 66 *time_rec = 0; 67 68 _gss_load_mech(); 69 70 /* 71 * First make sure that at least one of the requested 72 * mechanisms is one that we support. 73 */ 74 if (mechs) { 75 for (i = 0; i < mechs->count; i++) { 76 int t; 77 gss_test_oid_set_member(minor_status, 78 &mechs->elements[i], _gss_mech_oids, &t); 79 if (t) 80 break; 81 } 82 if (i == mechs->count) { 83 *minor_status = 0; 84 return (GSS_S_BAD_MECH); 85 } 86 } else { 87 mechs = _gss_mech_oids; 88 } 89 90 if (actual_mechs) { 91 major_status = gss_create_empty_oid_set(minor_status, 92 actual_mechs); 93 if (major_status) 94 return (major_status); 95 } 96 97 cred = malloc(sizeof(struct _gss_cred)); 98 if (!cred) { 99 if (actual_mechs) 100 gss_release_oid_set(minor_status, actual_mechs); 101 *minor_status = ENOMEM; 102 return (GSS_S_FAILURE); 103 } 104 SLIST_INIT(&cred->gc_mc); 105 106 set.count = 1; 107 min_time = GSS_C_INDEFINITE; 108 for (i = 0; i < mechs->count; i++) { 109 m = _gss_find_mech_switch(&mechs->elements[i]); 110 if (!m) 111 continue; 112 113 if (desired_name != GSS_C_NO_NAME) { 114 major_status = _gss_find_mn(minor_status, name, 115 &mechs->elements[i], &mn); 116 if (major_status != GSS_S_COMPLETE) 117 continue; 118 } 119 120 mc = malloc(sizeof(struct _gss_mechanism_cred)); 121 if (!mc) { 122 continue; 123 } 124 mc->gmc_mech = m; 125 mc->gmc_mech_oid = &m->gm_mech_oid; 126 127 /* 128 * XXX Probably need to do something with actual_mechs. 129 */ 130 set.elements = &mechs->elements[i]; 131 major_status = m->gm_acquire_cred(minor_status, 132 (desired_name != GSS_C_NO_NAME 133 ? mn->gmn_name : GSS_C_NO_NAME), 134 time_req, &set, cred_usage, 135 &mc->gmc_cred, NULL, &cred_time); 136 if (major_status) { 137 free(mc); 138 continue; 139 } 140 if (cred_time < min_time) 141 min_time = cred_time; 142 143 if (actual_mechs) { 144 major_status = gss_add_oid_set_member(minor_status, 145 mc->gmc_mech_oid, actual_mechs); 146 if (major_status) { 147 m->gm_release_cred(minor_status, 148 &mc->gmc_cred); 149 free(mc); 150 continue; 151 } 152 } 153 154 SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link); 155 } 156 157 /* 158 * If we didn't manage to create a single credential, return 159 * an error. 160 */ 161 if (!SLIST_FIRST(&cred->gc_mc)) { 162 free(cred); 163 if (actual_mechs) 164 gss_release_oid_set(minor_status, actual_mechs); 165 *minor_status = 0; 166 return (GSS_S_NO_CRED); 167 } 168 169 if (time_rec) 170 *time_rec = min_time; 171 *output_cred_handle = (gss_cred_id_t) cred; 172 *minor_status = 0; 173 return (GSS_S_COMPLETE); 174 } 175