xref: /freebsd/lib/libgssapi/gss_acquire_cred.c (revision d056fa046c6a91b90cd98165face0e42a33a5173) 
1 /*-
2  * Copyright (c) 2005 Doug Rabson
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  *	$FreeBSD$
27  */
28 
29 #include <gssapi/gssapi.h>
30 #include <stdlib.h>
31 #include <errno.h>
32 
33 #include "mech_switch.h"
34 #include "name.h"
35 #include "cred.h"
36 
37 OM_uint32
38 gss_acquire_cred(OM_uint32 *minor_status,
39     const gss_name_t desired_name,
40     OM_uint32 time_req,
41     const gss_OID_set desired_mechs,
42     gss_cred_usage_t cred_usage,
43     gss_cred_id_t *output_cred_handle,
44     gss_OID_set *actual_mechs,
45     OM_uint32 *time_rec)
46 {
47 	OM_uint32 major_status;
48 	gss_OID_set mechs = desired_mechs;
49 	gss_OID_set_desc set;
50 	struct _gss_name *name = (struct _gss_name *) desired_name;
51 	struct _gss_mech_switch *m;
52 	struct _gss_cred *cred;
53 	struct _gss_mechanism_cred *mc;
54 	struct _gss_mechanism_name *mn;
55 	OM_uint32 min_time, time;
56 	int i;
57 
58 	/*
59 	 * First make sure that at least one of the requested
60 	 * mechanisms is one that we support.
61 	 */
62 	if (mechs) {
63 		_gss_load_mech();
64 		for (i = 0; i < mechs->count; i++) {
65 			int t;
66 			gss_test_oid_set_member(minor_status,
67 			    &mechs->elements[i], _gss_mech_oids, &t);
68 			if (t)
69 				break;
70 		}
71 		if (i == mechs->count) {
72 			*output_cred_handle = 0;
73 			*minor_status = 0;
74 			return (GSS_S_BAD_MECH);
75 		}
76 	}
77 
78 	if (actual_mechs) {
79 		major_status = gss_create_empty_oid_set(minor_status,
80 		    actual_mechs);
81 		if (major_status)
82 			return (major_status);
83 	}
84 
85 	cred = malloc(sizeof(struct _gss_cred));
86 	if (!cred) {
87 		if (actual_mechs)
88 			gss_release_oid_set(minor_status, actual_mechs);
89 		*minor_status = ENOMEM;
90 		return (GSS_S_FAILURE);
91 	}
92 	cred->gc_usage = cred_usage;
93 	SLIST_INIT(&cred->gc_mc);
94 
95 	if (mechs == GSS_C_NO_OID_SET)
96 		mechs = _gss_mech_oids;
97 
98 	set.count = 1;
99 	min_time = GSS_C_INDEFINITE;
100 	for (i = 0; i < mechs->count; i++) {
101 		m = _gss_find_mech_switch(&mechs->elements[i]);
102 		if (!m)
103 			continue;
104 
105 		if (desired_name != GSS_C_NO_NAME) {
106 			mn = _gss_find_mn(name, &mechs->elements[i]);
107 			if (!mn)
108 				continue;
109 		}
110 
111 		mc = malloc(sizeof(struct _gss_mechanism_cred));
112 		if (!mc) {
113 			continue;
114 		}
115 		mc->gmc_mech = m;
116 		mc->gmc_mech_oid = &m->gm_mech_oid;
117 
118 		/*
119 		 * XXX Probably need to do something with actual_mechs.
120 		 */
121 		set.elements = &mechs->elements[i];
122 		major_status = m->gm_acquire_cred(minor_status,
123 		    (desired_name != GSS_C_NO_NAME
124 			? mn->gmn_name : GSS_C_NO_NAME),
125 		    time_req, &set, cred_usage,
126 		    &mc->gmc_cred, NULL, &time);
127 		if (major_status) {
128 			free(mc);
129 			continue;
130 		}
131 		if (time < min_time)
132 			min_time = time;
133 
134 		if (actual_mechs) {
135 			major_status = gss_add_oid_set_member(minor_status,
136 			    mc->gmc_mech_oid, actual_mechs);
137 			if (major_status) {
138 				m->gm_release_cred(minor_status,
139 				    &mc->gmc_cred);
140 				free(mc);
141 				continue;
142 			}
143 		}
144 
145 		SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
146 	}
147 
148 	/*
149 	 * If we didn't manage to create a single credential, return
150 	 * an error.
151 	 */
152 	if (!SLIST_FIRST(&cred->gc_mc)) {
153 		free(cred);
154 		if (actual_mechs)
155 			gss_release_oid_set(minor_status, actual_mechs);
156 		*output_cred_handle = 0;
157 		*minor_status = 0;
158 		return (GSS_S_NO_CRED);
159 	}
160 
161 	if (time_rec)
162 		*time_rec = min_time;
163 	*output_cred_handle = (gss_cred_id_t) cred;
164 	*minor_status = 0;
165 	return (GSS_S_COMPLETE);
166 }
167