xref: /illumos-gate/usr/src/lib/gss_mechs/mech_krb5/mech/inq_context.c (revision 7c478bd95313f5f23a4c958a745db2134aa03244) 
1*7c478bd9Sstevel@tonic-gate /*
2*7c478bd9Sstevel@tonic-gate  * Copyright 2002 Sun Microsystems, Inc.  All rights reserved.
3*7c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
4*7c478bd9Sstevel@tonic-gate  */
5*7c478bd9Sstevel@tonic-gate 
6*7c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
7*7c478bd9Sstevel@tonic-gate 
8*7c478bd9Sstevel@tonic-gate /*
9*7c478bd9Sstevel@tonic-gate  * Copyright 1993 by OpenVision Technologies, Inc.
10*7c478bd9Sstevel@tonic-gate  *
11*7c478bd9Sstevel@tonic-gate  * Permission to use, copy, modify, distribute, and sell this software
12*7c478bd9Sstevel@tonic-gate  * and its documentation for any purpose is hereby granted without fee,
13*7c478bd9Sstevel@tonic-gate  * provided that the above copyright notice appears in all copies and
14*7c478bd9Sstevel@tonic-gate  * that both that copyright notice and this permission notice appear in
15*7c478bd9Sstevel@tonic-gate  * supporting documentation, and that the name of OpenVision not be used
16*7c478bd9Sstevel@tonic-gate  * in advertising or publicity pertaining to distribution of the software
17*7c478bd9Sstevel@tonic-gate  * without specific, written prior permission. OpenVision makes no
18*7c478bd9Sstevel@tonic-gate  * representations about the suitability of this software for any
19*7c478bd9Sstevel@tonic-gate  * purpose.  It is provided "as is" without express or implied warranty.
20*7c478bd9Sstevel@tonic-gate  *
21*7c478bd9Sstevel@tonic-gate  * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
22*7c478bd9Sstevel@tonic-gate  * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
23*7c478bd9Sstevel@tonic-gate  * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
24*7c478bd9Sstevel@tonic-gate  * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
25*7c478bd9Sstevel@tonic-gate  * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
26*7c478bd9Sstevel@tonic-gate  * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
27*7c478bd9Sstevel@tonic-gate  * PERFORMANCE OF THIS SOFTWARE.
28*7c478bd9Sstevel@tonic-gate  */
29*7c478bd9Sstevel@tonic-gate 
30*7c478bd9Sstevel@tonic-gate #include <gssapiP_krb5.h>
31*7c478bd9Sstevel@tonic-gate 
32*7c478bd9Sstevel@tonic-gate OM_uint32
33*7c478bd9Sstevel@tonic-gate krb5_gss_inquire_context(ct, minor_status, context_handle, initiator_name,
34*7c478bd9Sstevel@tonic-gate 			 acceptor_name, lifetime_rec, mech_type, ret_flags,
35*7c478bd9Sstevel@tonic-gate 			 locally_initiated, open)
36*7c478bd9Sstevel@tonic-gate      void      *ct;
37*7c478bd9Sstevel@tonic-gate      OM_uint32 *minor_status;
38*7c478bd9Sstevel@tonic-gate      gss_ctx_id_t context_handle;
39*7c478bd9Sstevel@tonic-gate      gss_name_t *initiator_name;
40*7c478bd9Sstevel@tonic-gate      gss_name_t *acceptor_name;
41*7c478bd9Sstevel@tonic-gate      OM_uint32 *lifetime_rec;
42*7c478bd9Sstevel@tonic-gate      gss_OID *mech_type;
43*7c478bd9Sstevel@tonic-gate      OM_uint32 *ret_flags;
44*7c478bd9Sstevel@tonic-gate      int *locally_initiated;
45*7c478bd9Sstevel@tonic-gate      int *open;
46*7c478bd9Sstevel@tonic-gate {
47*7c478bd9Sstevel@tonic-gate    krb5_context context;
48*7c478bd9Sstevel@tonic-gate    krb5_error_code code;
49*7c478bd9Sstevel@tonic-gate    krb5_gss_ctx_id_rec *ctx;
50*7c478bd9Sstevel@tonic-gate    krb5_principal init, accept;
51*7c478bd9Sstevel@tonic-gate    krb5_timestamp now;
52*7c478bd9Sstevel@tonic-gate    krb5_deltat lifetime;
53*7c478bd9Sstevel@tonic-gate 
54*7c478bd9Sstevel@tonic-gate    /* Solaris Kerberos:  for MT safety, we avoid the use of a default
55*7c478bd9Sstevel@tonic-gate     * context via kg_get_context() */
56*7c478bd9Sstevel@tonic-gate #if 0
57*7c478bd9Sstevel@tonic-gate    if (GSS_ERROR(kg_get_context(minor_status, &context)))
58*7c478bd9Sstevel@tonic-gate       return(GSS_S_FAILURE);
59*7c478bd9Sstevel@tonic-gate #endif
60*7c478bd9Sstevel@tonic-gate 
61*7c478bd9Sstevel@tonic-gate    mutex_lock(&krb5_mutex);
62*7c478bd9Sstevel@tonic-gate    context = ct;
63*7c478bd9Sstevel@tonic-gate 
64*7c478bd9Sstevel@tonic-gate    if (initiator_name)
65*7c478bd9Sstevel@tonic-gate       *initiator_name = (gss_name_t) NULL;
66*7c478bd9Sstevel@tonic-gate    if (acceptor_name)
67*7c478bd9Sstevel@tonic-gate       *acceptor_name = (gss_name_t) NULL;
68*7c478bd9Sstevel@tonic-gate 
69*7c478bd9Sstevel@tonic-gate    /* validate the context handle */
70*7c478bd9Sstevel@tonic-gate    if (! kg_validate_ctx_id(context_handle)) {
71*7c478bd9Sstevel@tonic-gate       *minor_status = (OM_uint32) G_VALIDATE_FAILED;
72*7c478bd9Sstevel@tonic-gate       mutex_unlock(&krb5_mutex);
73*7c478bd9Sstevel@tonic-gate       return(GSS_S_NO_CONTEXT);
74*7c478bd9Sstevel@tonic-gate    }
75*7c478bd9Sstevel@tonic-gate 
76*7c478bd9Sstevel@tonic-gate    ctx = (krb5_gss_ctx_id_rec *) context_handle;
77*7c478bd9Sstevel@tonic-gate 
78*7c478bd9Sstevel@tonic-gate    if (! ctx->established) {
79*7c478bd9Sstevel@tonic-gate       *minor_status = KG_CTX_INCOMPLETE;
80*7c478bd9Sstevel@tonic-gate       mutex_unlock(&krb5_mutex);
81*7c478bd9Sstevel@tonic-gate       return(GSS_S_NO_CONTEXT);
82*7c478bd9Sstevel@tonic-gate    }
83*7c478bd9Sstevel@tonic-gate 
84*7c478bd9Sstevel@tonic-gate    init = NULL;
85*7c478bd9Sstevel@tonic-gate    accept = NULL;
86*7c478bd9Sstevel@tonic-gate 
87*7c478bd9Sstevel@tonic-gate    if (code = krb5_timeofday(context, &now)) {
88*7c478bd9Sstevel@tonic-gate       *minor_status = code;
89*7c478bd9Sstevel@tonic-gate       mutex_unlock(&krb5_mutex);
90*7c478bd9Sstevel@tonic-gate       return(GSS_S_FAILURE);
91*7c478bd9Sstevel@tonic-gate    }
92*7c478bd9Sstevel@tonic-gate 
93*7c478bd9Sstevel@tonic-gate    if ((lifetime = ctx->endtime - now) < 0)
94*7c478bd9Sstevel@tonic-gate       lifetime = 0;
95*7c478bd9Sstevel@tonic-gate 
96*7c478bd9Sstevel@tonic-gate    if (initiator_name) {
97*7c478bd9Sstevel@tonic-gate       if (code = krb5_copy_principal(context,
98*7c478bd9Sstevel@tonic-gate 				     ctx->initiate?ctx->here:ctx->there,
99*7c478bd9Sstevel@tonic-gate 				     &init)) {
100*7c478bd9Sstevel@tonic-gate 	 *minor_status = code;
101*7c478bd9Sstevel@tonic-gate 	 mutex_unlock(&krb5_mutex);
102*7c478bd9Sstevel@tonic-gate 	 return(GSS_S_FAILURE);
103*7c478bd9Sstevel@tonic-gate       }
104*7c478bd9Sstevel@tonic-gate       if (! kg_save_name((gss_name_t) init)) {
105*7c478bd9Sstevel@tonic-gate 	 krb5_free_principal(context, init);
106*7c478bd9Sstevel@tonic-gate 	 *minor_status = (OM_uint32) G_VALIDATE_FAILED;
107*7c478bd9Sstevel@tonic-gate 	 mutex_unlock(&krb5_mutex);
108*7c478bd9Sstevel@tonic-gate 	 return(GSS_S_FAILURE);
109*7c478bd9Sstevel@tonic-gate       }
110*7c478bd9Sstevel@tonic-gate    }
111*7c478bd9Sstevel@tonic-gate 
112*7c478bd9Sstevel@tonic-gate    if (acceptor_name) {
113*7c478bd9Sstevel@tonic-gate       if (code = krb5_copy_principal(context,
114*7c478bd9Sstevel@tonic-gate 				     ctx->initiate?ctx->there:ctx->here,
115*7c478bd9Sstevel@tonic-gate 				     &accept)) {
116*7c478bd9Sstevel@tonic-gate 	 if (init) krb5_free_principal(context, init);
117*7c478bd9Sstevel@tonic-gate 	 *minor_status = code;
118*7c478bd9Sstevel@tonic-gate 	 mutex_unlock(&krb5_mutex);
119*7c478bd9Sstevel@tonic-gate 	 return(GSS_S_FAILURE);
120*7c478bd9Sstevel@tonic-gate       }
121*7c478bd9Sstevel@tonic-gate       if (! kg_save_name((gss_name_t) accept)) {
122*7c478bd9Sstevel@tonic-gate 	 krb5_free_principal(context, accept);
123*7c478bd9Sstevel@tonic-gate 	 if (init) {
124*7c478bd9Sstevel@tonic-gate 	    kg_delete_name((gss_name_t) accept);
125*7c478bd9Sstevel@tonic-gate 	    krb5_free_principal(context, init);
126*7c478bd9Sstevel@tonic-gate 	 }
127*7c478bd9Sstevel@tonic-gate 	 *minor_status = (OM_uint32) G_VALIDATE_FAILED;
128*7c478bd9Sstevel@tonic-gate 	 mutex_unlock(&krb5_mutex);
129*7c478bd9Sstevel@tonic-gate 	 return(GSS_S_FAILURE);
130*7c478bd9Sstevel@tonic-gate       }
131*7c478bd9Sstevel@tonic-gate    }
132*7c478bd9Sstevel@tonic-gate 
133*7c478bd9Sstevel@tonic-gate    if (initiator_name)
134*7c478bd9Sstevel@tonic-gate       *initiator_name = (gss_name_t) init;
135*7c478bd9Sstevel@tonic-gate 
136*7c478bd9Sstevel@tonic-gate    if (acceptor_name)
137*7c478bd9Sstevel@tonic-gate       *acceptor_name = (gss_name_t) accept;
138*7c478bd9Sstevel@tonic-gate 
139*7c478bd9Sstevel@tonic-gate    if (lifetime_rec)
140*7c478bd9Sstevel@tonic-gate       *lifetime_rec = lifetime;
141*7c478bd9Sstevel@tonic-gate 
142*7c478bd9Sstevel@tonic-gate    if (mech_type)
143*7c478bd9Sstevel@tonic-gate      *mech_type =  &(ctx->mech_used);
144*7c478bd9Sstevel@tonic-gate 
145*7c478bd9Sstevel@tonic-gate 
146*7c478bd9Sstevel@tonic-gate    if (ret_flags)
147*7c478bd9Sstevel@tonic-gate       *ret_flags = ctx->gss_flags;
148*7c478bd9Sstevel@tonic-gate 
149*7c478bd9Sstevel@tonic-gate    if (locally_initiated)
150*7c478bd9Sstevel@tonic-gate       *locally_initiated = ctx->initiate;
151*7c478bd9Sstevel@tonic-gate 
152*7c478bd9Sstevel@tonic-gate    if (open)
153*7c478bd9Sstevel@tonic-gate       *open = ctx->established;
154*7c478bd9Sstevel@tonic-gate 
155*7c478bd9Sstevel@tonic-gate    *minor_status = 0;
156*7c478bd9Sstevel@tonic-gate    mutex_unlock(&krb5_mutex);
157*7c478bd9Sstevel@tonic-gate    return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
158*7c478bd9Sstevel@tonic-gate }
159