1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * Copyright 2002 Sun Microsystems, Inc. All rights reserved. 3*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 4*7c478bd9Sstevel@tonic-gate */ 5*7c478bd9Sstevel@tonic-gate 6*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 7*7c478bd9Sstevel@tonic-gate 8*7c478bd9Sstevel@tonic-gate /* 9*7c478bd9Sstevel@tonic-gate * Copyright 1993 by OpenVision Technologies, Inc. 10*7c478bd9Sstevel@tonic-gate * 11*7c478bd9Sstevel@tonic-gate * Permission to use, copy, modify, distribute, and sell this software 12*7c478bd9Sstevel@tonic-gate * and its documentation for any purpose is hereby granted without fee, 13*7c478bd9Sstevel@tonic-gate * provided that the above copyright notice appears in all copies and 14*7c478bd9Sstevel@tonic-gate * that both that copyright notice and this permission notice appear in 15*7c478bd9Sstevel@tonic-gate * supporting documentation, and that the name of OpenVision not be used 16*7c478bd9Sstevel@tonic-gate * in advertising or publicity pertaining to distribution of the software 17*7c478bd9Sstevel@tonic-gate * without specific, written prior permission. OpenVision makes no 18*7c478bd9Sstevel@tonic-gate * representations about the suitability of this software for any 19*7c478bd9Sstevel@tonic-gate * purpose. It is provided "as is" without express or implied warranty. 20*7c478bd9Sstevel@tonic-gate * 21*7c478bd9Sstevel@tonic-gate * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 22*7c478bd9Sstevel@tonic-gate * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 23*7c478bd9Sstevel@tonic-gate * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 24*7c478bd9Sstevel@tonic-gate * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 25*7c478bd9Sstevel@tonic-gate * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 26*7c478bd9Sstevel@tonic-gate * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 27*7c478bd9Sstevel@tonic-gate * PERFORMANCE OF THIS SOFTWARE. 28*7c478bd9Sstevel@tonic-gate */ 29*7c478bd9Sstevel@tonic-gate 30*7c478bd9Sstevel@tonic-gate #include <gssapiP_krb5.h> 31*7c478bd9Sstevel@tonic-gate 32*7c478bd9Sstevel@tonic-gate OM_uint32 33*7c478bd9Sstevel@tonic-gate krb5_gss_inquire_context(ct, minor_status, context_handle, initiator_name, 34*7c478bd9Sstevel@tonic-gate acceptor_name, lifetime_rec, mech_type, ret_flags, 35*7c478bd9Sstevel@tonic-gate locally_initiated, open) 36*7c478bd9Sstevel@tonic-gate void *ct; 37*7c478bd9Sstevel@tonic-gate OM_uint32 *minor_status; 38*7c478bd9Sstevel@tonic-gate gss_ctx_id_t context_handle; 39*7c478bd9Sstevel@tonic-gate gss_name_t *initiator_name; 40*7c478bd9Sstevel@tonic-gate gss_name_t *acceptor_name; 41*7c478bd9Sstevel@tonic-gate OM_uint32 *lifetime_rec; 42*7c478bd9Sstevel@tonic-gate gss_OID *mech_type; 43*7c478bd9Sstevel@tonic-gate OM_uint32 *ret_flags; 44*7c478bd9Sstevel@tonic-gate int *locally_initiated; 45*7c478bd9Sstevel@tonic-gate int *open; 46*7c478bd9Sstevel@tonic-gate { 47*7c478bd9Sstevel@tonic-gate krb5_context context; 48*7c478bd9Sstevel@tonic-gate krb5_error_code code; 49*7c478bd9Sstevel@tonic-gate krb5_gss_ctx_id_rec *ctx; 50*7c478bd9Sstevel@tonic-gate krb5_principal init, accept; 51*7c478bd9Sstevel@tonic-gate krb5_timestamp now; 52*7c478bd9Sstevel@tonic-gate krb5_deltat lifetime; 53*7c478bd9Sstevel@tonic-gate 54*7c478bd9Sstevel@tonic-gate /* Solaris Kerberos: for MT safety, we avoid the use of a default 55*7c478bd9Sstevel@tonic-gate * context via kg_get_context() */ 56*7c478bd9Sstevel@tonic-gate #if 0 57*7c478bd9Sstevel@tonic-gate if (GSS_ERROR(kg_get_context(minor_status, &context))) 58*7c478bd9Sstevel@tonic-gate return(GSS_S_FAILURE); 59*7c478bd9Sstevel@tonic-gate #endif 60*7c478bd9Sstevel@tonic-gate 61*7c478bd9Sstevel@tonic-gate mutex_lock(&krb5_mutex); 62*7c478bd9Sstevel@tonic-gate context = ct; 63*7c478bd9Sstevel@tonic-gate 64*7c478bd9Sstevel@tonic-gate if (initiator_name) 65*7c478bd9Sstevel@tonic-gate *initiator_name = (gss_name_t) NULL; 66*7c478bd9Sstevel@tonic-gate if (acceptor_name) 67*7c478bd9Sstevel@tonic-gate *acceptor_name = (gss_name_t) NULL; 68*7c478bd9Sstevel@tonic-gate 69*7c478bd9Sstevel@tonic-gate /* validate the context handle */ 70*7c478bd9Sstevel@tonic-gate if (! kg_validate_ctx_id(context_handle)) { 71*7c478bd9Sstevel@tonic-gate *minor_status = (OM_uint32) G_VALIDATE_FAILED; 72*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 73*7c478bd9Sstevel@tonic-gate return(GSS_S_NO_CONTEXT); 74*7c478bd9Sstevel@tonic-gate } 75*7c478bd9Sstevel@tonic-gate 76*7c478bd9Sstevel@tonic-gate ctx = (krb5_gss_ctx_id_rec *) context_handle; 77*7c478bd9Sstevel@tonic-gate 78*7c478bd9Sstevel@tonic-gate if (! ctx->established) { 79*7c478bd9Sstevel@tonic-gate *minor_status = KG_CTX_INCOMPLETE; 80*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 81*7c478bd9Sstevel@tonic-gate return(GSS_S_NO_CONTEXT); 82*7c478bd9Sstevel@tonic-gate } 83*7c478bd9Sstevel@tonic-gate 84*7c478bd9Sstevel@tonic-gate init = NULL; 85*7c478bd9Sstevel@tonic-gate accept = NULL; 86*7c478bd9Sstevel@tonic-gate 87*7c478bd9Sstevel@tonic-gate if (code = krb5_timeofday(context, &now)) { 88*7c478bd9Sstevel@tonic-gate *minor_status = code; 89*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 90*7c478bd9Sstevel@tonic-gate return(GSS_S_FAILURE); 91*7c478bd9Sstevel@tonic-gate } 92*7c478bd9Sstevel@tonic-gate 93*7c478bd9Sstevel@tonic-gate if ((lifetime = ctx->endtime - now) < 0) 94*7c478bd9Sstevel@tonic-gate lifetime = 0; 95*7c478bd9Sstevel@tonic-gate 96*7c478bd9Sstevel@tonic-gate if (initiator_name) { 97*7c478bd9Sstevel@tonic-gate if (code = krb5_copy_principal(context, 98*7c478bd9Sstevel@tonic-gate ctx->initiate?ctx->here:ctx->there, 99*7c478bd9Sstevel@tonic-gate &init)) { 100*7c478bd9Sstevel@tonic-gate *minor_status = code; 101*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 102*7c478bd9Sstevel@tonic-gate return(GSS_S_FAILURE); 103*7c478bd9Sstevel@tonic-gate } 104*7c478bd9Sstevel@tonic-gate if (! kg_save_name((gss_name_t) init)) { 105*7c478bd9Sstevel@tonic-gate krb5_free_principal(context, init); 106*7c478bd9Sstevel@tonic-gate *minor_status = (OM_uint32) G_VALIDATE_FAILED; 107*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 108*7c478bd9Sstevel@tonic-gate return(GSS_S_FAILURE); 109*7c478bd9Sstevel@tonic-gate } 110*7c478bd9Sstevel@tonic-gate } 111*7c478bd9Sstevel@tonic-gate 112*7c478bd9Sstevel@tonic-gate if (acceptor_name) { 113*7c478bd9Sstevel@tonic-gate if (code = krb5_copy_principal(context, 114*7c478bd9Sstevel@tonic-gate ctx->initiate?ctx->there:ctx->here, 115*7c478bd9Sstevel@tonic-gate &accept)) { 116*7c478bd9Sstevel@tonic-gate if (init) krb5_free_principal(context, init); 117*7c478bd9Sstevel@tonic-gate *minor_status = code; 118*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 119*7c478bd9Sstevel@tonic-gate return(GSS_S_FAILURE); 120*7c478bd9Sstevel@tonic-gate } 121*7c478bd9Sstevel@tonic-gate if (! kg_save_name((gss_name_t) accept)) { 122*7c478bd9Sstevel@tonic-gate krb5_free_principal(context, accept); 123*7c478bd9Sstevel@tonic-gate if (init) { 124*7c478bd9Sstevel@tonic-gate kg_delete_name((gss_name_t) accept); 125*7c478bd9Sstevel@tonic-gate krb5_free_principal(context, init); 126*7c478bd9Sstevel@tonic-gate } 127*7c478bd9Sstevel@tonic-gate *minor_status = (OM_uint32) G_VALIDATE_FAILED; 128*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 129*7c478bd9Sstevel@tonic-gate return(GSS_S_FAILURE); 130*7c478bd9Sstevel@tonic-gate } 131*7c478bd9Sstevel@tonic-gate } 132*7c478bd9Sstevel@tonic-gate 133*7c478bd9Sstevel@tonic-gate if (initiator_name) 134*7c478bd9Sstevel@tonic-gate *initiator_name = (gss_name_t) init; 135*7c478bd9Sstevel@tonic-gate 136*7c478bd9Sstevel@tonic-gate if (acceptor_name) 137*7c478bd9Sstevel@tonic-gate *acceptor_name = (gss_name_t) accept; 138*7c478bd9Sstevel@tonic-gate 139*7c478bd9Sstevel@tonic-gate if (lifetime_rec) 140*7c478bd9Sstevel@tonic-gate *lifetime_rec = lifetime; 141*7c478bd9Sstevel@tonic-gate 142*7c478bd9Sstevel@tonic-gate if (mech_type) 143*7c478bd9Sstevel@tonic-gate *mech_type = &(ctx->mech_used); 144*7c478bd9Sstevel@tonic-gate 145*7c478bd9Sstevel@tonic-gate 146*7c478bd9Sstevel@tonic-gate if (ret_flags) 147*7c478bd9Sstevel@tonic-gate *ret_flags = ctx->gss_flags; 148*7c478bd9Sstevel@tonic-gate 149*7c478bd9Sstevel@tonic-gate if (locally_initiated) 150*7c478bd9Sstevel@tonic-gate *locally_initiated = ctx->initiate; 151*7c478bd9Sstevel@tonic-gate 152*7c478bd9Sstevel@tonic-gate if (open) 153*7c478bd9Sstevel@tonic-gate *open = ctx->established; 154*7c478bd9Sstevel@tonic-gate 155*7c478bd9Sstevel@tonic-gate *minor_status = 0; 156*7c478bd9Sstevel@tonic-gate mutex_unlock(&krb5_mutex); 157*7c478bd9Sstevel@tonic-gate return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE); 158*7c478bd9Sstevel@tonic-gate } 159