xref: /illumos-gate/usr/src/lib/libgss/g_store_cred.c (revision 2983dda76a6d296fdb560c88114fe41caad1b84f)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  *  glue routine for gss_store_cred
28  */
29 
30 #include <mechglueP.h>
31 
32 static OM_uint32 val_store_cred_args(
33 	OM_uint32 *minor_status,
34 	const gss_cred_id_t input_cred_handle,
35 	gss_OID_set *elements_stored)
36 {
37 
38 	/* Initialize outputs. */
39 
40 	if (minor_status != NULL)
41 		*minor_status = 0;
42 
43 	if (elements_stored != NULL)
44 		*elements_stored = GSS_C_NULL_OID_SET;
45 
46 	/* Validate arguments. */
47 
48 	if (minor_status == NULL)
49 		return (GSS_S_CALL_INACCESSIBLE_WRITE);
50 
51 	if (input_cred_handle == GSS_C_NO_CREDENTIAL)
52 		return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED);
53 
54 	return (GSS_S_COMPLETE);
55 }
56 
57 OM_uint32 gss_store_cred(minor_status,
58 			input_cred_handle,
59 			cred_usage,
60 			desired_mech,
61 			overwrite_cred,
62 			default_cred,
63 			elements_stored,
64 			cred_usage_stored)
65 
66 OM_uint32		*minor_status;
67 const gss_cred_id_t	 input_cred_handle;
68 gss_cred_usage_t	 cred_usage;
69 const gss_OID		 desired_mech;
70 OM_uint32		 overwrite_cred;
71 OM_uint32		 default_cred;
72 gss_OID_set		*elements_stored;
73 gss_cred_usage_t	*cred_usage_stored;
74 
75 {
76 	OM_uint32		major_status = GSS_S_FAILURE;
77 	gss_union_cred_t	union_cred;
78 	gss_cred_id_t		mech_cred;
79 	gss_mechanism		mech;
80 	gss_OID			dmech;
81 	int			i;
82 
83 	major_status = val_store_cred_args(minor_status,
84 					input_cred_handle,
85 					elements_stored);
86 	if (major_status != GSS_S_COMPLETE)
87 		return (major_status);
88 
89 	/* Initial value needed below. */
90 		major_status = GSS_S_FAILURE;
91 
92 	if (cred_usage_stored != NULL)
93 		*cred_usage_stored = GSS_C_BOTH; /* there's no GSS_C_NEITHER */
94 
95 	union_cred = (gss_union_cred_t)input_cred_handle;
96 
97 	/* desired_mech != GSS_C_NULL_OID -> store one element */
98 	if (desired_mech != GSS_C_NULL_OID) {
99 		mech = __gss_get_mechanism(desired_mech);
100 		if (mech == NULL)
101 			return (GSS_S_BAD_MECH);
102 
103 		if (mech->gss_store_cred == NULL)
104 			return (major_status);
105 
106 		mech_cred = __gss_get_mechanism_cred(union_cred, desired_mech);
107 		if (mech_cred == GSS_C_NO_CREDENTIAL)
108 			return (GSS_S_NO_CRED);
109 
110 		return (mech->gss_store_cred(mech->context,
111 						minor_status,
112 						(gss_cred_id_t)mech_cred,
113 						cred_usage,
114 						desired_mech,
115 						overwrite_cred,
116 						default_cred,
117 						elements_stored,
118 						cred_usage_stored));
119 	}
120 
121 	/* desired_mech == GSS_C_NULL_OID -> store all elements */
122 
123 	*minor_status = 0;
124 
125 	for (i = 0; i < union_cred->count; i++) {
126 		/* Get mech and cred element */
127 		dmech = &union_cred->mechs_array[i];
128 		mech = __gss_get_mechanism(dmech);
129 		if (mech == NULL)
130 			continue;
131 
132 		if (mech->gss_store_cred == NULL)
133 			continue;
134 
135 		mech_cred = __gss_get_mechanism_cred(union_cred, dmech);
136 		if (mech_cred == GSS_C_NO_CREDENTIAL)
137 			continue; /* can't happen, but safe to ignore */
138 
139 		major_status = mech->gss_store_cred(mech->context,
140 						minor_status,
141 						(gss_cred_id_t)mech_cred,
142 						cred_usage,
143 						dmech,
144 						overwrite_cred,
145 						default_cred,
146 						NULL,
147 						cred_usage_stored);
148 		if (major_status != GSS_S_COMPLETE)
149 			continue;
150 
151 		/* Succeeded for at least one mech */
152 
153 		if (elements_stored == NULL)
154 			continue;
155 
156 		if (*elements_stored == GSS_C_NULL_OID_SET) {
157 			major_status = gss_create_empty_oid_set(minor_status,
158 						elements_stored);
159 
160 			if (GSS_ERROR(major_status))
161 				return (major_status);
162 		}
163 
164 		major_status = gss_add_oid_set_member(minor_status, dmech,
165 			elements_stored);
166 
167 		/* The caller should clean up elements_stored */
168 		if (GSS_ERROR(major_status))
169 			return (major_status);
170 	}
171 
172 	/*
173 	 * Success with some mechs may mask failure with others, but
174 	 * that's what elements_stored is for.
175 	 */
176 	return (major_status);
177 }
178