1 /* 2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 6 7 /* 8 * Copyright 1993 by OpenVision Technologies, Inc. 9 * 10 * Permission to use, copy, modify, distribute, and sell this software 11 * and its documentation for any purpose is hereby granted without fee, 12 * provided that the above copyright notice appears in all copies and 13 * that both that copyright notice and this permission notice appear in 14 * supporting documentation, and that the name of OpenVision not be used 15 * in advertising or publicity pertaining to distribution of the software 16 * without specific, written prior permission. OpenVision makes no 17 * representations about the suitability of this software for any 18 * purpose. It is provided "as is" without express or implied warranty. 19 * 20 * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, 21 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO 22 * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR 23 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF 24 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR 25 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 26 * PERFORMANCE OF THIS SOFTWARE. 27 */ 28 29 #include "gssapiP_krb5.h" 30 #include "mglueP.h" /* SUNW15resync - for KGSS_ macros */ 31 32 /* 33 * $Id: delete_sec_context.c 18396 2006-07-25 20:29:43Z lxs $ 34 */ 35 36 37 #ifdef _KERNEL 38 /* SUNW15resync - todo - unify these kernel rel oid funcs with user spc ones */ 39 40 OM_uint32 41 krb5_gss_internal_release_oid(minor_status, oid) 42 OM_uint32 *minor_status; 43 gss_OID *oid; 44 { 45 /* 46 * This function only knows how to release internal OIDs. It will 47 * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize. 48 */ 49 50 if ((*oid != gss_mech_krb5) && 51 (*oid != gss_mech_krb5_old) && 52 (*oid != gss_mech_krb5_wrong) && 53 (*oid != gss_nt_krb5_name) && 54 (*oid != gss_nt_krb5_principal)) { 55 /* We don't know about this OID */ 56 return(GSS_S_CONTINUE_NEEDED); 57 } 58 else { 59 *oid = GSS_C_NO_OID; 60 *minor_status = 0; 61 return(GSS_S_COMPLETE); 62 } 63 } 64 65 OM_uint32 66 generic_gss_release_oid(minor_status, oid) 67 OM_uint32 *minor_status; 68 gss_OID *oid; 69 { 70 if (minor_status) 71 *minor_status = 0; 72 73 if (*oid == GSS_C_NO_OID) 74 return(GSS_S_COMPLETE); 75 76 77 if ((*oid != GSS_C_NT_USER_NAME) && 78 (*oid != GSS_C_NT_MACHINE_UID_NAME) && 79 (*oid != GSS_C_NT_STRING_UID_NAME) && 80 (*oid != GSS_C_NT_HOSTBASED_SERVICE) && 81 (*oid != GSS_C_NT_ANONYMOUS) && 82 (*oid != GSS_C_NT_EXPORT_NAME) && 83 (*oid != gss_nt_service_name)) { 84 FREE((*oid)->elements, (*oid)->length); 85 FREE(*oid, sizeof(gss_OID_desc)); 86 } 87 *oid = GSS_C_NO_OID; 88 return(GSS_S_COMPLETE); 89 } 90 91 OM_uint32 92 krb5_gss_release_oid(minor_status, oid) 93 OM_uint32 *minor_status; 94 gss_OID *oid; 95 { 96 97 if (krb5_gss_internal_release_oid(minor_status, oid) != GSS_S_COMPLETE) { 98 /* Pawn it off on the generic routine */ 99 return(generic_gss_release_oid(minor_status, oid)); 100 } 101 else { 102 *oid = GSS_C_NO_OID; 103 *minor_status = 0; 104 return(GSS_S_COMPLETE); 105 } 106 } 107 #endif 108 109 /*ARGSUSED*/ 110 OM_uint32 111 krb5_gss_delete_sec_context(minor_status, 112 context_handle, 113 output_token 114 #ifdef _KERNEL 115 , gssd_ctx_verifier 116 #endif 117 ) 118 OM_uint32 *minor_status; 119 gss_ctx_id_t *context_handle; 120 gss_buffer_t output_token; 121 #ifdef _KERNEL 122 OM_uint32 gssd_ctx_verifier; 123 #endif 124 { 125 krb5_context context; 126 krb5_gss_ctx_id_rec *ctx; 127 128 if (output_token) { 129 output_token->length = 0; 130 output_token->value = NULL; 131 } 132 133 /*SUPPRESS 29*/ 134 if (*context_handle == GSS_C_NO_CONTEXT) { 135 *minor_status = 0; 136 return(GSS_S_COMPLETE); 137 } 138 139 /*SUPPRESS 29*/ 140 /* validate the context handle */ 141 if (! kg_validate_ctx_id(*context_handle)) { 142 *minor_status = (OM_uint32) G_VALIDATE_FAILED; 143 return(GSS_S_NO_CONTEXT); 144 } 145 146 ctx = (krb5_gss_ctx_id_t) *context_handle; 147 context = ctx->k5_context; 148 149 /* construct a delete context token if necessary */ 150 151 if (output_token) { 152 OM_uint32 major; 153 gss_buffer_desc empty; 154 empty.length = 0; empty.value = NULL; 155 156 if ((major = kg_seal(minor_status, *context_handle, 0, 157 GSS_C_QOP_DEFAULT, 158 &empty, NULL, output_token, KG_TOK_DEL_CTX))) 159 return(major); 160 } 161 162 /* invalidate the context handle */ 163 164 (void)kg_delete_ctx_id(*context_handle); 165 166 /* free all the context state */ 167 168 if (ctx->seqstate) 169 g_order_free(&(ctx->seqstate)); 170 171 if (ctx->enc) 172 krb5_free_keyblock(context, ctx->enc); 173 174 if (ctx->seq) 175 krb5_free_keyblock(context, ctx->seq); 176 177 if (ctx->here) 178 krb5_free_principal(context, ctx->here); 179 if (ctx->there) 180 krb5_free_principal(context, ctx->there); 181 if (ctx->subkey) 182 krb5_free_keyblock(context, ctx->subkey); 183 if (ctx->acceptor_subkey) 184 krb5_free_keyblock(context, ctx->acceptor_subkey); 185 186 /* We never import the auth_context into the kernel */ 187 #ifndef _KERNEL 188 if (ctx->auth_context) { 189 if (ctx->cred_rcache) 190 (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL); 191 192 krb5_auth_con_free(context, ctx->auth_context); 193 } 194 #endif 195 196 if (ctx->mech_used) 197 (void) KGSS_RELEASE_OID(minor_status, &ctx->mech_used); 198 199 if (ctx->k5_context) 200 krb5_free_context(ctx->k5_context); 201 202 /* Zero out context */ 203 (void) memset(ctx, 0, sizeof(*ctx)); 204 xfree_wrap(ctx, sizeof (krb5_gss_ctx_id_rec)); 205 206 /* zero the handle itself */ 207 208 *context_handle = GSS_C_NO_CONTEXT; 209 210 *minor_status = 0; 211 return(GSS_S_COMPLETE); 212 } 213