Line data Source code
1 : /*
2 : * Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "gsskrb5_locl.h"
35 :
36 : OM_uint32 GSSAPI_CALLCONV
37 0 : _gsskrb5_export_sec_context(
38 : OM_uint32 *minor_status,
39 : gss_ctx_id_t *context_handle,
40 : gss_buffer_t interprocess_token
41 : )
42 : {
43 0 : krb5_context context;
44 0 : const gsskrb5_ctx ctx = (const gsskrb5_ctx) *context_handle;
45 0 : krb5_storage *sp;
46 0 : krb5_auth_context ac;
47 0 : OM_uint32 ret = GSS_S_COMPLETE;
48 0 : krb5_data data;
49 0 : int flags;
50 0 : OM_uint32 minor;
51 0 : krb5_error_code kret;
52 :
53 0 : GSSAPI_KRB5_INIT (&context);
54 :
55 0 : HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
56 :
57 0 : if (!(ctx->flags & GSS_C_TRANS_FLAG)) {
58 0 : HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
59 0 : *minor_status = 0;
60 0 : return GSS_S_UNAVAILABLE;
61 : }
62 :
63 0 : sp = krb5_storage_emem ();
64 0 : if (sp == NULL) {
65 0 : HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
66 0 : *minor_status = ENOMEM;
67 0 : return GSS_S_FAILURE;
68 : }
69 0 : ac = ctx->auth_context;
70 :
71 0 : krb5_storage_set_byteorder(sp, KRB5_STORAGE_BYTEORDER_PACKED);
72 0 : krb5_storage_set_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE);
73 :
74 : /* flagging included fields */
75 :
76 0 : flags = 0;
77 0 : if (ac->local_address)
78 0 : flags |= SC_LOCAL_ADDRESS;
79 0 : if (ac->remote_address)
80 0 : flags |= SC_REMOTE_ADDRESS;
81 0 : if (ac->keyblock)
82 0 : flags |= SC_KEYBLOCK;
83 0 : if (ac->local_subkey)
84 0 : flags |= SC_LOCAL_SUBKEY;
85 0 : if (ac->remote_subkey)
86 0 : flags |= SC_REMOTE_SUBKEY;
87 0 : if (ac->authenticator)
88 0 : flags |= SC_AUTHENTICATOR;
89 0 : if (ctx->source)
90 0 : flags |= SC_SOURCE_NAME;
91 0 : if (ctx->target)
92 0 : flags |= SC_TARGET_NAME;
93 0 : if (ctx->order)
94 0 : flags |= SC_ORDER;
95 :
96 0 : kret = krb5_store_int32 (sp, flags);
97 0 : if (kret) {
98 0 : *minor_status = kret;
99 0 : goto failure;
100 : }
101 :
102 : /* marshall auth context */
103 :
104 0 : kret = krb5_store_int32 (sp, ac->flags);
105 0 : if (kret) {
106 0 : *minor_status = kret;
107 0 : goto failure;
108 : }
109 0 : if (ac->local_address) {
110 0 : kret = krb5_store_address (sp, *ac->local_address);
111 0 : if (kret) {
112 0 : *minor_status = kret;
113 0 : goto failure;
114 : }
115 : }
116 0 : if (ac->remote_address) {
117 0 : kret = krb5_store_address (sp, *ac->remote_address);
118 0 : if (kret) {
119 0 : *minor_status = kret;
120 0 : goto failure;
121 : }
122 : }
123 0 : kret = krb5_store_int16 (sp, ac->local_port);
124 0 : if (kret) {
125 0 : *minor_status = kret;
126 0 : goto failure;
127 : }
128 0 : kret = krb5_store_int16 (sp, ac->remote_port);
129 0 : if (kret) {
130 0 : *minor_status = kret;
131 0 : goto failure;
132 : }
133 0 : if (ac->keyblock) {
134 0 : kret = krb5_store_keyblock (sp, *ac->keyblock);
135 0 : if (kret) {
136 0 : *minor_status = kret;
137 0 : goto failure;
138 : }
139 : }
140 0 : if (ac->local_subkey) {
141 0 : kret = krb5_store_keyblock (sp, *ac->local_subkey);
142 0 : if (kret) {
143 0 : *minor_status = kret;
144 0 : goto failure;
145 : }
146 : }
147 0 : if (ac->remote_subkey) {
148 0 : kret = krb5_store_keyblock (sp, *ac->remote_subkey);
149 0 : if (kret) {
150 0 : *minor_status = kret;
151 0 : goto failure;
152 : }
153 : }
154 0 : kret = krb5_store_int32 (sp, ac->local_seqnumber);
155 0 : if (kret) {
156 0 : *minor_status = kret;
157 0 : goto failure;
158 : }
159 0 : kret = krb5_store_int32 (sp, ac->remote_seqnumber);
160 0 : if (kret) {
161 0 : *minor_status = kret;
162 0 : goto failure;
163 : }
164 0 : if (ac->authenticator) {
165 0 : kret = krb5_store_int64(sp, ac->authenticator->ctime);
166 0 : if (kret) {
167 0 : *minor_status = kret;
168 0 : goto failure;
169 : }
170 0 : kret = krb5_store_int32(sp, ac->authenticator->cusec);
171 0 : if (kret) {
172 0 : *minor_status = kret;
173 0 : goto failure;
174 : }
175 : }
176 :
177 0 : kret = krb5_store_int32 (sp, ac->keytype);
178 0 : if (kret) {
179 0 : *minor_status = kret;
180 0 : goto failure;
181 : }
182 0 : kret = krb5_store_int32 (sp, ac->cksumtype);
183 0 : if (kret) {
184 0 : *minor_status = kret;
185 0 : goto failure;
186 : }
187 :
188 : /* names */
189 0 : if (ctx->source) {
190 0 : kret = krb5_store_principal(sp, ctx->source);
191 0 : if (kret) {
192 0 : *minor_status = kret;
193 0 : goto failure;
194 : }
195 : }
196 :
197 0 : if (ctx->target) {
198 0 : kret = krb5_store_principal(sp, ctx->target);
199 0 : if (kret) {
200 0 : *minor_status = kret;
201 0 : goto failure;
202 : }
203 : }
204 :
205 0 : kret = krb5_store_int32 (sp, ctx->flags);
206 0 : if (kret) {
207 0 : *minor_status = kret;
208 0 : goto failure;
209 : }
210 0 : kret = krb5_store_int32 (sp, ctx->more_flags);
211 0 : if (kret) {
212 0 : *minor_status = kret;
213 0 : goto failure;
214 : }
215 0 : kret = krb5_store_int32 (sp, ctx->state);
216 0 : if (kret) {
217 0 : *minor_status = kret;
218 0 : goto failure;
219 : }
220 : /*
221 : * XXX We should put a 64-bit int here, but we don't have a
222 : * krb5_store_int64() yet.
223 : */
224 0 : kret = krb5_store_int32 (sp, ctx->endtime);
225 0 : if (kret) {
226 0 : *minor_status = kret;
227 0 : goto failure;
228 : }
229 0 : if (ctx->order) {
230 0 : kret = _gssapi_msg_order_export(sp, ctx->order);
231 0 : if (kret) {
232 0 : *minor_status = kret;
233 0 : goto failure;
234 : }
235 : }
236 :
237 0 : kret = krb5_storage_to_data (sp, &data);
238 0 : krb5_storage_free (sp);
239 0 : if (kret) {
240 0 : HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
241 0 : *minor_status = kret;
242 0 : return GSS_S_FAILURE;
243 : }
244 0 : interprocess_token->length = data.length;
245 0 : interprocess_token->value = data.data;
246 0 : HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
247 0 : ret = _gsskrb5_delete_sec_context (minor_status, context_handle,
248 : GSS_C_NO_BUFFER);
249 0 : if (ret != GSS_S_COMPLETE)
250 0 : _gss_secure_release_buffer (&minor, interprocess_token);
251 0 : *minor_status = 0;
252 0 : return ret;
253 0 : failure:
254 0 : HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
255 0 : krb5_storage_free (sp);
256 0 : return ret;
257 : }
|
