Line data Source code
1 : /*
2 : * Copyright (c) 2004, PADL Software Pty Ltd.
3 : * All rights reserved.
4 : *
5 : * Redistribution and use in source and binary forms, with or without
6 : * modification, are permitted provided that the following conditions
7 : * are met:
8 : *
9 : * 1. Redistributions of source code must retain the above copyright
10 : * notice, this list of conditions and the following disclaimer.
11 : *
12 : * 2. Redistributions in binary form must reproduce the above copyright
13 : * notice, this list of conditions and the following disclaimer in the
14 : * documentation and/or other materials provided with the distribution.
15 : *
16 : * 3. Neither the name of PADL Software nor the names of its contributors
17 : * may be used to endorse or promote products derived from this software
18 : * without specific prior written permission.
19 : *
20 : * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
21 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 : * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
24 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 : * SUCH DAMAGE.
31 : */
32 :
33 : #include "gsskrb5_locl.h"
34 :
35 : static OM_uint32
36 84930 : import_cred(OM_uint32 *minor_status,
37 : krb5_context context,
38 : gss_cred_id_t *cred_handle,
39 : const gss_buffer_t value)
40 : {
41 2742 : OM_uint32 major_stat;
42 2742 : krb5_error_code ret;
43 84930 : krb5_principal keytab_principal = NULL;
44 84930 : krb5_keytab keytab = NULL;
45 84930 : krb5_storage *sp = NULL;
46 84930 : krb5_ccache id = NULL;
47 2742 : char *str;
48 :
49 84930 : if (cred_handle == NULL || *cred_handle != GSS_C_NO_CREDENTIAL) {
50 0 : *minor_status = 0;
51 0 : return GSS_S_FAILURE;
52 : }
53 :
54 84930 : sp = krb5_storage_from_mem(value->value, value->length);
55 84930 : if (sp == NULL) {
56 0 : *minor_status = 0;
57 0 : return GSS_S_FAILURE;
58 : }
59 :
60 : /* credential cache name */
61 84930 : ret = krb5_ret_string(sp, &str);
62 84930 : if (ret) {
63 0 : *minor_status = ret;
64 0 : major_stat = GSS_S_FAILURE;
65 0 : goto out;
66 : }
67 84930 : if (str[0]) {
68 21562 : ret = krb5_cc_resolve(context, str, &id);
69 21562 : if (ret) {
70 0 : *minor_status = ret;
71 0 : major_stat = GSS_S_FAILURE;
72 0 : goto out;
73 : }
74 : }
75 84930 : free(str);
76 84930 : str = NULL;
77 :
78 : /* keytab principal name */
79 84930 : ret = krb5_ret_string(sp, &str);
80 84930 : if (ret == 0 && str[0])
81 61569 : ret = krb5_parse_name(context, str, &keytab_principal);
82 84930 : if (ret) {
83 0 : *minor_status = ret;
84 0 : major_stat = GSS_S_FAILURE;
85 0 : goto out;
86 : }
87 84930 : free(str);
88 84930 : str = NULL;
89 :
90 : /* keytab principal */
91 84930 : ret = krb5_ret_string(sp, &str);
92 84930 : if (ret) {
93 0 : *minor_status = ret;
94 0 : major_stat = GSS_S_FAILURE;
95 0 : goto out;
96 : }
97 84930 : if (str[0]) {
98 63368 : ret = krb5_kt_resolve(context, str, &keytab);
99 63368 : if (ret) {
100 0 : *minor_status = ret;
101 0 : major_stat = GSS_S_FAILURE;
102 0 : goto out;
103 : }
104 : }
105 84930 : free(str);
106 84930 : str = NULL;
107 :
108 84930 : major_stat = _gsskrb5_krb5_import_cred(minor_status, &id, keytab_principal,
109 : keytab, cred_handle);
110 84930 : out:
111 84930 : if (id)
112 7165 : krb5_cc_close(context, id);
113 84930 : if (keytab_principal)
114 61569 : krb5_free_principal(context, keytab_principal);
115 84930 : if (keytab)
116 63368 : krb5_kt_close(context, keytab);
117 84930 : if (str)
118 0 : free(str);
119 84930 : if (sp)
120 84930 : krb5_storage_free(sp);
121 :
122 84930 : return major_stat;
123 : }
124 :
125 :
126 : static OM_uint32
127 12681 : allowed_enctypes(OM_uint32 *minor_status,
128 : krb5_context context,
129 : gss_cred_id_t *cred_handle,
130 : const gss_buffer_t value)
131 : {
132 585 : OM_uint32 major_stat;
133 585 : krb5_error_code ret;
134 585 : size_t len, i;
135 12681 : krb5_enctype *enctypes = NULL;
136 12681 : krb5_storage *sp = NULL;
137 585 : gsskrb5_cred cred;
138 :
139 12681 : if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
140 0 : *minor_status = 0;
141 0 : return GSS_S_FAILURE;
142 : }
143 :
144 12681 : cred = (gsskrb5_cred)*cred_handle;
145 :
146 12681 : if ((value->length % 4) != 0) {
147 0 : *minor_status = 0;
148 0 : major_stat = GSS_S_FAILURE;
149 0 : goto out;
150 : }
151 :
152 : /* serialized as int32_t[], but stored as krb5_enctype[] */
153 12681 : len = value->length / 4;
154 12681 : enctypes = malloc((len + 1) * sizeof(krb5_enctype));
155 12681 : if (enctypes == NULL) {
156 0 : *minor_status = ENOMEM;
157 0 : major_stat = GSS_S_FAILURE;
158 0 : goto out;
159 : }
160 :
161 12681 : sp = krb5_storage_from_mem(value->value, value->length);
162 12681 : if (sp == NULL) {
163 0 : *minor_status = ENOMEM;
164 0 : major_stat = GSS_S_FAILURE;
165 0 : goto out;
166 : }
167 :
168 87412 : for (i = 0; i < len; i++) {
169 3510 : int32_t e;
170 :
171 74731 : ret = krb5_ret_int32(sp, &e);
172 74731 : if (ret) {
173 0 : *minor_status = ret;
174 0 : major_stat = GSS_S_FAILURE;
175 0 : goto out;
176 : }
177 74731 : enctypes[i] = e;
178 : }
179 12681 : enctypes[i] = KRB5_ENCTYPE_NULL;
180 :
181 12681 : if (cred->enctypes)
182 0 : free(cred->enctypes);
183 12681 : cred->enctypes = enctypes;
184 :
185 12681 : krb5_storage_free(sp);
186 :
187 12681 : return GSS_S_COMPLETE;
188 :
189 0 : out:
190 0 : if (sp)
191 0 : krb5_storage_free(sp);
192 0 : if (enctypes)
193 0 : free(enctypes);
194 :
195 0 : return major_stat;
196 : }
197 :
198 : static OM_uint32
199 14397 : no_ci_flags(OM_uint32 *minor_status,
200 : krb5_context context,
201 : gss_cred_id_t *cred_handle,
202 : const gss_buffer_t value)
203 : {
204 585 : gsskrb5_cred cred;
205 :
206 14397 : if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
207 0 : *minor_status = 0;
208 0 : return GSS_S_FAILURE;
209 : }
210 :
211 14397 : cred = (gsskrb5_cred)*cred_handle;
212 14397 : cred->cred_flags |= GSS_CF_NO_CI_FLAGS;
213 :
214 14397 : *minor_status = 0;
215 14397 : return GSS_S_COMPLETE;
216 :
217 : }
218 :
219 :
220 : OM_uint32 GSSAPI_CALLCONV
221 112008 : _gsskrb5_set_cred_option
222 : (OM_uint32 *minor_status,
223 : gss_cred_id_t *cred_handle,
224 : const gss_OID desired_object,
225 : const gss_buffer_t value)
226 : {
227 3912 : krb5_context context;
228 :
229 112008 : GSSAPI_KRB5_INIT (&context);
230 :
231 112008 : if (value == GSS_C_NO_BUFFER) {
232 0 : *minor_status = EINVAL;
233 0 : return GSS_S_FAILURE;
234 : }
235 :
236 112008 : if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X))
237 84930 : return import_cred(minor_status, context, cred_handle, value);
238 :
239 27078 : if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X))
240 12681 : return allowed_enctypes(minor_status, context, cred_handle, value);
241 :
242 14397 : if (gss_oid_equal(desired_object, GSS_KRB5_CRED_NO_CI_FLAGS_X)) {
243 14982 : return no_ci_flags(minor_status, context, cred_handle, value);
244 : }
245 :
246 :
247 0 : *minor_status = EINVAL;
248 0 : return GSS_S_FAILURE;
249 : }
|
