Line data Source code
1 : /*-
2 : * Copyright (c) 2005 Doug Rabson
3 : * Copyright (c) 2018 Kungliga Tekniska Högskolan
4 : * (Royal Institute of Technology, Stockholm, Sweden).
5 : * All rights reserved.
6 : *
7 : * Redistribution and use in source and binary forms, with or without
8 : * modification, are permitted provided that the following conditions
9 : * are met:
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : * 2. Redistributions in binary form must reproduce the above copyright
13 : * notice, this list of conditions and the following disclaimer in the
14 : * documentation and/or other materials provided with the distribution.
15 : *
16 : * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 : * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 : * SUCH DAMAGE.
27 : *
28 : * $FreeBSD: src/lib/libgssapi/gss_add_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $
29 : */
30 :
31 : #include "mech_locl.h"
32 :
33 : static OM_uint32
34 0 : copy_cred_element(OM_uint32 *minor_status,
35 : struct _gss_mechanism_cred *mc,
36 : struct _gss_mechanism_cred **out)
37 : {
38 0 : gssapi_mech_interface m = mc->gmc_mech;
39 0 : OM_uint32 major_status, tmp;
40 0 : struct _gss_mechanism_cred *new_mc;
41 0 : OM_uint32 initiator_lifetime, acceptor_lifetime;
42 0 : gss_cred_usage_t cred_usage;
43 0 : gss_cred_id_t dup_cred = GSS_C_NO_CREDENTIAL;
44 :
45 0 : *out = NULL;
46 :
47 0 : if (m->gm_duplicate_cred) {
48 0 : major_status = m->gm_duplicate_cred(minor_status,
49 0 : mc->gmc_cred, &dup_cred);
50 0 : } else if (m->gm_import_cred && m->gm_export_cred) {
51 0 : gss_buffer_desc export;
52 :
53 0 : major_status = m->gm_export_cred(minor_status, mc->gmc_cred, &export);
54 0 : if (major_status == GSS_S_COMPLETE) {
55 0 : major_status = m->gm_import_cred(minor_status, &export, &dup_cred);
56 0 : _gss_secure_release_buffer(&tmp, &export);
57 : }
58 : } else {
59 0 : struct _gss_mechanism_name mn;
60 :
61 0 : mn.gmn_mech = m;
62 0 : mn.gmn_mech_oid = mc->gmc_mech_oid;
63 0 : mn.gmn_name = GSS_C_NO_NAME;
64 :
65 : /* This path won't work for ephemeral creds or cred stores */
66 0 : major_status = m->gm_inquire_cred_by_mech(minor_status, mc->gmc_cred,
67 : mc->gmc_mech_oid, &mn.gmn_name,
68 : &initiator_lifetime,
69 : &acceptor_lifetime, &cred_usage);
70 0 : if (major_status == GSS_S_COMPLETE) {
71 0 : major_status = _gss_mg_add_mech_cred(minor_status,
72 : m,
73 : NULL, /* mc */
74 : &mn,
75 : cred_usage,
76 : initiator_lifetime,
77 : acceptor_lifetime,
78 : GSS_C_NO_CRED_STORE,
79 : &new_mc,
80 : NULL,
81 : NULL);
82 0 : m->gm_release_name(&tmp, &mn.gmn_name);
83 : }
84 : }
85 :
86 0 : if (major_status == GSS_S_COMPLETE) {
87 0 : new_mc = calloc(1, sizeof(*new_mc));
88 0 : if (new_mc == NULL) {
89 0 : *minor_status = ENOMEM;
90 0 : m->gm_release_cred(&tmp, &dup_cred);
91 0 : return GSS_S_FAILURE;
92 : }
93 :
94 0 : new_mc->gmc_mech = m;
95 0 : new_mc->gmc_mech_oid = mc->gmc_mech_oid;
96 0 : new_mc->gmc_cred = dup_cred;
97 :
98 0 : *out = new_mc;
99 : } else
100 0 : _gss_mg_error(m, *minor_status);
101 :
102 0 : return major_status;
103 : }
104 :
105 : GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
106 0 : gss_duplicate_cred(OM_uint32 *minor_status,
107 : gss_const_cred_id_t input_cred_handle,
108 : gss_cred_id_t *output_cred_handle)
109 : {
110 0 : struct _gss_mechanism_cred *mc;
111 0 : struct _gss_cred *new_cred;
112 0 : struct _gss_cred *cred = (struct _gss_cred *)input_cred_handle;
113 0 : OM_uint32 major_status, junk;
114 :
115 0 : if (input_cred_handle == GSS_C_NO_CREDENTIAL) {
116 : /*
117 : * "Copy" the default credential by acquiring a cred handle for the
118 : * default credential's name, GSS_C_NO_NAME.
119 : */
120 0 : return gss_acquire_cred(minor_status, GSS_C_NO_NAME, GSS_C_INDEFINITE,
121 : GSS_C_NO_OID_SET, GSS_C_BOTH,
122 : output_cred_handle, NULL, NULL);
123 : }
124 :
125 0 : *output_cred_handle = GSS_C_NO_CREDENTIAL;
126 0 : new_cred = _gss_mg_alloc_cred();
127 0 : if (!new_cred) {
128 0 : *minor_status = ENOMEM;
129 0 : return GSS_S_FAILURE;
130 : }
131 :
132 0 : *minor_status = 0;
133 0 : major_status = GSS_S_NO_CRED;
134 :
135 0 : HEIM_TAILQ_FOREACH(mc, &cred->gc_mc, gmc_link) {
136 0 : struct _gss_mechanism_cred *copy_mc;
137 :
138 0 : major_status = copy_cred_element(minor_status, mc, ©_mc);
139 0 : if (major_status != GSS_S_COMPLETE)
140 0 : break;
141 :
142 0 : HEIM_TAILQ_INSERT_TAIL(&new_cred->gc_mc, copy_mc, gmc_link);
143 : }
144 :
145 0 : if (major_status != GSS_S_COMPLETE) {
146 0 : gss_cred_id_t release_cred = (gss_cred_id_t)new_cred;
147 0 : gss_release_cred(&junk, &release_cred);
148 0 : new_cred = NULL;
149 : }
150 :
151 0 : *output_cred_handle = (gss_cred_id_t)new_cred;
152 0 : return major_status;
153 : }
|
