Line data Source code
1 : /*
2 : * Copyright (c) 2009 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "mech_locl.h"
35 :
36 : static OM_uint32
37 71866 : store_mech_cred(OM_uint32 *minor_status,
38 : gssapi_mech_interface m,
39 : const struct _gss_mechanism_cred *mc,
40 : gss_cred_usage_t input_usage,
41 : OM_uint32 store_cred_flags,
42 : gss_const_key_value_set_t cred_store,
43 : gss_cred_usage_t *usage_stored,
44 : gss_buffer_set_t *env)
45 : {
46 881 : OM_uint32 major_status;
47 71866 : OM_uint32 overwrite_cred =
48 71866 : !!(store_cred_flags & GSS_C_STORE_CRED_OVERWRITE);
49 71866 : OM_uint32 default_cred = !!(store_cred_flags & GSS_C_STORE_CRED_DEFAULT);
50 :
51 71866 : if (m->gm_store_cred_into2)
52 71866 : major_status = m->gm_store_cred_into2(minor_status, mc->gmc_cred,
53 71866 : input_usage, &m->gm_mech_oid,
54 : store_cred_flags, cred_store,
55 : NULL, usage_stored,
56 : env);
57 0 : else if (m->gm_store_cred_into)
58 0 : major_status = m->gm_store_cred_into(minor_status, mc->gmc_cred,
59 0 : input_usage, &m->gm_mech_oid,
60 : overwrite_cred, default_cred,
61 : cred_store, NULL, usage_stored);
62 0 : else if (cred_store == GSS_C_NO_CRED_STORE && m->gm_store_cred)
63 0 : major_status = m->gm_store_cred(minor_status, mc->gmc_cred,
64 0 : input_usage, &m->gm_mech_oid,
65 : overwrite_cred, default_cred,
66 : NULL, usage_stored);
67 : else
68 0 : major_status = GSS_S_UNAVAILABLE;
69 :
70 71866 : return major_status;
71 : }
72 :
73 : /*
74 : * See RFC5588 for gss_store_cred(). This function is a variant that takes a
75 : * const key/value hashmap-like thing that specifies a credential store in a
76 : * mechanism- and implementation-specific way, though Heimdal and MIT agree on
77 : * at least the following keys for the Kerberos mechanism: ccache, keytab, and
78 : * client_keytab. A set of environment variables may be output as well
79 : */
80 : GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
81 71866 : gss_store_cred_into2(OM_uint32 *minor_status,
82 : gss_const_cred_id_t input_cred_handle,
83 : gss_cred_usage_t input_usage,
84 : const gss_OID desired_mech,
85 : OM_uint32 store_cred_flags,
86 : gss_const_key_value_set_t cred_store,
87 : gss_OID_set *elements_stored,
88 : gss_cred_usage_t *cred_usage_stored,
89 : gss_buffer_set_t *env)
90 : {
91 71866 : struct _gss_cred *cred = (struct _gss_cred *)input_cred_handle;
92 881 : struct _gss_mechanism_cred *mc;
93 881 : OM_uint32 major_status;
94 881 : OM_uint32 minor;
95 881 : size_t successes;
96 :
97 71866 : if (env != NULL)
98 0 : *env = NULL;
99 :
100 71866 : if (input_cred_handle == NULL)
101 0 : return GSS_S_CALL_INACCESSIBLE_READ;
102 :
103 71866 : if (minor_status == NULL)
104 0 : return GSS_S_CALL_INACCESSIBLE_WRITE;
105 71866 : *minor_status = 0;
106 :
107 71866 : if (cred_usage_stored)
108 0 : *cred_usage_stored = 0;
109 :
110 71866 : if (elements_stored) {
111 0 : *elements_stored = GSS_C_NO_OID_SET;
112 :
113 0 : major_status = gss_create_empty_oid_set(minor_status,
114 : elements_stored);
115 0 : if (major_status != GSS_S_COMPLETE)
116 0 : return major_status;
117 : }
118 :
119 71866 : major_status = GSS_S_NO_CRED;
120 71866 : successes = 0;
121 :
122 143732 : HEIM_TAILQ_FOREACH(mc, &cred->gc_mc, gmc_link) {
123 71866 : gssapi_mech_interface m = mc->gmc_mech;
124 :
125 71866 : if (m == NULL || (m->gm_flags & GM_USE_MG_CRED) != 0)
126 0 : continue;
127 :
128 143732 : if (desired_mech != GSS_C_NO_OID &&
129 71866 : !gss_oid_equal(&m->gm_mech_oid, desired_mech))
130 0 : continue;
131 :
132 71866 : major_status = store_mech_cred(minor_status, m, mc, input_usage,
133 : store_cred_flags, cred_store,
134 : cred_usage_stored, env);
135 71866 : if (major_status == GSS_S_COMPLETE) {
136 71866 : if (elements_stored && desired_mech != GSS_C_NO_OID)
137 0 : gss_add_oid_set_member(&minor, desired_mech, elements_stored);
138 71866 : successes++;
139 0 : } else if (desired_mech != GSS_C_NO_OID) {
140 0 : _gss_mg_error(m, *minor_status);
141 0 : gss_release_oid_set(&minor, elements_stored);
142 0 : return major_status;
143 : }
144 : }
145 :
146 71866 : if (successes > 0) {
147 71866 : *minor_status = 0;
148 71866 : major_status = GSS_S_COMPLETE;
149 : }
150 :
151 71866 : heim_assert(successes || major_status != GSS_S_COMPLETE,
152 : "cred storage failed, but no error raised");
153 :
154 70985 : return major_status;
155 : }
156 :
157 : /*
158 : * See RFC5588 for gss_store_cred(). This function is a variant that takes a
159 : * const key/value hashmap-like thing that specifies a credential store in a
160 : * mechanism- and implementation-specific way, though Heimdal and MIT agree on
161 : * at least the following keys for the Kerberos mechanism: ccache, keytab, and
162 : * client_keytab.
163 : */
164 : GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
165 0 : gss_store_cred_into(OM_uint32 *minor_status,
166 : gss_const_cred_id_t input_cred_handle,
167 : gss_cred_usage_t input_usage,
168 : const gss_OID desired_mech,
169 : OM_uint32 overwrite_cred,
170 : OM_uint32 default_cred,
171 : gss_const_key_value_set_t cred_store,
172 : gss_OID_set *elements_stored,
173 : gss_cred_usage_t *cred_usage_stored)
174 : {
175 0 : OM_uint32 store_cred_flags =
176 0 : (overwrite_cred ? GSS_C_STORE_CRED_OVERWRITE : 0) |
177 0 : (default_cred ? GSS_C_STORE_CRED_DEFAULT : 0);
178 0 : return gss_store_cred_into2(minor_status, input_cred_handle, input_usage,
179 : desired_mech, store_cred_flags, cred_store,
180 : elements_stored, cred_usage_stored, NULL);
181 : }
|
