crypto/krb5/src/lib/gssapi/mechglue/g_inq_cred.c

root/crypto/krb5/src/lib/gssapi/mechglue/g_inq_cred.c
/* #pragma ident        "@(#)g_inquire_cred.c   1.16    04/02/23 SMI" */

/*
 * Copyright 1996 by Sun Microsystems, Inc.
 *
 * Permission to use, copy, modify, distribute, and sell this software
 * and its documentation for any purpose is hereby granted without fee,
 * provided that the above copyright notice appears in all copies and
 * that both that copyright notice and this permission notice appear in
 * supporting documentation, and that the name of Sun Microsystems not be used
 * in advertising or publicity pertaining to distribution of the software
 * without specific, written prior permission. Sun Microsystems makes no
 * representations about the suitability of this software for any
 * purpose.  It is provided "as is" without express or implied warranty.
 *
 * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
 * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
 * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR
 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
 * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
 * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

/*
 *  glue routine for gss_inquire_cred
 */

#include "mglueP.h"
#include <stdio.h>
#ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
#include <string.h>
#include <time.h>

OM_uint32 KRB5_CALLCONV
gss_inquire_cred(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
                 gss_name_t *name, OM_uint32 *lifetime, int *cred_usage,
                 gss_OID_set *mechanisms)
{
    OM_uint32           status, temp_minor_status;
    gss_union_cred_t    union_cred;
    gss_mechanism       mech;
    gss_cred_id_t       mech_cred;
    gss_name_t          mech_name;
    gss_OID_set         mechs = NULL;

    /* Initialize outputs. */

    if (minor_status != NULL)
        *minor_status = 0;

    if (name != NULL)
        *name = GSS_C_NO_NAME;

    if (mechanisms != NULL)
        *mechanisms = GSS_C_NO_OID_SET;

    /* Validate arguments. */
    if (minor_status == NULL)
        return (GSS_S_CALL_INACCESSIBLE_WRITE);

    /*
     * XXX We should iterate over all mechanisms in the credential and
     * aggregate the results.  This requires a union name structure containing
     * multiple mechanism names, which we don't currently have.  For now,
     * inquire the first mechanism in the credential; this is consistent with
     * our historical behavior.
     */

    /* Determine mechanism and mechanism credential. */
    if (cred_handle != GSS_C_NO_CREDENTIAL) {
        union_cred = (gss_union_cred_t) cred_handle;
        if (union_cred->count <= 0)
            return (GSS_S_DEFECTIVE_CREDENTIAL);
        mech_cred = union_cred->cred_array[0];
        mech = gssint_get_mechanism(&union_cred->mechs_array[0]);
    } else {
        union_cred = NULL;
        mech_cred = GSS_C_NO_CREDENTIAL;
        mech = gssint_get_mechanism(GSS_C_NULL_OID);
    }

    /* Skip the call into the mech if the caller doesn't care about any of the
     * values we would ask for. */
    if (name != NULL || lifetime != NULL || cred_usage != NULL) {
        if (mech == NULL)
            return (GSS_S_DEFECTIVE_CREDENTIAL);
        if (!mech->gss_inquire_cred)
            return (GSS_S_UNAVAILABLE);

        status = mech->gss_inquire_cred(minor_status, mech_cred,
                                        name ? &mech_name : NULL,
                                        lifetime, cred_usage, NULL);
        if (status != GSS_S_COMPLETE) {
            map_error(minor_status, mech);
            return(status);
        }

        if (name) {
            /* Convert mech_name into a union_name equivalent. */
            status = gssint_convert_name_to_union_name(&temp_minor_status,
                                                       mech, mech_name, name);
            if (status != GSS_S_COMPLETE) {
                *minor_status = temp_minor_status;
                map_error(minor_status, mech);
                return (status);
            }
        }
    }

    /*
     * copy the mechanism set in union_cred into an OID set and return in
     * the mechanisms parameter.
     */

    if(mechanisms != NULL) {
        if (union_cred) {
            status = gssint_make_public_oid_set(minor_status,
                                                union_cred->mechs_array,
                                                union_cred->count, &mechs);
            if (GSS_ERROR(status))
                goto error;
        } else {
            status = gss_create_empty_oid_set(minor_status, &mechs);
            if (GSS_ERROR(status))
                goto error;

            status = gss_add_oid_set_member(minor_status,
                                            &mech->mech_type, &mechs);
            if (GSS_ERROR(status))
                goto error;
        }
        *mechanisms = mechs;
    }

    return(GSS_S_COMPLETE);

error:
    if (mechs != NULL)
        (void) gss_release_oid_set(&temp_minor_status, &mechs);

    if (name && *name != NULL)
        (void) gss_release_name(&temp_minor_status, name);

    return (status);
}

OM_uint32 KRB5_CALLCONV
gss_inquire_cred_by_mech(OM_uint32 *minor_status, gss_cred_id_t cred_handle,
                         gss_OID mech_type, gss_name_t *name,
                         OM_uint32 *initiator_lifetime,
                         OM_uint32 *acceptor_lifetime,
                         gss_cred_usage_t *cred_usage)
{
    gss_union_cred_t    union_cred;
    gss_cred_id_t       mech_cred;
    gss_mechanism       mech;
    OM_uint32           status, temp_minor_status;
    gss_name_t          internal_name;
    gss_OID             selected_mech, public_mech;

    if (minor_status != NULL)
        *minor_status = 0;

    if (name != NULL)
        *name = GSS_C_NO_NAME;

    if (minor_status == NULL)
        return (GSS_S_CALL_INACCESSIBLE_WRITE);

    status = gssint_select_mech_type(minor_status, mech_type, &selected_mech);
    if (status != GSS_S_COMPLETE)
        return (status);

    mech = gssint_get_mechanism(selected_mech);
    if (!mech)
        return (GSS_S_BAD_MECH);
    if (!mech->gss_inquire_cred_by_mech)
        return (GSS_S_BAD_BINDINGS);

    union_cred = (gss_union_cred_t) cred_handle;
    mech_cred = gssint_get_mechanism_cred(union_cred, selected_mech);
    if (cred_handle != GSS_C_NO_CREDENTIAL && mech_cred == GSS_C_NO_CREDENTIAL)
        return (GSS_S_NO_CRED);

    public_mech = gssint_get_public_oid(selected_mech);
    status = mech->gss_inquire_cred_by_mech(minor_status,
                                            mech_cred, public_mech,
                                            name ? &internal_name : NULL,
                                            initiator_lifetime,
                                            acceptor_lifetime, cred_usage);

    if (status != GSS_S_COMPLETE) {
        map_error(minor_status, mech);
        return (status);
    }

    if (name) {
        /*
         * Convert internal_name into a union_name equivalent.
         */
        status = gssint_convert_name_to_union_name(
            &temp_minor_status, mech,
            internal_name, name);
        if (status != GSS_S_COMPLETE) {
            *minor_status = temp_minor_status;
            map_error(minor_status, mech);
            return (status);
        }
    }

    return (GSS_S_COMPLETE);
}
FreeBSD
