X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=support%2Fgssapi%2Fg_acquire_cred.c;fp=support%2Fgssapi%2Fg_acquire_cred.c;h=0000000000000000000000000000000000000000;hp=50087db4dc2818f9faee81271fe9f406bac0c799;hb=1d0397894463e507e9f5d92442ac3b09e29310a3;hpb=53c5bd65c74e032947d8fb5b140024be008aaa6b diff --git a/support/gssapi/g_acquire_cred.c b/support/gssapi/g_acquire_cred.c deleted file mode 100644 index 50087db..0000000 --- a/support/gssapi/g_acquire_cred.c +++ /dev/null @@ -1,539 +0,0 @@ -/* #ident "@(#)gss_acquire_cred.c 1.19 95/08/07 SMI" */ - -/* - * Copyright 1996 by Sun Microsystems, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of Sun Microsystems not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. Sun Microsystems makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * glue routine for gss_acquire_cred - */ - -#include "mglueP.h" -#include -#ifdef HAVE_STDLIB_H -#include -#endif -#include -#include -#include - -#define g_OID_equal(o1,o2) \ - (((o1)->length == (o2)->length) && \ - (memcmp((o1)->elements,(o2)->elements,(int) (o1)->length) == 0)) - -static gss_OID_set -create_actual_mechs(creds) - gss_union_cred_t creds; -{ - gss_OID_set actual_mechs; - int i; - - actual_mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); - if (!actual_mechs) - return NULL; - - actual_mechs->elements = (gss_OID) - malloc(sizeof(gss_OID_desc) * creds->count); - if (!actual_mechs->elements) { - free(actual_mechs); - return NULL; - } - - actual_mechs->count = creds->count; - - for (i=0; i < creds->count; i++) { - actual_mechs->elements[i].length = creds->mechs_array[i].length; - actual_mechs->elements[i].elements = (void *) - malloc(creds->mechs_array[i].length); - memcpy(actual_mechs->elements[i].elements, - creds->mechs_array[i].elements, creds->mechs_array[i].length); - } - - return actual_mechs; -} - - -OM_uint32 KRB5_CALLCONV -gss_acquire_cred(minor_status, - desired_name, - time_req, - desired_mechs, - cred_usage, - output_cred_handle, - actual_mechs, - time_rec) - -OM_uint32 * minor_status; -gss_name_t desired_name; -OM_uint32 time_req; -gss_OID_set desired_mechs; -int cred_usage; -gss_cred_id_t * output_cred_handle; -gss_OID_set * actual_mechs; -OM_uint32 * time_rec; - -{ - OM_uint32 status, temp_minor_status, temp_time_rec = ~0; - unsigned int i, j, creds_acquired = 0; - int k; - gss_union_name_t union_name; - gss_name_t internal_name; - gss_union_cred_t creds; - gss_OID_set_desc default_OID_set; - gss_OID_desc default_OID; - gss_OID specific_mech_type = 0; - gss_mechanism mech; - - /* - * This struct is used to keep track of which mech_types are - * actually available and to store the credentials returned - * from them by each mechanism specific gss_acquire_cred() call. - * The results are used to construct the final union_cred - * structure returned by the glue layer gss_acquire_cred() call - * and the actual_mechs gss_OID_set returned. - */ - - struct creds_returned { - unsigned char available; - gss_cred_id_t cred; - } *creds_returned; - - gss_initialize(); - - /* Set this to NULL for now */ - - if (actual_mechs) - *actual_mechs = GSS_C_NULL_OID_SET; - - if (minor_status) - *minor_status = 0; - - /* No need to continue if we don't have a place to store the creds */ - if (output_cred_handle == NULL) - return GSS_S_COMPLETE; - - /* get desired_name cast as a union_name type */ - - union_name = (gss_union_name_t) desired_name; - - if (union_name) - specific_mech_type = union_name->mech_type; - - /* - * if desired_mechs equals GSS_C_NULL_OID_SET, then pick an - * appropriate default. - */ - if(desired_mechs == GSS_C_NULL_OID_SET) { - /* - * If union_name->mech_type is NULL then we get the default - * mechanism; otherwise, we get the mechanism for the - * mechanism-specific name. - */ - mech = __gss_get_mechanism(specific_mech_type); - if (mech == NULL) - return (GSS_S_BAD_MECH); - - desired_mechs = &default_OID_set; - default_OID_set.count = 1 ; - default_OID_set.elements = &default_OID; - default_OID.length = mech->mech_type.length; - default_OID.elements = mech->mech_type.elements; - } - - /* - * Now allocate the creds returned array. There is one element - * for each member of the desired_mechs argument. - */ - - creds_returned = (struct creds_returned *) - malloc(sizeof(struct creds_returned) * desired_mechs->count); - - /* - * For each requested mechanism in desired_mechs, determine if it - * is supported. If so, mark the corresponding element in - * creds_returned->available as 1 and call the mechanism - * specific gss_acquire_cred(), placing the returned cred in - * creds_returned->cred. If not, mark creds_returned->available as - * 0. - */ - status = GSS_S_BAD_MECH; - for (j=0; j < desired_mechs->count; j++) { - creds_returned[j].available = 0; - - mech = __gss_get_mechanism (&desired_mechs->elements[j]); - if (!mech || !mech->gss_acquire_cred) - continue; - /* - * If this is a mechanism-specific name, then only use the - * mechanism of the name. - */ - if (specific_mech_type && !g_OID_equal(specific_mech_type, - &mech->mech_type)) - continue; - /* - * If this is not a mechanism-specific name, then we need to - * do an import the external name in union_name first. - */ - if (union_name == 0) - internal_name = (gss_name_t) 0; - else if (!union_name->mech_type) { - if (__gss_import_internal_name(&temp_minor_status, - &mech->mech_type, - union_name, &internal_name)) { - continue; - } - } else - internal_name = union_name->mech_name; - -#ifdef USE_MECH_CONTEXT - status = mech->gss_acquire_cred(mech->context, minor_status, -#else - status = mech->gss_acquire_cred(minor_status, -#endif - internal_name, time_req, - desired_mechs, cred_usage, - &creds_returned[j].cred, - NULL, &temp_time_rec); - - /* Release the internal name, if allocated above */ - if (union_name && !union_name->mech_type) { - (void) __gss_release_internal_name(&temp_minor_status, - &mech->mech_type, - &internal_name); - } - - if (status != GSS_S_COMPLETE) - continue; - - /* - * Add this into the creds_returned structure, if we got - * a good credential for this mechanism. - */ - if (time_rec) { - *time_rec = *time_rec > temp_time_rec ? temp_time_rec : *time_rec; - temp_time_rec = *time_rec; - } - - creds_returned[j].available = 1; - creds_acquired++; - - /* - * If union_name is set, then we're done. Continue, and - * declare success. Otherwise, if do an inquire credentials - * from the first mechanism that succeeds and use that as the - * union name. - */ - if (union_name) - continue; - -#ifdef USE_MECH_CONTEXT - status = mech->gss_inquire_cred(mech->context, &temp_minor_status, -#else - status = mech->gss_inquire_cred(&temp_minor_status, -#endif - creds_returned[j].cred, - &internal_name, 0, 0, 0); - if (status) { - /* Should never happen */ - creds_returned[j].available = 0; - creds_acquired--; - if (mech->gss_release_cred) -#ifdef USE_MECH_CONTEXT - mech->gss_release_cred(mech->context, minor_status, -#else - mech->gss_release_cred(minor_status, -#endif - &creds_returned[j].cred); - continue; - } - - status = __gss_convert_name_to_union_name(&temp_minor_status, mech, - internal_name, - (gss_name_t *) &union_name); - } - - /* - * Now allocate the creds struct, which will be cast as a gss_cred_id_t - * and returned in the output_cred_handle argument. If there were - * no credentials found, return an error. Also, allocate the - * actual_mechs data. - */ - if (creds_acquired == 0) { - free (creds_returned); - return (status); - } - - creds = (gss_union_cred_t) malloc(sizeof(gss_union_cred_desc)); - - creds->count = creds_acquired; - - creds->mechs_array = (gss_OID) - malloc(sizeof(gss_OID_desc) * creds_acquired); - - creds->cred_array = (gss_cred_id_t *) - malloc(sizeof(gss_cred_id_t) * creds_acquired); - - if(actual_mechs != NULL) { - *actual_mechs = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)); - - (*actual_mechs)->count = creds_acquired; - - (*actual_mechs)->elements = (gss_OID) - malloc(sizeof(gss_OID_desc) * creds_acquired); - } - - /* - * copy the mechanisms found and their allocated credentials into the - * creds structure. At the same time, build up the actual_mechs - * data. - */ - - j = 0; - - for (i=0; icount; i++) { - if(creds_returned[i].available) { - - creds->mechs_array[j].length = - desired_mechs->elements[i].length; - creds->mechs_array[j].elements = (void *) - malloc(desired_mechs->elements[i].length); - memcpy(creds->mechs_array[j].elements, - desired_mechs->elements[i].elements, - desired_mechs->elements[i].length); - creds->cred_array[j] = creds_returned[i].cred; - if (actual_mechs) { - (*actual_mechs)->elements[j].length = - desired_mechs->elements[i].length; - (*actual_mechs)->elements[j].elements = (void *) - malloc(desired_mechs->elements[i].length); - memcpy((*actual_mechs)->elements[j].elements, - desired_mechs->elements[i].elements, - desired_mechs->elements[i].length); - } - j++; - } - } - - /* free the creds_returned struct, since we are done with it. */ - - free(creds_returned); - - /* record the information needed for gss_inquire_cred() */ - - creds->auxinfo.creation_time = time(0); - creds->auxinfo.time_rec = temp_time_rec; - creds->auxinfo.cred_usage = cred_usage; - - /* - * we can't just record the internal name, desired_name, since - * it may be destroyed between now and the time gss_inquire_cred() - * is called. So we must record the printable name in a - * gss_buffer_t, calling gss_display_name() to fill it in. When - * gss_inquire_name() is called, we must then call gss_import_name() - * to get the internal name that is required at that point. - */ - if (desired_name) { - status = gss_display_name(&temp_minor_status, desired_name, - &creds->auxinfo.name, - &creds->auxinfo.name_type); - if (status) { - status = GSS_S_BAD_NAME; - goto error_out; - } - } else { - status = gss_display_name(&temp_minor_status, union_name, - &creds->auxinfo.name, - &creds->auxinfo.name_type); - if (status) { - status = GSS_S_BAD_NAME; - goto error_out; - } - } - - *output_cred_handle = (gss_cred_id_t) creds; - return(GSS_S_COMPLETE); - -error_out: - for (k=0; k < creds->count; k++) { - free(creds->mechs_array[k].elements); - if (actual_mechs) - free((*actual_mechs)->elements[k].elements); - } - - if (actual_mechs) { - free((*actual_mechs)->elements); - free(*actual_mechs); - *actual_mechs = GSS_C_NULL_OID_SET; - } - free(creds->cred_array); - free(creds->mechs_array); - free(creds); - - return(status); -} - -/* V2 KRB5_CALLCONV */ -OM_uint32 KRB5_CALLCONV -gss_add_cred(minor_status, input_cred_handle, - desired_name, desired_mech, cred_usage, - initiator_time_req, acceptor_time_req, - output_cred_handle, actual_mechs, - initiator_time_rec, acceptor_time_rec) - OM_uint32 *minor_status; - gss_cred_id_t input_cred_handle; - gss_name_t desired_name; - gss_OID desired_mech; - gss_cred_usage_t cred_usage; - OM_uint32 initiator_time_req; - OM_uint32 acceptor_time_req; - gss_cred_id_t *output_cred_handle; - gss_OID_set *actual_mechs; - OM_uint32 *initiator_time_rec; - OM_uint32 *acceptor_time_rec; -{ - OM_uint32 status, temp_minor_status; - OM_uint32 time_req, time_rec; - gss_union_name_t union_name; - gss_union_cred_t new_union_cred, union_cred; - gss_name_t internal_name; - gss_mechanism mech; - gss_cred_id_t cred; - gss_OID new_mechs_array; - gss_cred_id_t * new_cred_array; - - if (input_cred_handle == GSS_C_NO_CREDENTIAL) - return GSS_S_NO_CRED; - - union_cred = (gss_union_cred_t) input_cred_handle; - - mech = __gss_get_mechanism(desired_mech); - if (!mech) - return GSS_S_BAD_MECH; - - if (__gss_get_mechanism_cred(union_cred, desired_mech) != - GSS_C_NO_CREDENTIAL) - return GSS_S_DUPLICATE_ELEMENT; - - union_name = (gss_union_name_t) desired_name; - if (union_name->mech_type) { - if (!g_OID_equal(desired_mech, union_name->mech_type)) - return GSS_S_BAD_NAMETYPE; - internal_name = union_name->mech_name; - } else { - if (__gss_import_internal_name(minor_status, desired_mech, - union_name, &internal_name)) - return (GSS_S_BAD_NAME); - } - - if (cred_usage == GSS_C_ACCEPT) - time_req = acceptor_time_req; - else if (cred_usage == GSS_C_INITIATE) - time_req = initiator_time_req; - else if (cred_usage == GSS_C_BOTH) - time_req = (acceptor_time_req > initiator_time_req) ? - acceptor_time_req : initiator_time_req; - -#ifdef USE_MECH_CONTEXT - status = mech->gss_acquire_cred(mech->context, minor_status, -#else - status = mech->gss_acquire_cred(minor_status, -#endif - internal_name, time_req, - GSS_C_NULL_OID_SET, cred_usage, - &cred, NULL, &time_rec); - if (status != GSS_S_COMPLETE) - goto errout; - - new_mechs_array = (gss_OID) - malloc(sizeof(gss_OID_desc) * (union_cred->count+1)); - - new_cred_array = (gss_cred_id_t *) - malloc(sizeof(gss_cred_id_t) * (union_cred->count+1)); - - if (!new_mechs_array || !new_cred_array) { - *minor_status = ENOMEM; - status = GSS_S_FAILURE; - goto errout; - } - - - if (acceptor_time_rec) - if (cred_usage == GSS_C_ACCEPT || cred_usage == GSS_C_BOTH) - *acceptor_time_rec = time_rec; - if (initiator_time_rec) - if (cred_usage == GSS_C_INITIATE || cred_usage == GSS_C_BOTH) - *initiator_time_rec = time_rec; - - /* - * OK, expand the mechanism array in the union credentials - * (Look for the union label...) - */ - memcpy(new_mechs_array, union_cred->mechs_array, - sizeof(gss_OID_desc) * union_cred->count); - memcpy(new_cred_array, union_cred->cred_array, - sizeof(gss_cred_id_t) * union_cred->count); - - new_cred_array[union_cred->count] = cred; - new_mechs_array[union_cred->count].length = desired_mech->length; - new_mechs_array[union_cred->count].elements = malloc(desired_mech->length); - if (!new_mechs_array[union_cred->count].elements) { - *minor_status = ENOMEM; - goto errout; - } - memcpy(new_mechs_array[union_cred->count].elements, desired_mech->elements, - desired_mech->length); - - if (output_cred_handle == NULL) { - free(union_cred->mechs_array); - free(union_cred->cred_array); - new_union_cred = union_cred; - } else { - new_union_cred = malloc(sizeof(gss_union_cred_desc)); - if (new_union_cred == NULL) { - *minor_status = ENOMEM; - goto errout; - } - *new_union_cred = *union_cred; - *output_cred_handle = new_union_cred; - } - new_union_cred->mechs_array = new_mechs_array; - new_union_cred->cred_array = new_cred_array; - new_union_cred->count++; - new_mechs_array = 0; - new_cred_array = 0; - - if (actual_mechs) - *actual_mechs = create_actual_mechs(new_union_cred); - - status = GSS_S_COMPLETE; - -errout: - if (new_mechs_array) - free(new_mechs_array); - if (new_cred_array) - free(new_cred_array); - if (!union_name->mech_type) { - (void) __gss_release_internal_name(&temp_minor_status, - desired_mech, &internal_name); - } - - return(status); -}