root/source4/heimdal/lib/gssapi/krb5/set_cred_option.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. import_cred
  2. allowed_enctypes
  3. no_ci_flags

   1 /*
   2  * Copyright (c) 2004, PADL Software Pty Ltd.
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of PADL Software nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
  21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32 
  33 #include "krb5/gsskrb5_locl.h"
  34 
  35 RCSID("$Id$");
  36 
  37 /* 1.2.752.43.13.17 */
  38 static gss_OID_desc gss_krb5_cred_no_ci_flags_x_oid_desc =
  39 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11")};
  40 
  41 gss_OID GSS_KRB5_CRED_NO_CI_FLAGS_X = &gss_krb5_cred_no_ci_flags_x_oid_desc;
  42 
  43 /* 1.2.752.43.13.18 */
  44 static gss_OID_desc gss_krb5_import_cred_x_oid_desc =
  45 {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12")};
  46 
  47 gss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc;
  48 
  49 
  50 
  51 static OM_uint32
  52 import_cred(OM_uint32 *minor_status,
     /* [<][>][^][v][top][bottom][index][help] */
  53             krb5_context context,
  54             gss_cred_id_t *cred_handle,
  55             const gss_buffer_t value)
  56 {
  57     OM_uint32 major_stat;
  58     krb5_error_code ret;
  59     krb5_principal keytab_principal = NULL;
  60     krb5_keytab keytab = NULL;
  61     krb5_storage *sp = NULL;
  62     krb5_ccache id = NULL;
  63     char *str;
  64 
  65     if (cred_handle == NULL || *cred_handle != GSS_C_NO_CREDENTIAL) {
  66         *minor_status = 0;
  67         return GSS_S_FAILURE;
  68     }
  69 
  70     sp = krb5_storage_from_mem(value->value, value->length);
  71     if (sp == NULL) {
  72         *minor_status = 0;
  73         return GSS_S_FAILURE;
  74     }
  75 
  76     /* credential cache name */
  77     ret = krb5_ret_string(sp, &str);
  78     if (ret) {
  79         *minor_status = ret;
  80         major_stat =  GSS_S_FAILURE;
  81         goto out;
  82     }
  83     if (str[0]) {
  84         ret = krb5_cc_resolve(context, str, &id);
  85         if (ret) {
  86             *minor_status = ret;
  87             major_stat =  GSS_S_FAILURE;
  88             goto out;
  89         }
  90     }
  91     free(str);
  92     str = NULL;
  93 
  94     /* keytab principal name */
  95     ret = krb5_ret_string(sp, &str);
  96     if (ret == 0 && str[0])
  97         ret = krb5_parse_name(context, str, &keytab_principal);
  98     if (ret) {
  99         *minor_status = ret;
 100         major_stat = GSS_S_FAILURE;
 101         goto out;
 102     }
 103     free(str);
 104     str = NULL;
 105 
 106     /* keytab principal */
 107     ret = krb5_ret_string(sp, &str);
 108     if (ret) {
 109         *minor_status = ret;
 110         major_stat =  GSS_S_FAILURE;
 111         goto out;
 112     }
 113     if (str[0]) {
 114         ret = krb5_kt_resolve(context, str, &keytab);
 115         if (ret) {
 116             *minor_status = ret;
 117             major_stat =  GSS_S_FAILURE;
 118             goto out;
 119         }
 120     }
 121     free(str);
 122     str = NULL;
 123 
 124     major_stat = _gsskrb5_import_cred(minor_status, id, keytab_principal,
 125                                       keytab, cred_handle);
 126 out:
 127     if (id)
 128         krb5_cc_close(context, id);
 129     if (keytab_principal)
 130         krb5_free_principal(context, keytab_principal);
 131     if (keytab)
 132         krb5_kt_close(context, keytab);
 133     if (str)
 134         free(str);
 135     if (sp)
 136         krb5_storage_free(sp);
 137 
 138     return major_stat;
 139 }
 140 
 141 
 142 static OM_uint32
 143 allowed_enctypes(OM_uint32 *minor_status,
     /* [<][>][^][v][top][bottom][index][help] */
 144                  krb5_context context,
 145                  gss_cred_id_t *cred_handle,
 146                  const gss_buffer_t value)
 147 {
 148     OM_uint32 major_stat;
 149     krb5_error_code ret;
 150     size_t len, i;
 151     krb5_enctype *enctypes = NULL;
 152     krb5_storage *sp = NULL;
 153     gsskrb5_cred cred;
 154 
 155     if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
 156         *minor_status = 0;
 157         return GSS_S_FAILURE;
 158     }
 159 
 160     cred = (gsskrb5_cred)*cred_handle;
 161 
 162     if ((value->length % 4) != 0) {
 163         *minor_status = 0;
 164         major_stat = GSS_S_FAILURE;
 165         goto out;
 166     }
 167 
 168     len = value->length / 4;
 169     enctypes = malloc((len + 1) * 4);
 170     if (enctypes == NULL) {
 171         *minor_status = ENOMEM;
 172         major_stat = GSS_S_FAILURE;
 173         goto out;
 174     }
 175 
 176     sp = krb5_storage_from_mem(value->value, value->length);
 177     if (sp == NULL) {
 178         *minor_status = ENOMEM;
 179         major_stat = GSS_S_FAILURE;
 180         goto out;
 181     }
 182 
 183     for (i = 0; i < len; i++) {
 184         uint32_t e;
 185 
 186         ret = krb5_ret_uint32(sp, &e);
 187         if (ret) {
 188             *minor_status = ret;
 189             major_stat =  GSS_S_FAILURE;
 190             goto out;
 191         }
 192         enctypes[i] = e;
 193     }
 194     enctypes[i] = 0;
 195 
 196     if (cred->enctypes)
 197         free(cred->enctypes);
 198     cred->enctypes = enctypes;
 199 
 200     krb5_storage_free(sp);
 201 
 202     return GSS_S_COMPLETE;
 203 
 204 out:
 205     if (sp)
 206         krb5_storage_free(sp);
 207     if (enctypes)
 208         free(enctypes);
 209 
 210     return major_stat;
 211 }
 212 
 213 static OM_uint32
 214 no_ci_flags(OM_uint32 *minor_status,
     /* [<][>][^][v][top][bottom][index][help] */
 215             krb5_context context,
 216             gss_cred_id_t *cred_handle,
 217             const gss_buffer_t value)
 218 {
 219     gsskrb5_cred cred;
 220 
 221     if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
 222         *minor_status = 0;
 223         return GSS_S_FAILURE;
 224     }
 225 
 226     cred = (gsskrb5_cred)*cred_handle;
 227     cred->cred_flags |= GSS_CF_NO_CI_FLAGS;
 228         
 229     *minor_status = 0;
 230     return GSS_S_COMPLETE;
 231 
 232 }
 233 
 234 
 235 OM_uint32
 236 _gsskrb5_set_cred_option
 237            (OM_uint32 *minor_status,
 238             gss_cred_id_t *cred_handle,
 239             const gss_OID desired_object,
 240             const gss_buffer_t value)
 241 {
 242     krb5_context context;
 243 
 244     GSSAPI_KRB5_INIT (&context);
 245 
 246     if (value == GSS_C_NO_BUFFER) {
 247         *minor_status = EINVAL;
 248         return GSS_S_FAILURE;
 249     }
 250 
 251     if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X))
 252         return import_cred(minor_status, context, cred_handle, value);
 253 
 254     if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X))
 255         return allowed_enctypes(minor_status, context, cred_handle, value);
 256 
 257     if (gss_oid_equal(desired_object, GSS_KRB5_CRED_NO_CI_FLAGS_X)) {
 258         return no_ci_flags(minor_status, context, cred_handle, value);
 259     }
 260         
 261 
 262     *minor_status = EINVAL;
 263     return GSS_S_FAILURE;
 264 }

/* [<][>][^][v][top][bottom][index][help] */