root/source4/heimdal/lib/gssapi/mech/gss_acquire_cred.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. gss_acquire_cred

   1 /*-
   2  * Copyright (c) 2005 Doug Rabson
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  * 2. Redistributions in binary form must reproduce the above copyright
  11  *    notice, this list of conditions and the following disclaimer in the
  12  *    documentation and/or other materials provided with the distribution.
  13  *
  14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  24  * SUCH DAMAGE.
  25  *
  26  *      $FreeBSD: src/lib/libgssapi/gss_acquire_cred.c,v 1.1 2005/12/29 14:40:20 dfr Exp $
  27  */
  28 
  29 #include "mech_locl.h"
  30 RCSID("$Id$");
  31 
  32 OM_uint32 GSSAPI_LIB_FUNCTION
  33 gss_acquire_cred(OM_uint32 *minor_status,
     /* [<][>][^][v][top][bottom][index][help] */
  34     const gss_name_t desired_name,
  35     OM_uint32 time_req,
  36     const gss_OID_set desired_mechs,
  37     gss_cred_usage_t cred_usage,
  38     gss_cred_id_t *output_cred_handle,
  39     gss_OID_set *actual_mechs,
  40     OM_uint32 *time_rec)
  41 {
  42         OM_uint32 major_status;
  43         gss_OID_set mechs = desired_mechs;
  44         gss_OID_set_desc set;
  45         struct _gss_name *name = (struct _gss_name *) desired_name;
  46         gssapi_mech_interface m;
  47         struct _gss_cred *cred;
  48         struct _gss_mechanism_cred *mc;
  49         OM_uint32 min_time, cred_time;
  50         int i;
  51 
  52         *minor_status = 0;
  53         if (output_cred_handle)
  54             *output_cred_handle = GSS_C_NO_CREDENTIAL;
  55         if (actual_mechs)
  56             *actual_mechs = GSS_C_NO_OID_SET;
  57         if (time_rec)
  58             *time_rec = 0;
  59 
  60         _gss_load_mech();
  61 
  62         /*
  63          * First make sure that at least one of the requested
  64          * mechanisms is one that we support.
  65          */
  66         if (mechs) {
  67                 for (i = 0; i < mechs->count; i++) {
  68                         int t;
  69                         gss_test_oid_set_member(minor_status,
  70                             &mechs->elements[i], _gss_mech_oids, &t);
  71                         if (t)
  72                                 break;
  73                 }
  74                 if (i == mechs->count) {
  75                         *minor_status = 0;
  76                         return (GSS_S_BAD_MECH);
  77                 }
  78         }
  79 
  80         if (actual_mechs) {
  81                 major_status = gss_create_empty_oid_set(minor_status,
  82                     actual_mechs);
  83                 if (major_status)
  84                         return (major_status);
  85         }
  86 
  87         cred = malloc(sizeof(struct _gss_cred));
  88         if (!cred) {
  89                 if (actual_mechs)
  90                         gss_release_oid_set(minor_status, actual_mechs);
  91                 *minor_status = ENOMEM;
  92                 return (GSS_S_FAILURE);
  93         }
  94         SLIST_INIT(&cred->gc_mc);
  95 
  96         if (mechs == GSS_C_NO_OID_SET)
  97                 mechs = _gss_mech_oids;
  98 
  99         set.count = 1;
 100         min_time = GSS_C_INDEFINITE;
 101         for (i = 0; i < mechs->count; i++) {
 102                 struct _gss_mechanism_name *mn = NULL;
 103 
 104                 m = __gss_get_mechanism(&mechs->elements[i]);
 105                 if (!m)
 106                         continue;
 107 
 108                 if (desired_name != GSS_C_NO_NAME) {
 109                         major_status = _gss_find_mn(minor_status, name,
 110                                                     &mechs->elements[i], &mn);
 111                         if (major_status != GSS_S_COMPLETE)
 112                                 continue;
 113                 }
 114 
 115                 mc = malloc(sizeof(struct _gss_mechanism_cred));
 116                 if (!mc) {
 117                         continue;
 118                 }
 119                 mc->gmc_mech = m;
 120                 mc->gmc_mech_oid = &m->gm_mech_oid;
 121 
 122                 /*
 123                  * XXX Probably need to do something with actual_mechs.
 124                  */
 125                 set.elements = &mechs->elements[i];
 126                 major_status = m->gm_acquire_cred(minor_status,
 127                     (desired_name != GSS_C_NO_NAME
 128                         ? mn->gmn_name : GSS_C_NO_NAME),
 129                     time_req, &set, cred_usage,
 130                     &mc->gmc_cred, NULL, &cred_time);
 131                 if (major_status) {
 132                         free(mc);
 133                         continue;
 134                 }
 135                 if (cred_time < min_time)
 136                         min_time = cred_time;
 137 
 138                 if (actual_mechs) {
 139                         major_status = gss_add_oid_set_member(minor_status,
 140                             mc->gmc_mech_oid, actual_mechs);
 141                         if (major_status) {
 142                                 m->gm_release_cred(minor_status,
 143                                     &mc->gmc_cred);
 144                                 free(mc);
 145                                 continue;
 146                         }
 147                 }
 148 
 149                 SLIST_INSERT_HEAD(&cred->gc_mc, mc, gmc_link);
 150         }
 151 
 152         /*
 153          * If we didn't manage to create a single credential, return
 154          * an error.
 155          */
 156         if (!SLIST_FIRST(&cred->gc_mc)) {
 157                 free(cred);
 158                 if (actual_mechs)
 159                         gss_release_oid_set(minor_status, actual_mechs);
 160                 *minor_status = 0;
 161                 return (GSS_S_NO_CRED);
 162         }
 163 
 164         if (time_rec)
 165                 *time_rec = min_time;
 166         *output_cred_handle = (gss_cred_id_t) cred;
 167         *minor_status = 0;
 168         return (GSS_S_COMPLETE);
 169 }

/* [<][>][^][v][top][bottom][index][help] */