gssapi/krb5/set_cred_option.c

178825Sdfr/*
178825Sdfr * Copyright (c) 2004, PADL Software Pty Ltd.
178825Sdfr * All rights reserved.
178825Sdfr *
178825Sdfr * Redistribution and use in source and binary forms, with or without
178825Sdfr * modification, are permitted provided that the following conditions
178825Sdfr * are met:
178825Sdfr *
178825Sdfr * 1. Redistributions of source code must retain the above copyright
178825Sdfr *    notice, this list of conditions and the following disclaimer.
178825Sdfr *
178825Sdfr * 2. Redistributions in binary form must reproduce the above copyright
178825Sdfr *    notice, this list of conditions and the following disclaimer in the
178825Sdfr *    documentation and/or other materials provided with the distribution.
178825Sdfr *
178825Sdfr * 3. Neither the name of PADL Software nor the names of its contributors
178825Sdfr *    may be used to endorse or promote products derived from this software
178825Sdfr *    without specific prior written permission.
178825Sdfr *
178825Sdfr * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
178825Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
178825Sdfr * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
178825Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
178825Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
178825Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
178825Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
178825Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
178825Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
178825Sdfr * SUCH DAMAGE.
178825Sdfr */
178825Sdfr
178825Sdfr#include "krb5/gsskrb5_locl.h"
178825Sdfr
178825SdfrRCSID("$Id: set_cred_option.c 20325 2007-04-12 16:49:17Z lha $");
178825Sdfr
178825Sdfrstatic gss_OID_desc gss_krb5_import_cred_x_oid_desc =
178825Sdfr{9, (void *)"\x2b\x06\x01\x04\x01\xa9\x4a\x13\x04"}; /* XXX */
178825Sdfr
178825Sdfrgss_OID GSS_KRB5_IMPORT_CRED_X = &gss_krb5_import_cred_x_oid_desc;
178825Sdfr
178825Sdfrstatic OM_uint32
178825Sdfrimport_cred(OM_uint32 *minor_status,
178825Sdfr	    krb5_context context,
178825Sdfr            gss_cred_id_t *cred_handle,
178825Sdfr            const gss_buffer_t value)
178825Sdfr{
178825Sdfr    OM_uint32 major_stat;
178825Sdfr    krb5_error_code ret;
178825Sdfr    krb5_principal keytab_principal = NULL;
178825Sdfr    krb5_keytab keytab = NULL;
178825Sdfr    krb5_storage *sp = NULL;
178825Sdfr    krb5_ccache id = NULL;
178825Sdfr    char *str;
178825Sdfr
178825Sdfr    if (cred_handle == NULL || *cred_handle != GSS_C_NO_CREDENTIAL) {
178825Sdfr	*minor_status = 0;
178825Sdfr	return GSS_S_FAILURE;
178825Sdfr    }
178825Sdfr
178825Sdfr    sp = krb5_storage_from_mem(value->value, value->length);
178825Sdfr    if (sp == NULL) {
178825Sdfr	*minor_status = 0;
178825Sdfr	return GSS_S_FAILURE;
178825Sdfr    }
178825Sdfr
178825Sdfr    /* credential cache name */
178825Sdfr    ret = krb5_ret_string(sp, &str);
178825Sdfr    if (ret) {
178825Sdfr	*minor_status = ret;
178825Sdfr	major_stat =  GSS_S_FAILURE;
178825Sdfr	goto out;
178825Sdfr    }
178825Sdfr    if (str[0]) {
178825Sdfr	ret = krb5_cc_resolve(context, str, &id);
178825Sdfr	if (ret) {
178825Sdfr	    *minor_status = ret;
178825Sdfr	    major_stat =  GSS_S_FAILURE;
178825Sdfr	    goto out;
178825Sdfr	}
178825Sdfr    }
178825Sdfr    free(str);
178825Sdfr    str = NULL;
178825Sdfr
178825Sdfr    /* keytab principal name */
178825Sdfr    ret = krb5_ret_string(sp, &str);
178825Sdfr    if (ret == 0 && str[0])
178825Sdfr	ret = krb5_parse_name(context, str, &keytab_principal);
178825Sdfr    if (ret) {
178825Sdfr	*minor_status = ret;
178825Sdfr	major_stat = GSS_S_FAILURE;
178825Sdfr	goto out;
178825Sdfr    }
178825Sdfr    free(str);
178825Sdfr    str = NULL;
178825Sdfr
178825Sdfr    /* keytab principal */
178825Sdfr    ret = krb5_ret_string(sp, &str);
178825Sdfr    if (ret) {
178825Sdfr	*minor_status = ret;
178825Sdfr	major_stat =  GSS_S_FAILURE;
178825Sdfr	goto out;
178825Sdfr    }
178825Sdfr    if (str[0]) {
178825Sdfr	ret = krb5_kt_resolve(context, str, &keytab);
178825Sdfr	if (ret) {
178825Sdfr	    *minor_status = ret;
178825Sdfr	    major_stat =  GSS_S_FAILURE;
178825Sdfr	    goto out;
178825Sdfr	}
178825Sdfr    }
178825Sdfr    free(str);
178825Sdfr    str = NULL;
178825Sdfr
178825Sdfr    major_stat = _gsskrb5_import_cred(minor_status, id, keytab_principal,
178825Sdfr				      keytab, cred_handle);
178825Sdfrout:
178825Sdfr    if (id)
178825Sdfr	krb5_cc_close(context, id);
178825Sdfr    if (keytab_principal)
178825Sdfr	krb5_free_principal(context, keytab_principal);
178825Sdfr    if (keytab)
178825Sdfr	krb5_kt_close(context, keytab);
178825Sdfr    if (str)
178825Sdfr	free(str);
178825Sdfr    if (sp)
178825Sdfr	krb5_storage_free(sp);
178825Sdfr
178825Sdfr    return major_stat;
178825Sdfr}
178825Sdfr
178825Sdfr
178825Sdfrstatic OM_uint32
178825Sdfrallowed_enctypes(OM_uint32 *minor_status,
178825Sdfr		 krb5_context context,
178825Sdfr		 gss_cred_id_t *cred_handle,
178825Sdfr		 const gss_buffer_t value)
178825Sdfr{
178825Sdfr    OM_uint32 major_stat;
178825Sdfr    krb5_error_code ret;
178825Sdfr    size_t len, i;
178825Sdfr    krb5_enctype *enctypes = NULL;
178825Sdfr    krb5_storage *sp = NULL;
178825Sdfr    gsskrb5_cred cred;
178825Sdfr
178825Sdfr    if (cred_handle == NULL || *cred_handle == GSS_C_NO_CREDENTIAL) {
178825Sdfr	*minor_status = 0;
178825Sdfr	return GSS_S_FAILURE;
178825Sdfr    }
178825Sdfr
178825Sdfr    cred = (gsskrb5_cred)*cred_handle;
178825Sdfr
178825Sdfr    if ((value->length % 4) != 0) {
178825Sdfr	*minor_status = 0;
178825Sdfr	major_stat = GSS_S_FAILURE;
178825Sdfr	goto out;
178825Sdfr    }
178825Sdfr
178825Sdfr    len = value->length / 4;
178825Sdfr    enctypes = malloc((len + 1) * 4);
178825Sdfr    if (enctypes == NULL) {
178825Sdfr	*minor_status = ENOMEM;
178825Sdfr	major_stat = GSS_S_FAILURE;
178825Sdfr	goto out;
178825Sdfr    }
178825Sdfr
178825Sdfr    sp = krb5_storage_from_mem(value->value, value->length);
178825Sdfr    if (sp == NULL) {
178825Sdfr	*minor_status = ENOMEM;
178825Sdfr	major_stat = GSS_S_FAILURE;
178825Sdfr	goto out;
178825Sdfr    }
178825Sdfr
178825Sdfr    for (i = 0; i < len; i++) {
178825Sdfr	uint32_t e;
178825Sdfr
178825Sdfr	ret = krb5_ret_uint32(sp, &e);
178825Sdfr	if (ret) {
178825Sdfr	    *minor_status = ret;
178825Sdfr	    major_stat =  GSS_S_FAILURE;
178825Sdfr	    goto out;
178825Sdfr	}
178825Sdfr	enctypes[i] = e;
178825Sdfr    }
178825Sdfr    enctypes[i] = 0;
178825Sdfr
178825Sdfr    if (cred->enctypes)
178825Sdfr	free(cred->enctypes);
178825Sdfr    cred->enctypes = enctypes;
178825Sdfr
178825Sdfr    krb5_storage_free(sp);
178825Sdfr
178825Sdfr    return GSS_S_COMPLETE;
178825Sdfr
178825Sdfrout:
178825Sdfr    if (sp)
178825Sdfr	krb5_storage_free(sp);
178825Sdfr    if (enctypes)
178825Sdfr	free(enctypes);
178825Sdfr
178825Sdfr    return major_stat;
178825Sdfr}
178825Sdfr
178825Sdfr
178825SdfrOM_uint32
178825Sdfr_gsskrb5_set_cred_option
178825Sdfr           (OM_uint32 *minor_status,
178825Sdfr            gss_cred_id_t *cred_handle,
178825Sdfr            const gss_OID desired_object,
178825Sdfr            const gss_buffer_t value)
178825Sdfr{
178825Sdfr    krb5_context context;
178825Sdfr
178825Sdfr    GSSAPI_KRB5_INIT (&context);
178825Sdfr
178825Sdfr    if (value == GSS_C_NO_BUFFER) {
178825Sdfr	*minor_status = EINVAL;
178825Sdfr	return GSS_S_FAILURE;
178825Sdfr    }
178825Sdfr
178825Sdfr    if (gss_oid_equal(desired_object, GSS_KRB5_IMPORT_CRED_X))
178825Sdfr	return import_cred(minor_status, context, cred_handle, value);
178825Sdfr
178825Sdfr    if (gss_oid_equal(desired_object, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X))
178825Sdfr	return allowed_enctypes(minor_status, context, cred_handle, value);
178825Sdfr
178825Sdfr    *minor_status = EINVAL;
178825Sdfr    return GSS_S_FAILURE;
178825Sdfr}