1226031Sstas/*
2226031Sstas * Copyright (c) 2003 Kungliga Tekniska H��gskolan
3226031Sstas * (Royal Institute of Technology, Stockholm, Sweden).
4226031Sstas * All rights reserved.
5226031Sstas *
6226031Sstas * Redistribution and use in source and binary forms, with or without
7226031Sstas * modification, are permitted provided that the following conditions
8226031Sstas * are met:
9226031Sstas *
10226031Sstas * 1. Redistributions of source code must retain the above copyright
11226031Sstas *    notice, this list of conditions and the following disclaimer.
12226031Sstas *
13226031Sstas * 2. Redistributions in binary form must reproduce the above copyright
14226031Sstas *    notice, this list of conditions and the following disclaimer in the
15226031Sstas *    documentation and/or other materials provided with the distribution.
16226031Sstas *
17226031Sstas * 3. Neither the name of the Institute nor the names of its contributors
18226031Sstas *    may be used to endorse or promote products derived from this software
19226031Sstas *    without specific prior written permission.
20226031Sstas *
21226031Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22226031Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23226031Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24226031Sstas * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25226031Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26226031Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27226031Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28226031Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29226031Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30226031Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31226031Sstas * SUCH DAMAGE.
32226031Sstas */
33226031Sstas
34226031Sstas#include "gsskrb5_locl.h"
35226031Sstas
36226031SstasOM_uint32 GSSAPI_CALLCONV
37226031Sstas_gsskrb5_store_cred(OM_uint32         *minor_status,
38226031Sstas		    gss_cred_id_t     input_cred_handle,
39226031Sstas		    gss_cred_usage_t  cred_usage,
40226031Sstas		    const gss_OID     desired_mech,
41226031Sstas		    OM_uint32         overwrite_cred,
42226031Sstas		    OM_uint32         default_cred,
43226031Sstas		    gss_OID_set       *elements_stored,
44226031Sstas		    gss_cred_usage_t  *cred_usage_stored)
45226031Sstas{
46226031Sstas    krb5_context context;
47226031Sstas    krb5_error_code ret;
48226031Sstas    gsskrb5_cred cred;
49226031Sstas    krb5_ccache id;
50226031Sstas    int destroy = 0;
51226031Sstas
52226031Sstas    *minor_status = 0;
53226031Sstas
54226031Sstas    if (cred_usage != GSS_C_INITIATE) {
55226031Sstas	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
56226031Sstas	return GSS_S_FAILURE;
57226031Sstas    }
58226031Sstas
59226031Sstas    if (gss_oid_equal(desired_mech, GSS_KRB5_MECHANISM) == 0)
60226031Sstas	return GSS_S_BAD_MECH;
61226031Sstas
62226031Sstas    cred = (gsskrb5_cred)input_cred_handle;
63226031Sstas    if (cred == NULL)
64226031Sstas	return GSS_S_NO_CRED;
65226031Sstas
66226031Sstas    GSSAPI_KRB5_INIT (&context);
67226031Sstas
68226031Sstas    HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);
69226031Sstas    if (cred->usage != cred_usage && cred->usage != GSS_C_BOTH) {
70226031Sstas	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
71226031Sstas	*minor_status = GSS_KRB5_S_G_BAD_USAGE;
72226031Sstas	return(GSS_S_FAILURE);
73226031Sstas    }
74226031Sstas
75226031Sstas    if (cred->principal == NULL) {
76226031Sstas	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
77226031Sstas	*minor_status = GSS_KRB5_S_KG_TGT_MISSING;
78226031Sstas	return(GSS_S_FAILURE);
79226031Sstas    }
80226031Sstas
81226031Sstas    /* write out cred to credential cache */
82226031Sstas
83226031Sstas    ret = krb5_cc_cache_match(context, cred->principal, &id);
84226031Sstas    if (ret) {
85226031Sstas	ret = krb5_cc_new_unique(context, NULL, NULL, &id);
86226031Sstas	if (ret) {
87226031Sstas	    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
88226031Sstas	    *minor_status = ret;
89226031Sstas	    return(GSS_S_FAILURE);
90226031Sstas	}
91226031Sstas	destroy = 1;
92226031Sstas    }
93226031Sstas
94226031Sstas    ret = krb5_cc_initialize(context, id, cred->principal);
95226031Sstas    if (ret == 0)
96226031Sstas	ret = krb5_cc_copy_match_f(context, cred->ccache, id, NULL, NULL, NULL);
97226031Sstas    if (ret) {
98226031Sstas	if (destroy)
99226031Sstas	    krb5_cc_destroy(context, id);
100226031Sstas	else
101226031Sstas	    krb5_cc_close(context, id);
102226031Sstas	HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
103226031Sstas	*minor_status = ret;
104226031Sstas	return(GSS_S_FAILURE);
105226031Sstas    }
106226031Sstas
107226031Sstas    if (default_cred)
108226031Sstas	krb5_cc_switch(context, id);
109226031Sstas
110226031Sstas    krb5_cc_close(context, id);
111226031Sstas
112226031Sstas    HEIMDAL_MUTEX_unlock(&cred->cred_id_mutex);
113226031Sstas
114226031Sstas    *minor_status = 0;
115226031Sstas    return GSS_S_COMPLETE;
116226031Sstas}
117