export_sec_context.c revision 178825 
1178825Sdfr/*
2178825Sdfr * Copyright (c) 1999 - 2003 Kungliga Tekniska H�gskolan
3178825Sdfr * (Royal Institute of Technology, Stockholm, Sweden).
4178825Sdfr * All rights reserved.
5178825Sdfr *
6178825Sdfr * Redistribution and use in source and binary forms, with or without
7178825Sdfr * modification, are permitted provided that the following conditions
8178825Sdfr * are met:
9178825Sdfr *
10178825Sdfr * 1. Redistributions of source code must retain the above copyright
11178825Sdfr *    notice, this list of conditions and the following disclaimer.
12178825Sdfr *
13178825Sdfr * 2. Redistributions in binary form must reproduce the above copyright
14178825Sdfr *    notice, this list of conditions and the following disclaimer in the
15178825Sdfr *    documentation and/or other materials provided with the distribution.
16178825Sdfr *
17178825Sdfr * 3. Neither the name of the Institute nor the names of its contributors
18178825Sdfr *    may be used to endorse or promote products derived from this software
19178825Sdfr *    without specific prior written permission.
20178825Sdfr *
21178825Sdfr * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22178825Sdfr * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23178825Sdfr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24178825Sdfr * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25178825Sdfr * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26178825Sdfr * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27178825Sdfr * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28178825Sdfr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29178825Sdfr * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30178825Sdfr * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31178825Sdfr * SUCH DAMAGE.
32178825Sdfr */
33178825Sdfr
34178825Sdfr#include "krb5/gsskrb5_locl.h"
35178825Sdfr
36178825SdfrRCSID("$Id: export_sec_context.c 19031 2006-11-13 18:02:57Z lha $");
37178825Sdfr
38178825SdfrOM_uint32
39178825Sdfr_gsskrb5_export_sec_context (
40178825Sdfr    OM_uint32 * minor_status,
41178825Sdfr    gss_ctx_id_t * context_handle,
42178825Sdfr    gss_buffer_t interprocess_token
43178825Sdfr    )
44178825Sdfr{
45178825Sdfr    krb5_context context;
46178825Sdfr    const gsskrb5_ctx ctx = (const gsskrb5_ctx) *context_handle;
47178825Sdfr    krb5_storage *sp;
48178825Sdfr    krb5_auth_context ac;
49178825Sdfr    OM_uint32 ret = GSS_S_COMPLETE;
50178825Sdfr    krb5_data data;
51178825Sdfr    gss_buffer_desc buffer;
52178825Sdfr    int flags;
53178825Sdfr    OM_uint32 minor;
54178825Sdfr    krb5_error_code kret;
55178825Sdfr
56178825Sdfr    GSSAPI_KRB5_INIT (&context);
57178825Sdfr
58178825Sdfr    HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
59178825Sdfr
60178825Sdfr    if (!(ctx->flags & GSS_C_TRANS_FLAG)) {
61178825Sdfr	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
62178825Sdfr	*minor_status = 0;
63178825Sdfr	return GSS_S_UNAVAILABLE;
64178825Sdfr    }
65178825Sdfr
66178825Sdfr    sp = krb5_storage_emem ();
67178825Sdfr    if (sp == NULL) {
68178825Sdfr	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
69178825Sdfr	*minor_status = ENOMEM;
70178825Sdfr	return GSS_S_FAILURE;
71178825Sdfr    }
72178825Sdfr    ac = ctx->auth_context;
73178825Sdfr
74178825Sdfr    /* flagging included fields */
75178825Sdfr
76178825Sdfr    flags = 0;
77178825Sdfr    if (ac->local_address)
78178825Sdfr	flags |= SC_LOCAL_ADDRESS;
79178825Sdfr    if (ac->remote_address)
80178825Sdfr	flags |= SC_REMOTE_ADDRESS;
81178825Sdfr    if (ac->keyblock)
82178825Sdfr	flags |= SC_KEYBLOCK;
83178825Sdfr    if (ac->local_subkey)
84178825Sdfr	flags |= SC_LOCAL_SUBKEY;
85178825Sdfr    if (ac->remote_subkey)
86178825Sdfr	flags |= SC_REMOTE_SUBKEY;
87178825Sdfr
88178825Sdfr    kret = krb5_store_int32 (sp, flags);
89178825Sdfr    if (kret) {
90178825Sdfr	*minor_status = kret;
91178825Sdfr	goto failure;
92178825Sdfr    }
93178825Sdfr
94178825Sdfr    /* marshall auth context */
95178825Sdfr
96178825Sdfr    kret = krb5_store_int32 (sp, ac->flags);
97178825Sdfr    if (kret) {
98178825Sdfr	*minor_status = kret;
99178825Sdfr	goto failure;
100178825Sdfr    }
101178825Sdfr    if (ac->local_address) {
102178825Sdfr	kret = krb5_store_address (sp, *ac->local_address);
103178825Sdfr	if (kret) {
104178825Sdfr	    *minor_status = kret;
105178825Sdfr	    goto failure;
106178825Sdfr	}
107178825Sdfr    }
108178825Sdfr    if (ac->remote_address) {
109178825Sdfr	kret = krb5_store_address (sp, *ac->remote_address);
110178825Sdfr	if (kret) {
111178825Sdfr	    *minor_status = kret;
112178825Sdfr	    goto failure;
113178825Sdfr	}
114178825Sdfr    }
115178825Sdfr    kret = krb5_store_int16 (sp, ac->local_port);
116178825Sdfr    if (kret) {
117178825Sdfr	*minor_status = kret;
118178825Sdfr	goto failure;
119178825Sdfr    }
120178825Sdfr    kret = krb5_store_int16 (sp, ac->remote_port);
121178825Sdfr    if (kret) {
122178825Sdfr	*minor_status = kret;
123178825Sdfr	goto failure;
124178825Sdfr    }
125178825Sdfr    if (ac->keyblock) {
126178825Sdfr	kret = krb5_store_keyblock (sp, *ac->keyblock);
127178825Sdfr	if (kret) {
128178825Sdfr	    *minor_status = kret;
129178825Sdfr	    goto failure;
130178825Sdfr	}
131178825Sdfr    }
132178825Sdfr    if (ac->local_subkey) {
133178825Sdfr	kret = krb5_store_keyblock (sp, *ac->local_subkey);
134178825Sdfr	if (kret) {
135178825Sdfr	    *minor_status = kret;
136178825Sdfr	    goto failure;
137178825Sdfr	}
138178825Sdfr    }
139178825Sdfr    if (ac->remote_subkey) {
140178825Sdfr	kret = krb5_store_keyblock (sp, *ac->remote_subkey);
141178825Sdfr	if (kret) {
142178825Sdfr	    *minor_status = kret;
143178825Sdfr	    goto failure;
144178825Sdfr	}
145178825Sdfr    }
146178825Sdfr    kret = krb5_store_int32 (sp, ac->local_seqnumber);
147178825Sdfr	if (kret) {
148178825Sdfr	    *minor_status = kret;
149178825Sdfr	    goto failure;
150178825Sdfr	}
151178825Sdfr    kret = krb5_store_int32 (sp, ac->remote_seqnumber);
152178825Sdfr	if (kret) {
153178825Sdfr	    *minor_status = kret;
154178825Sdfr	    goto failure;
155178825Sdfr	}
156178825Sdfr
157178825Sdfr    kret = krb5_store_int32 (sp, ac->keytype);
158178825Sdfr    if (kret) {
159178825Sdfr	*minor_status = kret;
160178825Sdfr	goto failure;
161178825Sdfr    }
162178825Sdfr    kret = krb5_store_int32 (sp, ac->cksumtype);
163178825Sdfr    if (kret) {
164178825Sdfr	*minor_status = kret;
165178825Sdfr	goto failure;
166178825Sdfr    }
167178825Sdfr
168178825Sdfr    /* names */
169178825Sdfr
170178825Sdfr    ret = _gsskrb5_export_name (minor_status,
171178825Sdfr				(gss_name_t)ctx->source, &buffer);
172178825Sdfr    if (ret)
173178825Sdfr	goto failure;
174178825Sdfr    data.data   = buffer.value;
175178825Sdfr    data.length = buffer.length;
176178825Sdfr    kret = krb5_store_data (sp, data);
177178825Sdfr    _gsskrb5_release_buffer (&minor, &buffer);
178178825Sdfr    if (kret) {
179178825Sdfr	*minor_status = kret;
180178825Sdfr	goto failure;
181178825Sdfr    }
182178825Sdfr
183178825Sdfr    ret = _gsskrb5_export_name (minor_status,
184178825Sdfr				(gss_name_t)ctx->target, &buffer);
185178825Sdfr    if (ret)
186178825Sdfr	goto failure;
187178825Sdfr    data.data   = buffer.value;
188178825Sdfr    data.length = buffer.length;
189178825Sdfr
190178825Sdfr    ret = GSS_S_FAILURE;
191178825Sdfr
192178825Sdfr    kret = krb5_store_data (sp, data);
193178825Sdfr    _gsskrb5_release_buffer (&minor, &buffer);
194178825Sdfr    if (kret) {
195178825Sdfr	*minor_status = kret;
196178825Sdfr	goto failure;
197178825Sdfr    }
198178825Sdfr
199178825Sdfr    kret = krb5_store_int32 (sp, ctx->flags);
200178825Sdfr    if (kret) {
201178825Sdfr	*minor_status = kret;
202178825Sdfr	goto failure;
203178825Sdfr    }
204178825Sdfr    kret = krb5_store_int32 (sp, ctx->more_flags);
205178825Sdfr    if (kret) {
206178825Sdfr	*minor_status = kret;
207178825Sdfr	goto failure;
208178825Sdfr    }
209178825Sdfr    kret = krb5_store_int32 (sp, ctx->lifetime);
210178825Sdfr    if (kret) {
211178825Sdfr	*minor_status = kret;
212178825Sdfr	goto failure;
213178825Sdfr    }
214178825Sdfr    kret = _gssapi_msg_order_export(sp, ctx->order);
215178825Sdfr    if (kret ) {
216178825Sdfr        *minor_status = kret;
217178825Sdfr        goto failure;
218178825Sdfr    }
219178825Sdfr
220178825Sdfr    kret = krb5_storage_to_data (sp, &data);
221178825Sdfr    krb5_storage_free (sp);
222178825Sdfr    if (kret) {
223178825Sdfr	HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
224178825Sdfr	*minor_status = kret;
225178825Sdfr	return GSS_S_FAILURE;
226178825Sdfr    }
227178825Sdfr    interprocess_token->length = data.length;
228178825Sdfr    interprocess_token->value  = data.data;
229178825Sdfr    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
230178825Sdfr    ret = _gsskrb5_delete_sec_context (minor_status, context_handle,
231178825Sdfr				       GSS_C_NO_BUFFER);
232178825Sdfr    if (ret != GSS_S_COMPLETE)
233178825Sdfr	_gsskrb5_release_buffer (NULL, interprocess_token);
234178825Sdfr    *minor_status = 0;
235178825Sdfr    return ret;
236178825Sdfr failure:
237178825Sdfr    HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
238178825Sdfr    krb5_storage_free (sp);
239178825Sdfr    return ret;
240178825Sdfr}
241