lib/libgssapi/gss_inquire_cred.c

68349Sobrien/*-
133359Sobrien * Copyright (c) 2005 Doug Rabson
133359Sobrien * All rights reserved.
133359Sobrien *
133359Sobrien * Redistribution and use in source and binary forms, with or without
133359Sobrien * modification, are permitted provided that the following conditions
133359Sobrien * are met:
133359Sobrien * 1. Redistributions of source code must retain the above copyright
133359Sobrien *    notice, this list of conditions and the following disclaimer.
133359Sobrien * 2. Redistributions in binary form must reproduce the above copyright
133359Sobrien *    notice, this list of conditions and the following disclaimer in the
133359Sobrien *    documentation and/or other materials provided with the distribution.
133359Sobrien *
133359Sobrien * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
133359Sobrien * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
133359Sobrien * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
133359Sobrien * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
133359Sobrien * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
133359Sobrien * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
133359Sobrien * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
133359Sobrien * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
133359Sobrien * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
133359Sobrien * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
133359Sobrien * SUCH DAMAGE.
133359Sobrien *
133359Sobrien *	$FreeBSD: releng/11.0/lib/libgssapi/gss_inquire_cred.c 178828 2008-05-07 13:53:12Z dfr $
133359Sobrien */
133359Sobrien
68349Sobrien#include <gssapi/gssapi.h>
68349Sobrien#include <stdlib.h>
68349Sobrien#include <string.h>
80588Sobrien#include <errno.h>
133359Sobrien
175296Sobrien#include "mech_switch.h"
68349Sobrien#include "name.h"
84685Sobrien#include "cred.h"
84685Sobrien
84685Sobrien#define AUSAGE 1
68349Sobrien#define IUSAGE 2
169942Sobrien
68349Sobrienstatic void
103373Sobrienupdateusage(gss_cred_usage_t usage, int *usagemask)
133359Sobrien{
133359Sobrien    if (usage == GSS_C_BOTH)
74784Sobrien	*usagemask |= AUSAGE | IUSAGE;
74784Sobrien    else if (usage == GSS_C_ACCEPT)
74784Sobrien	*usagemask |= AUSAGE;
68349Sobrien    else if (usage == GSS_C_INITIATE)
68349Sobrien	*usagemask |= IUSAGE;
175296Sobrien}
68349Sobrien
68349SobrienOM_uint32
68349Sobriengss_inquire_cred(OM_uint32 *minor_status,
68349Sobrien    const gss_cred_id_t cred_handle,
68349Sobrien    gss_name_t *name_ret,
68349Sobrien    OM_uint32 *lifetime,
75937Sobrien    gss_cred_usage_t *cred_usage,
75937Sobrien    gss_OID_set *mechanisms)
75937Sobrien{
75937Sobrien	OM_uint32 major_status;
75937Sobrien	struct _gss_mech_switch *m;
75937Sobrien	struct _gss_cred *cred = (struct _gss_cred *) cred_handle;
75937Sobrien	struct _gss_name *name;
75937Sobrien	struct _gss_mechanism_name *mn;
75937Sobrien	OM_uint32 min_lifetime;
68349Sobrien	int found = 0;
75937Sobrien	int usagemask = 0;
75937Sobrien	gss_cred_usage_t usage;
75937Sobrien
68349Sobrien	_gss_load_mech();
75937Sobrien
75937Sobrien	*minor_status = 0;
75937Sobrien	if (name_ret)
75937Sobrien		*name_ret = GSS_C_NO_NAME;
133359Sobrien	if (lifetime)
133359Sobrien		*lifetime = 0;
68349Sobrien	if (cred_usage)
68349Sobrien		*cred_usage = 0;
159764Sobrien	if (mechanisms)
159764Sobrien		*mechanisms = GSS_C_NO_OID_SET;
159764Sobrien
159764Sobrien	if (name_ret) {
159764Sobrien		name = malloc(sizeof(struct _gss_name));
159764Sobrien		if (name == NULL) {
169962Sobrien			*minor_status = ENOMEM;
169962Sobrien			return (GSS_S_FAILURE);
169962Sobrien		}
169962Sobrien		memset(name, 0, sizeof(struct _gss_name));
169942Sobrien		SLIST_INIT(&name->gn_mn);
169962Sobrien	} else {
133359Sobrien		name = NULL;
159764Sobrien	}
169962Sobrien
159764Sobrien	if (mechanisms) {
169942Sobrien		major_status = gss_create_empty_oid_set(minor_status,
159764Sobrien		    mechanisms);
133359Sobrien		if (major_status) {
159764Sobrien			if (name) free(name);
159764Sobrien			return (major_status);
133359Sobrien		}
133359Sobrien	}
133359Sobrien
133359Sobrien	min_lifetime = GSS_C_INDEFINITE;
133359Sobrien	if (cred) {
133359Sobrien		struct _gss_mechanism_cred *mc;
169942Sobrien
139368Sobrien		SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
133359Sobrien			gss_name_t mc_name;
133359Sobrien			OM_uint32 mc_lifetime;
133359Sobrien
133359Sobrien			major_status = mc->gmc_mech->gm_inquire_cred(minor_status,
169942Sobrien			    mc->gmc_cred, &mc_name, &mc_lifetime, &usage, NULL);
139368Sobrien			if (major_status)
175296Sobrien				continue;
68349Sobrien
133359Sobrien			updateusage(usage, &usagemask);
133359Sobrien			if (name && mc_name) {
68349Sobrien				mn = malloc(sizeof(struct _gss_mechanism_name));
159764Sobrien				if (!mn) {
80588Sobrien					mc->gmc_mech->gm_release_name(minor_status,
74784Sobrien					    &mc_name);
103373Sobrien					continue;
80588Sobrien				}
80588Sobrien				mn->gmn_mech = mc->gmc_mech;
103373Sobrien				mn->gmn_mech_oid = mc->gmc_mech_oid;
80588Sobrien				mn->gmn_name = mc_name;
80588Sobrien				SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
133359Sobrien			} else if (mc_name) {
133359Sobrien				mc->gmc_mech->gm_release_name(minor_status,
80588Sobrien				    &mc_name);
80588Sobrien			}
80588Sobrien
80588Sobrien			if (mc_lifetime < min_lifetime)
80588Sobrien				min_lifetime = mc_lifetime;
80588Sobrien
80588Sobrien			if (mechanisms)
133359Sobrien				gss_add_oid_set_member(minor_status,
133359Sobrien				    mc->gmc_mech_oid, mechanisms);
80588Sobrien			found++;
80588Sobrien		}
133359Sobrien	} else {
133359Sobrien		SLIST_FOREACH(m, &_gss_mechs, gm_link) {
133359Sobrien			gss_name_t mc_name;
133359Sobrien			OM_uint32 mc_lifetime;
133359Sobrien
133359Sobrien			major_status = m->gm_inquire_cred(minor_status,
133359Sobrien			    GSS_C_NO_CREDENTIAL, &mc_name, &mc_lifetime,
133359Sobrien			    &usage, NULL);
133359Sobrien			if (major_status)
80588Sobrien				continue;
80588Sobrien
80588Sobrien			updateusage(usage, &usagemask);
169962Sobrien			if (name && mc_name) {
169962Sobrien				mn = malloc(
169962Sobrien					sizeof(struct _gss_mechanism_name));
169962Sobrien				if (!mn) {
169962Sobrien					m->gm_release_name(
169962Sobrien						minor_status, &mc_name);
169962Sobrien					continue;
169962Sobrien				}
169962Sobrien				mn->gmn_mech = m;
169962Sobrien				mn->gmn_mech_oid = &m->gm_mech_oid;
169962Sobrien				mn->gmn_name = mc_name;
169962Sobrien				SLIST_INSERT_HEAD(&name->gn_mn, mn, gmn_link);
169962Sobrien			} else if (mc_name) {
169962Sobrien				m->gm_release_name(minor_status,
169962Sobrien				    &mc_name);
169962Sobrien			}
169962Sobrien
169962Sobrien			if (mc_lifetime < min_lifetime)
169962Sobrien				min_lifetime = mc_lifetime;
169962Sobrien
169962Sobrien			if (mechanisms)
169962Sobrien				gss_add_oid_set_member(minor_status,
169962Sobrien				    &m->gm_mech_oid, mechanisms);
169962Sobrien			found++;
169962Sobrien		}
169962Sobrien	}
169962Sobrien
169962Sobrien	if (found == 0) {
169962Sobrien		gss_name_t n = (gss_name_t)name;
169962Sobrien		if (n)
169962Sobrien			gss_release_name(minor_status, &n);
169962Sobrien		gss_release_oid_set(minor_status, mechanisms);
169962Sobrien		*minor_status = 0;
169962Sobrien		return (GSS_S_NO_CRED);
169962Sobrien	}
169962Sobrien
169962Sobrien	*minor_status = 0;
169962Sobrien	if (name_ret)
169962Sobrien		*name_ret = (gss_name_t) name;
169962Sobrien	if (lifetime)
175296Sobrien		*lifetime = min_lifetime;
175296Sobrien	if (cred_usage) {
175296Sobrien		if ((usagemask & (AUSAGE|IUSAGE)) == (AUSAGE|IUSAGE))
175296Sobrien			*cred_usage = GSS_C_BOTH;
175296Sobrien		else if (usagemask & IUSAGE)
175296Sobrien			*cred_usage = GSS_C_INITIATE;
169962Sobrien		else if (usagemask & AUSAGE)
169962Sobrien			*cred_usage = GSS_C_ACCEPT;
169962Sobrien	}
169962Sobrien	return (GSS_S_COMPLETE);
80588Sobrien}
169962Sobrien